Analysis Date2014-03-26 22:46:47
MD5335313a66d0f3ee05d547996a35ae01a
SHA16101f294b0b308dfebccc4b4db0f6e66f9537d83

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 7636dc7fe34ec50aa2d3d5d51bd65c9c sha1: 63ddc78d26462332564069fa006db3efa623be30 size: 210432
Section.rdata md5: b2e9032dfc77010150b3312c0eb4098b sha1: 6dff0bb22fdeee157bae781c062e4929235d9935 size: 47616
Section.data md5: 09ce9218dffed4ebc537a8b8e421b3f6 sha1: a9d9ec654d79d0d72b3eeb794b42a94761e3bde8 size: 14336
Section.rsrc md5: 62b48caf18785263bf851e6b56879dca sha1: 68d937ae7197874516340a7c9ee1bf802088eee9 size: 68608
Section.reloc md5: 3ac7ba9ec98e6e217663b856f0aaea45 sha1: aa112a0b1842902b640ba6d362e5c1c6fdb8c40e size: 35840
Timestamp2014-03-21 09:57:11
PackerMicrosoft Visual C++ ?.?
PEhashc05dc7a3c26502a777c26ec64efec6d7111cc721
IMPhashe7019805ed5babb17e648cb7d6a5494f
AVmcafeeRDN/Generic Downloader.x!jx
AVavgGeneric_r.DSJ

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint
Winsock DNSapp.place4discounts.info

Network Details:

DNSapp.place4discounts.info
Type: A
173.245.61.73
DNSapp.place4discounts.info
Type: A
173.245.60.73
HTTP GEThttp://app.place4discounts.info/22/tmps.g23
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
HTTP GEThttp://app.place4discounts.info/22/tmps.g23
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
HTTP GEThttp://app.place4discounts.info/22/tmps.g23
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
HTTP GEThttp://app.place4discounts.info/22/tmps.g23
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 173.245.61.73:80
Flows TCP192.168.1.1:1032 ➝ 173.245.61.73:80
Flows TCP192.168.1.1:1033 ➝ 173.245.61.73:80
Flows TCP192.168.1.1:1034 ➝ 173.245.61.73:80

Raw Pcap
0x00000000 (00000)   47455420 2f32322f 746d7073 2e673233   GET /22/tmps.g23
0x00000010 (00016)   20485454 502f312e 310d0a48 6f73743a    HTTP/1.1..Host:
0x00000020 (00032)   20617070 2e706c61 63653464 6973636f    app.place4disco
0x00000030 (00048)   756e7473 2e696e66 6f0d0a43 6f6e6e65   unts.info..Conne
0x00000040 (00064)   6374696f 6e3a2063 6c6f7365 0d0a5573   ction: close..Us
0x00000050 (00080)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000060 (00096)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000070 (00112)   653b204d 53494520 372e303b 2057696e   e; MSIE 7.0; Win
0x00000080 (00128)   646f7773 204e5420 352e3129 0d0a0d0a   dows NT 5.1)....
0x00000090 (00144)                                         

0x00000000 (00000)   47455420 2f32322f 746d7073 2e673233   GET /22/tmps.g23
0x00000010 (00016)   20485454 502f312e 310d0a48 6f73743a    HTTP/1.1..Host:
0x00000020 (00032)   20617070 2e706c61 63653464 6973636f    app.place4disco
0x00000030 (00048)   756e7473 2e696e66 6f0d0a43 6f6e6e65   unts.info..Conne
0x00000040 (00064)   6374696f 6e3a2063 6c6f7365 0d0a5573   ction: close..Us
0x00000050 (00080)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000060 (00096)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000070 (00112)   653b204d 53494520 372e303b 2057696e   e; MSIE 7.0; Win
0x00000080 (00128)   646f7773 204e5420 352e3129 0d0a0d0a   dows NT 5.1)....
0x00000090 (00144)                                         

0x00000000 (00000)   47455420 2f32322f 746d7073 2e673233   GET /22/tmps.g23
0x00000010 (00016)   20485454 502f312e 310d0a48 6f73743a    HTTP/1.1..Host:
0x00000020 (00032)   20617070 2e706c61 63653464 6973636f    app.place4disco
0x00000030 (00048)   756e7473 2e696e66 6f0d0a43 6f6e6e65   unts.info..Conne
0x00000040 (00064)   6374696f 6e3a2063 6c6f7365 0d0a5573   ction: close..Us
0x00000050 (00080)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000060 (00096)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000070 (00112)   653b204d 53494520 372e303b 2057696e   e; MSIE 7.0; Win
0x00000080 (00128)   646f7773 204e5420 352e3129 0d0a0d0a   dows NT 5.1)....
0x00000090 (00144)                                         

