Analysis Date | 2014-10-14 23:35:24 |
---|---|
MD5 | 4cc51b22d42dfc88c4b73f4be93c6585 |
SHA1 | 5e35ee3169a7643ccee7443586004c11a18e6e4b |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 7a92dd105215517a6113144e039b30eb sha1: 3c294c24e3ddfb4b46f7dd74ba2c13ae57461975 size: 119296 | |
Section | .rdata md5: a9c58153feb3779a10f713e209eb934c sha1: 2d2adceb95985e712603b1e8a524f6bbb36016be size: 16384 | |
Section | .data md5: e1f2bd93e0de81a688b4e7c215187a02 sha1: 12d8eea127a11b198705f734c22533b6e9d8a379 size: 17408 | |
Timestamp | 2014-01-22 06:47:36 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | 36a851361c4955f2482844203862b6b759694e49 | |
IMPhash | cbdac7aa60ddcaee4067ba192.168.1.161 | |
AV | 360 Safe | Gen:Variant.Symmi.42055 |
AV | Ad-Aware | Gen:Variant.Symmi.42055 |
AV | Alwil (avast) | Agent-ATXF [Trj] |
AV | Arcabit (arcavir) | no_virus |
AV | Authentium | W32/Agent.NK2.gen!Eldorado |
AV | Avira (antivir) | TR/Crypt.ZPACK.Gen8 |
AV | BullGuard | Gen:Variant.Symmi.42055 |
AV | CA (E-Trust Ino) | no_virus |
AV | CAT (quickheal) | no_virus |
AV | ClamAV | no_virus |
AV | Dr. Web | no_virus |
AV | Emsisoft | Gen:Variant.Symmi.42055 |
AV | Eset (nod32) | Win32/Agent.VNC |
AV | Fortinet | W32/Agent.VNC!tr |
AV | Frisk (f-prot) | no_virus |
AV | F-Secure | Gen:Variant.Symmi.42055 |
AV | Grisoft (avg) | Generic_r.DMC |
AV | Ikarus | Trojan.FBLock |
AV | K7 | no_virus |
AV | Kaspersky | Trojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.347637:Trojan.Win32.PEF.pf.silent.348577:Trojan.Win32.PEF.pf.silent.349247:Trojan.Win32.PEF.pf.silent.349979:Trojan.Win32.PEF.pf.silent.378627:Trojan.Win32.PEF.pf.silent.379268:Trojan.Win32.PEF.pf.silent.380179:Trojan.Win32.PEF.pf.silent.380996:Trojan.Win32.PEF.pf.silent.433356:Trojan.Win32.PEF.pf.silent.453058 |
AV | MalwareBytes | Trojan.Agent |
AV | Mcafee | Generic-FAOV!4CC51B22D42D |
AV | Microsoft Security Essentials | no_virus |
AV | MicroWorld (escan) | Gen:Variant.Symmi.42055 |
AV | Norman | no_virus |
AV | Rising | no_virus |
AV | Sophos | Troj/Bckdr-RRM |
AV | Symantec | no_virus |
AV | Trend Micro | no_virus |
AV | VirusBlokAda (vba32) | no_virus |
AV | Yara APT | no_virus |
AV | Zillya! | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Secure Launcher Parental BitLocker ➝ C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe |
---|---|
Creates File | C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe |
Creates Process | C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe |
Process
↳ C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe
Creates File | C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.ki |
---|---|
Creates File | C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\msnkooqsms.exe |
Creates File | \Device\Afd\Endpoint |
Creates Process | WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe" |
Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe"
Network Details:
DNS | thinkready.net Type: A 208.109.181.72 |
---|---|
DNS | thinkpeople.net Type: A 50.63.202.54 |
DNS | collegeready.net Type: A 192.254.214.203 |
DNS | chiefpeople.net Type: A 50.63.202.52 |
DNS | collegepeople.net Type: A 50.87.149.136 |
DNS | middlepeople.net Type: A 184.168.221.23 |
DNS | morningpeople.net Type: A 66.96.160.151 |
DNS | strangepeople.net Type: A 112.140.180.152 |
DNS | historypeople.net Type: A 217.69.38.152 |
DNS | weatherready.net Type: A 96.8.81.132 |
DNS | weatherready.net Type: A 96.8.82.132 |
