| Analysis Date | 2015-05-28 09:05:52 |
|---|---|
| MD5 | 52cd998784869ca428c9d4dc21ee4f70 |
| SHA1 | 6239db9fd891f8eb74bdaa0b9938f91f72ce50e6 |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: 84040264e24513ab216a20b19e4c15b7 sha1: 90bcb70b8fc89f99d51f7676e760625b0354afec size: 196096 | |
| Section | .rdata md5: 40b5d002048ea7b53b148aa44b6ce3f1 sha1: db81e3d08513c0fd10b1c5360ebf9d6627071e54 size: 53248 | |
| Section | .data md5: aaeeedd4849c1d37b038276b9b86afcd sha1: 41273c09af5936f429c49bbd6eebd2bbf42f6ee3 size: 7168 | |
| Section | .reloc md5: 130ca35922141a32638dea2a0284264b sha1: dc9ed057748e15e3ebb26321ab7b494e59e22f77 size: 14336 | |
| Timestamp | 2015-04-29 18:51:48 | |
| Packer | Microsoft Visual C++ 8 | |
| PEhash | ad221689d6e826b33b0b04bba245c77c09668830 | |
| IMPhash | ae033d60cab9be32f7a25c1306d918e8 | |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\pmemxqiokia\uz1lnyxajpl8ls1pxw.exe |
|---|---|
| Creates File | C:\WINDOWS\pmemxqiokia\jc8trgz0h |
| Creates File | C:\pmemxqiokia\jc8trgz0h |
| Deletes File | C:\WINDOWS\pmemxqiokia\jc8trgz0h |
| Creates Process | C:\pmemxqiokia\uz1lnyxajpl8ls1pxw.exe |
Process
↳ C:\pmemxqiokia\uz1lnyxajpl8ls1pxw.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Windows Panel Shell HomeGroup Server ➝ C:\pmemxqiokia\rrwjrmicoj.exe |
|---|---|
| Creates File | C:\WINDOWS\pmemxqiokia\jc8trgz0h |
| Creates File | C:\pmemxqiokia\rrwjrmicoj.exe |
| Creates File | C:\pmemxqiokia\sqjwprmeyf29 |
| Creates File | PIPE\lsarpc |
| Creates File | C:\pmemxqiokia\jc8trgz0h |
| Deletes File | C:\WINDOWS\pmemxqiokia\jc8trgz0h |
| Creates Process | C:\pmemxqiokia\rrwjrmicoj.exe |
| Creates Service | Class Human Reports Interface CNG - C:\pmemxqiokia\rrwjrmicoj.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 808
Process
↳ Pid 852
Process
↳ C:\WINDOWS\System32\svchost.exe
| Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
|---|
Process
↳ Pid 1208
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Process
↳ Pid 1868
Process
↳ Pid 1144
Process
↳ C:\pmemxqiokia\rrwjrmicoj.exe
| Creates File | pipe\net\NtControlPipe10 |
|---|---|
| Creates File | C:\WINDOWS\pmemxqiokia\jc8trgz0h |
| Creates File | C:\pmemxqiokia\sqjwprmeyf29 |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\pmemxqiokia\duttqvo.exe |
| Creates File | C:\pmemxqiokia\d6bkzzn |
| Creates File | C:\pmemxqiokia\jc8trgz0h |
| Deletes File | C:\WINDOWS\pmemxqiokia\jc8trgz0h |
| Creates Process | njwq6ulfndja "c:\pmemxqiokia\rrwjrmicoj.exe" |
Process
↳ C:\pmemxqiokia\rrwjrmicoj.exe
| Creates File | C:\WINDOWS\pmemxqiokia\jc8trgz0h |
|---|---|
| Creates File | C:\pmemxqiokia\jc8trgz0h |
| Deletes File | C:\WINDOWS\pmemxqiokia\jc8trgz0h |
Process
↳ njwq6ulfndja "c:\pmemxqiokia\rrwjrmicoj.exe"
| Creates File | C:\WINDOWS\pmemxqiokia\jc8trgz0h |
|---|---|
| Creates File | C:\pmemxqiokia\jc8trgz0h |
| Deletes File | C:\WINDOWS\pmemxqiokia\jc8trgz0h |
Network Details:
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2067 : close..Host: g 0x00000040 (00064) 656e746c 656d696c 6c696f6e 2e6e6574 entlemillion.net 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2064 : close..Host: d 0x00000040 (00064) 65677265 65686561 72742e6e 65740d0a egreeheart.net.. 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2067 : close..Host: g 0x00000040 (00064) 6c617373 68656172 742e6e65 740d0a0d lassheart.net... 0x00000050 (00080) 0a0a0d0a ....