0x00000000 (00000)   47455420 2f32322f 746d7073 2e673233   GET /22/tmps.g23
0x00000010 (00016)   20485454 502f312e 310d0a48 6f73743a    HTTP/1.1..Host:
0x00000020 (00032)   20617070 2e706c61 63653464 6973636f    app.place4disco
0x00000030 (00048)   756e7473 2e696e66 6f0d0a43 6f6e6e65   unts.info..Conne
0x00000040 (00064)   6374696f 6e3a2063 6c6f7365 0d0a5573   ction: close..Us
0x00000050 (00080)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000060 (00096)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000070 (00112)   653b204d 53494520 372e303b 2057696e   e; MSIE 7.0; Win
0x00000080 (00128)   646f7773 204e5420 352e3129 0d0a0d0a   dows NT 5.1)....
0x00000090 (00144)                                         


Strings
.
.
 
  
00-+ 00-+ .
-
-1
+-0-E-
-0
0
0- 
000
u
(.
- abort() has been called
af-za
af-ZA
Akernel32.dll
america
american
american english
american-english
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
australian
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
be-by
be-BY
belgian
bg-bg
bg-BG
BLC_ALL
bn-in
bn-IN
britain
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
canadian
CCHN
CCHS
CCHT
CCZE
CDEA
CDEC
CDEL
CDES
CENA
CENB
CENC
CENG
CENI
CENJ
CENL
CENS
CENT
CENU
CENZ
CESA
CESB
CESC
CESD
CESE
CESF
CESG
CESH
CESI
CESL
CESM
CESN
CESO
CESR
CESS
CESU
CESV
CESY
CESZ
CFRB
CFRC
CFRL
CFRS
CGBR
china
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
CHKG
CITS
CKOR
CNLB
CNLD
CNON
CNOR
CNZL
CONOUT$
CPRI
CPTB
CR6002
- CRT not initialized
cs-cz
cs-CZ
CSVF
CSVK
CTTO
CUSA
cy-gb
cy-GB
CZAF
czech
CZHH
CZHI
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
DOMAIN error
dutch-belgian
el-gr
el-GR
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
french-belgian
french-canadian
french-luxembourg
french-swiss
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
gl-es
gl-ES
great britain
gu-in
gu-IN
                                 H
         (((((                  H
he-il
he-IL
         h((((                  H
HH:mm:ss
hi-in
hi-IN
holland
hong-kong
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
IDI_APP_ICON
id-id
id-ID
- inconsistent onexit begin-end variables
irish-english
is-is
is-IS
italian-swiss
it-ch
it-CH
it-it
it-IT
ja-jp
ja-JP
January
jjjjh
July
June
ka-ge
ka-GE
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
mscoree.dll
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
new-zealand
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
norwegian
norwegian-bokmal
norwegian-nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
portuguese-brazilian
pr china
pr-china
Program: 
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
puerto-rico
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error 
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
slovak
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
SplashWindow
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
swedish-finland
swiss
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
trinidad & tobago
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
united-kingdom
united-states
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
                          
()$^.*+?[]|\-{},:=!
																			
																									
																												