DNS | weatherready.net Type: A 96.8.83.132 |
DNS | weatherready.net Type: A 96.8.84.132 |
DNS | weatherready.net Type: A 96.8.85.132 |
DNS | weatherready.net Type: A 96.8.80.132 |
DNS | classpeople.net Type: A 149.47.67.151 |
DNS | thinknation.net Type: A 50.63.202.14 |
DNS | collegenation.net Type: A 112.125.17.103 |
DNS | thickexplain.net Type: A |
DNS | classexplain.net Type: A |
DNS | thickbright.net Type: A |
DNS | classbright.net Type: A |
DNS | thickinside.net Type: A |
DNS | classinside.net Type: A |
DNS | presentready.net Type: A |
DNS | thinkbrown.net Type: A |
DNS | presentbrown.net Type: A |
DNS | presentpeople.net Type: A |
DNS | thinkdaughter.net Type: A |
DNS | presentdaughter.net Type: A |
DNS | chiefready.net Type: A |
DNS | chiefbrown.net Type: A |
DNS | collegebrown.net Type: A |
DNS | chiefdaughter.net Type: A |
DNS | collegedaughter.net Type: A |
DNS | oftenready.net Type: A |
DNS | aloneready.net Type: A |
DNS | oftenbrown.net Type: A |
DNS | alonebrown.net Type: A |
DNS | oftenpeople.net Type: A |
DNS | alonepeople.net Type: A |
DNS | oftendaughter.net Type: A |
DNS | alonedaughter.net Type: A |
DNS | middleready.net Type: A |
DNS | twelveready.net Type: A |
DNS | middlebrown.net Type: A |
DNS | twelvebrown.net Type: A |
DNS | twelvepeople.net Type: A |
DNS | middledaughter.net Type: A |
DNS | twelvedaughter.net Type: A |
DNS | ratherready.net Type: A |
DNS | morningready.net Type: A |
DNS | ratherbrown.net Type: A |
DNS | morningbrown.net Type: A |
DNS | ratherpeople.net Type: A |
DNS | ratherdaughter.net Type: A |
DNS | morningdaughter.net Type: A |
DNS | strangeready.net Type: A |
DNS | historyready.net Type: A |
DNS | strangebrown.net Type: A |
DNS | historybrown.net Type: A |
DNS | strangedaughter.net Type: A |
DNS | historydaughter.net Type: A |
DNS | amountready.net Type: A |
DNS | amountbrown.net Type: A |
DNS | weatherbrown.net Type: A |
DNS | amountpeople.net Type: A |
DNS | weatherpeople.net Type: A |
DNS | amountdaughter.net Type: A |
DNS | weatherdaughter.net Type: A |
DNS | thickready.net Type: A |
DNS | classready.net Type: A |
DNS | thickbrown.net Type: A |
DNS | classbrown.net Type: A |
DNS | thickpeople.net Type: A |
DNS | thickdaughter.net Type: A |
DNS | classdaughter.net Type: A |
DNS | presentnation.net Type: A |
DNS | thinksoldier.net Type: A |
DNS | presentsoldier.net Type: A |
DNS | thinkplease.net Type: A |
DNS | presentplease.net Type: A |
DNS | thinkcondition.net Type: A |
DNS | presentcondition.net Type: A |
DNS | chiefnation.net Type: A |
DNS | chiefsoldier.net Type: A |
DNS | collegesoldier.net Type: A |
DNS | chiefplease.net Type: A |
DNS | collegeplease.net Type: A |
DNS | chiefcondition.net Type: A |
HTTP GET | http://thinkready.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://thinkpeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://collegeready.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://chiefpeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://collegepeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://middlepeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://morningpeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://strangepeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://historypeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://weatherready.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://classpeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://thinknation.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