Strings
C
neeHenCeCrtWd
"
\
.
\
@
.
e
.
00-+ .
-
-1
+-0-E-
-0
\
.
0
0
-
000
-.N
$
xu
2.exe
- abort() has been called
af-za
af-ZA
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
.bat
be-by
be-BY
bg-bg
bg-BG
bn-in
bn-IN
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
Cja-JP
.cmd
.com
CONOUT$
CR6002
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
Djjj
Djjjj
DOMAIN error
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
gl-es
gl-ES
gu-in
gu-IN
((((( H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
is-is
is-IS
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
Program:
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
<$<@<`<
:";>;_;
0:0`0~0
0 0(00080@0H0P0X0
0&000E0^0l0
0$000g0
0 0<0@0P0t0
0!0)0>0P0X0`0f0n0{0
0!0+0A0K0c0s0
0-0:0E0X0l0
0$010F0L0W0
0'02080w0}0
0,030;0@0D0H0q0
0+030;0H0f0m0x0
0$040A0Q0\0v0
0-050@0W0q0
0,060_0g0p0y0
0*060>0O0W0_0
0+060I0a0
0-070D0Q0X0l0v0}0
0 090G0`0g0l0t0
0;0C0a0i0
0-0F0b0s0
0(0j0|0
)010M0_0k0
0"1(1,10141
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
~0<1U1d1
+030_0k0s0
041:1F1u1!303S3d3j3v3
=(=0=5=b=p=
?"?+?0?6?@?J?Z?j?z?
>#>0>6>K>]>c>~>
>0?6?P?[?c?p?
071K1i2t2
=0=8=C=K=]=u=
=(=0=8=\=d=l=
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
; ;(;0;8;@;H;P;X;`;h;p;x;
: :(:0:8:@:H:P:X:`:h:p:x:
? ?(?0?8?@?H?P?X?`?h?p?x?
>*>0>9>K>S>i>q>y>
0A1Y1a1
<0<A<b<g<
0B0J0`0l0
;0;:;i;s;
0;N|O;NI
>0>=>Q>]>e>h?
>0>:>R>]>
0S1i1t1
0sc#fEXO
:<:(;1;
101P1p1
1"1@1[1a1~1
1'111G1W1k1x1
1&1+161@1V1w1
1$1,181j1r1y1+2K2P2X2l2t2|2
1%1,191b1
1%1-1S1`1j1
1(12181J1\1w1}1
1,131>1J1R1Z1a1q1
1=1b1j1r1
1=1E1M1Z1r1z1
1)1L1X1^1f1k1t1
1'1Z1v1
121?1i1
121@1Y1g1s1
1=2K223g3r3{3
131A1Z1h1
1<3%Bk
151B1S1d1n1r1z1
1<5@5D5H5L5P5T5X5\5`5d5h5x5
>#>1>8>@>S>`>h>n>y>
?!?1?9?A?
?1?9?D?N?S?w?
:):1:9:E:M:o:
>1?A?Q?
:!:):1:<:e:
:1:G:f:
?%?1?I?f?
1K1S1\1~1
>$>1>L>U>
1#QNAN
1#SNAN
?#?1?X?_?j?r?