= =(=0=
0$0@0`0
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0p0t0x0
0 0(00080@0H0P0X0`0h0p0x0
0 0,080D0P0\0h0t0
$000P0X0`0d0l0
0'0:0T0\0g0~0
0&020_0
0%040>0D0S0]0c0u0
0.0N0n0
0123456789abcdefABCDEF
0123456789abcdefghijklmnopqrstuvwxyz
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 040D0T0`0h0
< <$<(<,<0<4<8<<<@<D<H<L<P<T<|<
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
=,=0=4=<=T=d=h=l=p=x=
'070G0{0"1
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
; ;(;0;8;@;H;P;X;`;h;p;x;
: :(:0:8:@:H:P:X:`:h:p:x:
? ?(?0?8?@?H?P?X?`?h?p?x?
0`8l8x8
;0;@;D;H;P;T;h;l;p;
 0E0O0
<0>E>N>[>
?$?0?<?H?T?`?l?x?
<0|o<9
1$1,10141<1P1p1
1'1,121:1?1E1M1R1X1`1e1k1s1x1~1
1,1?1U1^1j1u1
1&151{2
1\1d1l1t1|1
1.1N1n1
1:1R1^1m1
1%202Q2l2
1!22282D2R2X2g2n2~2
1$3*3P3V3u3{3
140217162235Z
163v4F5
>1?8?<?@?D?H?L?P?T?
1D1N1d1n1
1L1\1h1p1
:1:N:k:
1P4T4X4\4`4d4
;	<!<1<Q<l<
1#QNAN
1#SNAN
202<2X2d2
203@3L3T3
20545@5H5L5P5T5X5\5`5d5h5l5x5|5
2062&3.4v5v6
2#2)21262;2D2I2O2W2\2b2j2o2u2}2
2 2$2(2,202<2@2D2H2L2X2\2`2t2|2
2$2,242<2\2`2d2h2l2p2t2x2|2
2&2$3)333B3N3Z3d3p3|3
2.272L2R2
2.2N2n2
2)33393M3Y3	4*4
2-3?3G3e3m3
="=&=*=.=2=6=:=>=B=F=\=f=q=
282D2d2p2
328C8W8]8b8
3 303?3F3W3e3p3x3
3 3(3-333;3A3O3]3d3q3z3A4y4
333[3i3
3$3,343<3D3L3T3\3d3l3t3|3
3$3/3r3
3 4-4x5
3<4K4U4
3 4M4u4
383X3d3
391231235959Z0
3a4j4\5e5Q6
3F3`3~3
3G3_3i3
3H4Z4'5-595h5n5z5
:#;3;L;n;u;
3v3[4f;
3v6V768>;
4$4,444<4D4L4T4\4d4l4t4|4
4 4(4,4H4P4T4l4p4
4%4E4e4
4(4H4P4X4d4l4
4$545@5`5l5t5
495H5g5|5
<$<,<4<<<D<L<T<\<d<l<t<|<
:,:4:<:D:L:T:\:d:l:t:
=4=@=H=|=
>(>4>@>L>X>d>p>|>
</<4<S<
-4SZ >O5;[m
; ;(;4;T;`;
?4?T?t?
526B6O6r6
535L5S5[5`5d5h5
5,5054585<5@5D5V5[5;6@6-9i9O:
5$5,545<5D5L5T5\5d5l5t5|5
5 5$5,5@5`5|5
5$5<5L5P5`5d5h5p5
5%5E5e5
5>5G5t5
5!6&6/646=6B6O6
566V6v6
5@7D7H7L7P7T7X7\7T8
5B6H6L6P6T6
<$<5<?<G<P<V<_<e<u<
6|34Og^;
6$64686H6L6P6T6\6t6
6$6,646<6D6L6T6\6d6l6t6|6
6 6$6(6,6064686<6H6L6P6T6X6\6`6
6!6'696L6R6m6w6}6
6 6@6H6P6X6`6h6|6
6*6<6N6`6r6
6<6H6h6t6
6,7<7H7P7
6A6X6g6
<%<6<`<g<n<u<
6K7-8k8v8|8
>6>K>U>
6R$Yip
6V9\9b9u9);
707|768$9
708D8T8d8p8
747Y7s7
767V7v7
7$74787H7L7T7l7|7
7$7,747
7$7,747<7D7L7T7\7d7l7t7|7
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
7"7?7\7y7
7(7H7h7
7?7q7x7|7
7 8@8`8|8
7%8E8e8
7L7`7p7
7v8[9x;
80BMc\~
848D8P8p8|8
8$84888<8P8T8d8t8x8|8
8$8*80868
8$8,848<8D8L8T8\8d8l8t8|8
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8)8A8Q8a8q8
8'8D8a8~8
8!8E8K8
8-8F8O8n8y8
8%9}97:j:
8$9<9U9v9}9
<8<D<d<l<x<
:$:(:8:<:@:D:L:d:h:l:
8f95:=:G;R;r;};
<(<8<<<@<H<`<p<t<
<8<@<H<P<X<`<h<t<x<
:8:H:T:t:|:
>(>8>H>X>\>l>p>t>x>|>
;*<8<N<
?$?,?8?X?`?h?p?|?
93:E:W:i:{:
9!919A9Q9a9q9
9(989<9@9D9L9`9d9t9x9
9"989N9V9
9 9(949<9\9d9t9
9$9,949<9D9L9T9\9d9l9t9|9
9 9,989D9P9\9h98=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
9^9c9m9
9%9E9e9
9,9I9f9
9,9X9x9
?!?9?j?
<9<><J<O<n<
9L9\9h9p9
=,>9>S>
:,;9;S;
*9X)cs
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
>a?g?u?
already connected
already_connected
    </application>
		<application>
argument list too long
argument out of domain
</assembly>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
AT;BPt
=)>A>U>
.?AUctype_base@std@@
August
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$collate@D@std@@
.?AV?$ctype@D@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Facet_base@std@@
.?AVfacet@locale@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV_Node_assert@std@@
.?AV_Node_back@std@@
.?AV_Node_base@std@@
.?AV_Node_capture@std@@
.?AV?$_Node_class@DV?$regex_traits@D@std@@@std@@
.?AV_Node_end_group@std@@
.?AV_Node_endif@std@@