HTTP GET | http://collegenation.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent: |
Flows TCP | 192.168.1.1:1031 ➝ 208.109.181.72:80 |
Flows TCP | 192.168.1.1:1032 ➝ 50.63.202.54:80 |
Flows TCP | 192.168.1.1:1033 ➝ 192.254.214.203:80 |
Flows TCP | 192.168.1.1:1034 ➝ 50.63.202.52:80 |
Flows TCP | 192.168.1.1:1035 ➝ 50.87.149.136:80 |
Flows TCP | 192.168.1.1:1036 ➝ 184.168.221.23:80 |
Flows TCP | 192.168.1.1:1037 ➝ 66.96.160.151:80 |
Flows TCP | 192.168.1.1:1038 ➝ 112.140.180.152:80 |
Flows TCP | 192.168.1.1:1039 ➝ 217.69.38.152:80 |
Flows TCP | 192.168.1.1:1040 ➝ 96.8.81.132:80 |
Flows TCP | 192.168.1.1:1041 ➝ 149.47.67.151:80 |
Flows TCP | 192.168.1.1:1042 ➝ 50.63.202.14:80 |
Flows TCP | 192.168.1.1:1043 ➝ 112.125.17.103:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 7468696e lose..Host: thin 0x00000070 (00112) 6b726561 64792e6e 65740d0a 0d0a kready.net.... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 7468696e lose..Host: thin 0x00000070 (00112) 6b70656f 706c652e 6e65740d 0a0d0a kpeople.net.... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 636f6c6c lose..Host: coll 0x00000070 (00112) 65676572 65616479 2e6e6574 0d0a0d0a egeready.net.... 0x00000080 (00128) 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 63686965 lose..Host: chie 0x00000070 (00112) 6670656f 706c652e 6e65740d 0a0d0a0a fpeople.net..... 0x00000080 (00128) 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 636f6c6c lose..Host: coll 0x00000070 (00112) 65676570 656f706c 652e6e65 740d0a0d egepeople.net... 0x00000080 (00128) 0a . 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 6d696464 lose..Host: midd 0x00000070 (00112) 6c657065 6f706c65 2e6e6574 0d0a0d0a lepeople.net.... 0x00000080 (00128) 0a . 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 6d6f726e lose..Host: morn 0x00000070 (00112) 696e6770 656f706c 652e6e65 740d0a0d ingpeople.net... 0x00000080 (00128) 0a . 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 73747261 lose..Host: stra 0x00000070 (00112) 6e676570 656f706c 652e6e65 740d0a0d ngepeople.net... 0x00000080 (00128) 0a . 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 68697374 lose..Host: hist 0x00000070 (00112) 6f727970 656f706c 652e6e65 740d0a0d orypeople.net... 0x00000080 (00128) 0a . 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 77656174 lose..Host: weat 0x00000070 (00112) 68657272 65616479 2e6e6574 0d0a0d0a herready.net.... 0x00000080 (00128) 0a . 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 636c6173 lose..Host: clas 0x00000070 (00112) 7370656f 706c652e 6e65740d 0a0d0a0a speople.net..... 0x00000080 (00128) 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 7468696e lose..Host: thin 0x00000070 (00112) 6b6e6174 696f6e2e 6e65740d 0a0d0a0a knation.net..... 0x00000080 (00128) 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 6c75636f h.php?email=luco 0x00000020 (00032) 63617274 61407961 686f6f2e 636f6d26 carta@yahoo.com& 0x00000030 (00048) 6d657468 6f643d70 6f737420 48545450 method=post HTTP 0x00000040 (00064) 2f312e30 0d0a4163 63657074 3a202a2f /1.0..Accept: */ 0x00000050 (00080) 2a0d0a43 6f6e6e65 6374696f 6e3a2063 *..Connection: c 0x00000060 (00096) 6c6f7365 0d0a486f 73743a20 636f6c6c lose..Host: coll 0x00000070 (00112) 6567656e 6174696f 6e2e6e65 740d0a0d egenation.net... 0x00000080 (00128) 0a .