.?AV_Node_end_rep@std@@
.?AV_Node_if@std@@
.?AV_Node_rep@std@@
.?AV?$_Node_str@D@std@@
.?AVout_of_range@std@@
.?AVregex_error@std@@
.?AV_Root_node@std@@
.?AVruntime_error@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
B 02CV
bad address
bad_address
bad allocation
bad cast
bad exception
bad file descriptor
bad_file_descriptor
bad locale name
bad message
 Base Class Array'
 Base Class Descriptor at (
__based(
<BBU666*
>&>B>^>d>
;BLt"j
broken pipe
C =02CVu
__cdecl
chhZaaa*
 Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
CompareStringEx
CompareStringW
	</compatibility>
	<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
 Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
CreateBitmap
CreateCompatibleDC
CreateFileMappingW
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThreadpoolTimer
CreateThreadpoolWait
CreateWindowExW
cross device link
>Cu/f9F
D'16bVox
D4DPoWx
D7KUwNmz
D)8@cTs
@.data
dddd, MMMM dd, yyyy
December
`default constructor closure'
DefWindowProcW
 delete
 delete[]
DeleteCriticalSection
DeleteDC
DeleteFileW
  <description>Setup</description>
destination address required
destination_address_required
DestroyWindow
device or resource busy
D.?HiVv
	D-Install0
D-Install CA
D-Install CA0
directory not empty
DispatchMessageW
D]kGC[f
:D:L:_:j:o:
;<;D;L;X;x;
D;O[}Rq
>-?:?D?R?[?e?
`dynamic atexit destructor for '
`dynamic initializer for '
<)=>=e=
e0p0~0
__eabi
<%<E<e<
=%=E=e=
>%>E>e>
;%;E;e;
:%:E:e:
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EnterCriticalSection
EnumSystemLocalesEx
EnumSystemLocalesW
<e<o<w<
;);E;w;
executable format error
ExitProcess
;';[;f;
///F***
__fastcall
Fcnl@Yc
February
file exists
filename too long
filename_too_long
file too large
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryWhenCallbackReturns
Friday
function not supported
<"<+<g<
G0Pj.S
G4Pj/S
G8PjDS
GDI32.dll
GDPjGS
GdPjOS
generic
Genuu_
GetACP
GetActiveWindow
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetDateFormatEx
GetDesktopWindow
GetEnvironmentStringsW
GetFileSize
GetFileType
GetFullPathNameW
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetMonitorInfoW
GetObjectW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeFormatEx
GetUserDefaultLCID
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersionExW
GetWindowRect
GhPj8S
GHPjHS
GlPj9S
GLPjIS
G<PjES
G@PjFS
G\PjMS
G`PjNS
G|Pj=S
G Pj*S
G,Pj-S
G(Pj,S
G$Pj+S
GPPjJS
GpPj:S
=G=Q=a=q=
GTPjKS
GtPj;S
GXPjLS
GxPj<S
>G>Z>`>j>z>
`h````
H1Fw8,WSWJm
H1P1T1X1\1`1d1h1l1p1t1x1|1
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
=,><>H>h>t>
HHtVHHt
:H:l:F;t;
host unreachable
host_unreachable
;,;H;P;U;y;
Ht+Ht$Ht
^http[s]?://([^\/:\s]+)(:[^\/\s]+)?(\/?[^\s]*)$
:':-:::h:x:
>H>X>d>
_hypot
identifier removed
illegal byte sequence
=I>[>m>
inappropriate io control operation
ineIuV
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
interrupted
invalid argument
invalid_argument
invalid map/set<T> iterator
invalid seek
invalid string position
;i<n<w<
io error
iostream
iostream stream error
i;QXp'37{
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsValidLocaleName
:(:J:|;
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
jAZjZ^+
j"_f9y
j@j _W
>_?j?p?
KERNEL32.dll
Kisf[~
<k=l>|>
*k	MHz
=K=Q=W=]=c=i=p=w=~=
KTVp@@@7
:	;);L;a;q;
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadCursorW
LoadLibraryA
LoadLibraryExW
LoadLibraryW
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
=L>W>B?v?
M0;M4teh
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MapViewOfFile
MessageBoxW