Strings
. -E- -0 -0010+-0 0 -0 CC .00-+ . -e- . \ 00 . :\ :.. ...........?- 0 0 0 0 - ]# u E(null) H ((((( H h(((( H jjjjh KERNEL32.DLL mscoree.dll \$ _^[ !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0A@@Ju 0SSSSS 0WWWWW 1#QNAN 1#SNAN 4I~:Vj2f 5|[ rk `*'6LoSLBf |$>8\$= 8[-/Ig 8VVVVV a6/No@ abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ ADVAPI32.dll An application has made an attempt to load the C runtime library incorrectly. <at9<rt,<wt - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization August .?AVbad_alloc@std@@ .?AVbad_exception@std@@ .?AVexception@std@@ .?AVlength_error@std@@ .?AVlogic_error@std@@ .?AVout_of_range@std@@ .?AVtype_info@@ }:)(b"1(- bad allocation bad exception Base Class Array' Base Class Descriptor at ( __based( Bbp}ZJ BeginPaint B+j h\QB bZAX1- __cdecl CheckMenuItem Class Hierarchy Descriptor' CloseHandle __clrcall CompareStringA CompareStringW Complete Object Locator' CONOUT$ `copy constructor closure' CopyFileA CorExitProcess CreateDIBPatternBrush CreateDirectoryA CreateEventA CreateFileA CreateIconFromResourceEx CreateProcessA CreateRectRgnIndirect CreateStreamOnHGlobal CreateThread CreateToolhelp32Snapshot CreateWindowExA - CRT not initialized CZ,lUBQ D$(_^][ D$$[_^] D$,_^][3 D$8SVW @.data D$ +D$( dddd, MMMM dd, yyyy December DecodePointer `default constructor closure' DefWindowProcA delete delete[] Delete DeleteColorSpace DeleteCriticalSection D$H;D$L D$Hp^@ D$HPQV D$HPQVWW DispatchMessageA D$L+D$D DOMAIN error D$P+D$H+ DPtoLP D$,PVS D$<QWRPS D$ SVP D$TSUVW3 `dynamic atexit destructor for ' `dynamic initializer for ' `eh vector constructor iterator' `eh vector copy constructor iterator' `eh vector destructor iterator' `eh vector vbase constructor iterator' `eh vector vbase copy constructor iterator' EncodePointer EndPaint EnterCriticalSection ExitProcess __fastcall February FhRD(` FileTimeToLocalFileTime FileTimeToSystemTime FindClose FindFirstFileA - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue FlushFileBuffers ForceRemove FreeEnvironmentStringsA FreeEnvironmentStringsW Friday ^F<-uB GAIsProcessorFeaturePresent GDI32.dll GetACP GetActiveWindow GetCommandLineA GetConsoleCP GetConsoleMode GetConsoleOutputCP GetCPInfo GetCurrentDirectoryA GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetDesktopWindow GetDeviceCaps GetDriveTypeA GetEnvironmentStrings GetEnvironmentStringsW GetEnvironmentVariableA GetFileSize GetFileType GetFullPathNameA GetLastActivePopup GetLastError GetLocaleInfoA GetMapMode GetMessageA GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetOEMCP GetProcAddress GetProcessHeap GetProcessWindowStation GetStartupInfoA GetStdHandle GetStockObject GetStringTypeA GetStringTypeW GetSystemDirectoryA GetSystemTimeAsFileTime GetTempPathA GetTickCount GetTimeZoneInformation GetTitleBarInfo GetUserObjectInformationA GetWindowDC GetWindowRect GlobalAlloc GlobalFree GlobalLock GlobalUnlock `h```` HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSize `h`hhh HH:mm:ss HHtXHHt +h_/Qqo9 h}X1y{ hYn Bwb. i8+n3r >If90t InitializeCriticalSectionAndSpinCount InterlockedDecrement InterlockedIncrement InvalidateRect invalid string position IsBadReadPtr IsDebuggerPresent IsValidCodePage j2hHPB JanFebMarAprMayJunJulAugSepOctNovDec January j h\QB j@j ^V j"^SSSSS KERNEL32 KERNEL32.dll -^kzct5= L$4QRV L$8QUPV LCMapStringA LCMapStringW L$dRPQ LeaveCriticalSection L$HQRVWW LoadCursorA LoadLibraryA `local static guard' `local static thread guard' `local vftable' `local vftable constructor closure' LPtoDP L$ QUV L$ WQP L$XQRP `managed vector constructor iterator' `managed vector copy constructor iterator' `managed vector destructor iterator' MapVirtualKeyExA MessageBoxA Microsoft Visual C++ Runtime Library MM/dd/yy MNh=d! Monday MoveWindow MulDiv MultiByteToWideChar new[] NoRemove - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November (null) October oJoy7%*s ole32.dll OLEAUT32.dll `omni callsig' OpenProcess operator p1kt8e )(p7.> __pascal PeekMessageA `placement delete closure' `placement delete[] closure' Please contact the application's support team for more information. PostQuitMessage PPPPPPPP Process32First Process32Next Program: <program name unknown> __ptr64 - pure virtual function call Q4#t\n QQSVWd QueryPerformanceCounter RaiseException `.rdata ReadFile RegCloseKey RegisterClassExA RegOpenKeyA RegSetValueExA ResetEvent __restrict |rp:bML RtlUnwind runtime error Runtime Error! Saturday `scalar deleting destructor' September SetEndOfFile SetEnvironmentVariableA SetEvent SetFileAttributesA SetFilePointer SetFocus SetHandleCount SetLastError SetMapMode SetStdHandle SetUnhandledExceptionFilter SetWindowTextA ShowCaret ShowWindow SING error SQSSSh s[S;7|G;w ^SSSSS __stdcall `string' string too long Sunday SunMonTueWedThuFriSat TerminateProcess tGHt.Ht& t$(h8OB +t HHt This application has requested the Runtime to terminate it in an unusual way. __thiscall This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. T$HRPV Thursday < tK< tG TLOSS error TlsAlloc TlsFree TlsGetValue TlsSetValue <\tM</tI (T,@/O T$`QPR tR99u2 TranslateMessage T$<RPj T$ RPPj t"SS9] <+t(<-t$: t$<"u 3 Tuesday ;t$,v- t$<WPR t+WWVPV Type Descriptor' `typeof' >:u8FV `udt returning' UF.*Yp ~UhP=B - unable to initialize heap - unable to open console device __unaligned - unexpected heap error - unexpected multithread lock error UnhandledExceptionFilter UNICODE Unknown exception UpdateWindow UQPXY]Y[ URPQQhD USER32.dll USER32.DLL u[SSSP UTF-16LE `vbase destructor' `vbtable' `vcall' `vector constructor iterator' `vector copy constructor iterator' `vector deleting destructor' `vector destructor iterator' `vector vbase constructor iterator' `vector vbase copy constructor iterator' `vftable' VirtualAlloc `virtual displacement map' VirtualFree v N+D$ _VVVVV VVVVVQRSSj WaitForSingleObject Wednesday WideCharToMultiByte |^,w$}R8 WriteConsoleA WriteConsoleW WriteFile WS2_32.dll ^WWWWW xppwpp xpxxxx <xtX<XtT >=Yt1j /ZtphU6l?