message size
message_size
;M]}F\m:Es
Mgy;F_l
MlQh\*D
MM/dd/yy
Monday
MonitorFromPoint
MultiByteToWideChar
N5GPTh
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
 new[]
_nextafter
<.=N=n=
>.>N>n>
?.?N?n?
NNN>LLL
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
No|NOly
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
nteluM3
(null)
October
`omni callsig'
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
OutputDebugStringW
owner dead
=@=P=\=|=
__pascal
PeekMessageW
permission denied
permission_denied
~pjCXf
`placement delete closure'
`placement delete[] closure'
+/{Po{
PP9E u
PPPPPPPP
protocol error
protocol not supported
protocol_not_supported
__ptr64
>P>V>\>b>h>n>u>|>
QQSVWd
QQSVWh
QueryPerformanceCounter
= =$=(=Q=w=
RaiseException
`.rdata
read only file system
regex_error
regex_error(error_backref): The expression contained an invalid back reference.
regex_error(error_badbrace): The expression contained an invalid range in a { expression }.
regex_error(error_badrepeat): One of *?+{ was not preceded by a valid regular expression.
regex_error(error_brace): The expression contained mismatched { and }.
regex_error(error_brack): The expression contained mismatched [ and ].
regex_error(error_collate): The expression contained an invalid collating element name.
regex_error(error_complexity): The complexity of an attempted match against a regular expression exceeded a pre-set level.
regex_error(error_ctype): The expression contained an invalid character class name.
regex_error(error_escape): The expression contained an invalid escaped character, or a trailing escape.
regex_error(error_paren): The expression contained mismatched ( and ).
regex_error(error_parse)
regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings.
regex_error(error_space): There was insufficient memory to convert the expression into a finite state machine.
regex_error(error_stack): There was insufficient memory to determine whether the regular expression could match the specified character sequence.
regex_error(error_syntax)
RegisterClassW
ReleaseDC
@.reloc
				<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
			</requestedPrivileges>
			<requestedPrivileges>
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
Rich<IN
Rn}vMjv
RtlUnwind
RVSQSWV
Saturday
`scalar deleting destructor'
		</security>
		<security>
SelectObject
September
SetDefaultDllDirectories
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetTimer
SetUnhandledExceptionFilter
ShowWindow
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
SVjA[jZ^+
,SVWj0X
SVWjA_jZ+
system
~';_t|%3
_tcPVj@
TerminateProcess
text file busy
+t"HHt
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t[L?{tO
tO950WD
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
TranslateMessage
	</trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
Tuesday
;t$,v-
t VV9u
 Type Descriptor'
`typeof'
tyPVj@W
%<U_]\
U2FUNi
uBjAYjZ+
`udt returning'
uHjAXf;
u#j,Xf;
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
UnmapViewOfFile
UpdateLayeredWindow
UpdateWindow
uPVWh,LB
UQPXY]Y[
URPQQh
USER32.dll
UTF-16LE
value too large
`vbase destructor'
`vbtable'
VC20XC00U
`vcall'
vector<bool> too long
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
VirtualProtect
VirtualQuery
;VN|2/
v	N+D$
VWh,pC
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
Wednesday
WideCharToMultiByte
Wj0XPV
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
xdigit
?$?X?h?t?
xppwpp
xpxxxx
XXXHQQQ
?>?Y?h?
Yu2Vj@h
YYhl`C
YYhlRC
< =Z=u=