2&2+21292>2D2L2Q2W2_2d2j2r2w2}2
2%222:2M2j2
2'2/2\2h2x2
2$2,232;2S2`2h2p2
2$2,242<2D2L2T2\2d2l2t2|2
2&2.262>2G2S2Z2{2
2.2;2G2W2]2n2
2,2;2J2X2s2z2
2$2,2K2W2_2m2u2}2
2!2/2R2_2e2
2!262>2W2_2s2
\2`2d2h2l2p2t2
2,2D2L2a2i2q2{2
2@2F2N2k2w2}2
(2,2x2|2
232C2Y2j2r2z2
2-3;3E3i3s3
2*393j3
2?3D3K3u3
244:4`4f4
<2=8=}=
282I2u2
282X2x2
2D3d3*4?4l4
:2:::F:Y:a:z:
:$:*:2:::K:g:w:
&2MkoNc
2Q2X2\2`2d2h2l2p2t2
2R3Z3e3
;(;2;;;T;^;p;{;
>*>2>Z>
3*323?3K3j3v3
3 3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3"3(30353;3C3H3N3V3[3a3i3n3t3|3
3'3.3>3\3}3
3&3+333:3Y3c3
3&3,333H3a3j3s3
3 3!3'3F3M3U3]3e3r3
3 3:3^3u3}3
3$3,343<3D3L3T3\3d3l3t3|3
3'3-383P3g3
333G3T3b3j3r3z3
3)3;3K3]3
3*363K3
3'3I3c3w3
3+4=4R4_4t4y4~4
3-4d4l4
3/4I4Y4i4
353H3g3o3x3
=#=)=3=8=K=S=[=c=k=s=
>!>3>E>W>i>{>
3h3r3z3
3J3Z3v3
<3=j=i>p>
="=3=\=k=r=
3O5Z5z5
3P3W3^3x3
3]r4:
>#>+>3>?>T>
4&414A4b4j4z4
4"414z4u5
4*424:4[4g4n4v4
4(434;4l4x4
4 434?4O4
4'4,424:4?4D4M4R4X4`4f4t4
4$4,444<4D4L4T4\4d4l4t4|4
4$444D4d4p4t4x4|4
4#4+4?4J4Z4
4%4-454=4V4d4}4
4$4,454h4
4!4)464L4W4{4
4#4.686
4&474?4G4O4[4c4l4z4
4!494?4H4N4X4c4
4#494K4R4
4;4C4P4\4y4
4*525=5P5X5d5
4&5/5<5H5X5d5
4&6P8T8X8\8`8d8h8l8_9
484@4U4]4e4
494j4r4z4
?-?4?9?A?f?r?x?
:!:&:/:4:A:
4A4_4o4
?$?,?4?<?D?L?T?\?d?l?t?
;(;4;@;H;c;q;y;
?'?4?:?H?N?c?i?p?
;,;4;<;H;P;X;v;
=$=,=4=:=L=R=X=d=n=x=
4N`^5N
4P4^4h4
;4;P;p;
516?6`6f6m6t6
525D5X5e5j5
545M5X5p5z5
54?8?<?@?
5-535;5I5b5p5
5"545G5
5$5,545<5D5L5T5\5d5l5t5|5
5$5,545m5s5{5
5 5$5(5,50545<5@5 6$6p:
5%5-555B5I5j5r5
5&5.565>5F5N5Z5`5
5#5,565]5p5
5#5+575=5
5 5(5M5x5
5&5G5N5u5
5'5G5O5[5
5 5J5z5
5!5Z5v5
5)656Q6
5-666@6T6u6
5'6/676?6N6c6h6s6{6
5?6M6R6
5C6O6j6r6z6
>-?5?=?E?
5G5O5W5f5z5
5H6e6m6u6
:+:5:?:J:Q:a:
<5<`<o<
;!;5;P;X;
>!?/?5?q?
<5<Q<Y<^<
5T6\6|6
5Y5q5{5
:!:5:Z:j:
:5:@:Z:j:
616C6M6Y6d6
616D6W6]6u6
6$6,646<6D6L6T6\6d6l6|6
6$6,646<6D6L6T6\6d6l6t6|6
6+666D6]6k6
6"6/6?6L6_6f6s6
6#6)6<6o6
6$6.6d6
6'6.6O6c6
6#6*6r6
6-686F6
6,6E6|6
6/6h6p6~6
6*6V6b6j6r6z6
6 7-7z7
6\7d7p7
6 7D7U7
6;7U7b7q7{7
<6<><F<K<]<u<
;&;.;6;>;F;Q;g;u;
=6=>=I=Y=a=i=q=y=
:.:6:>:K:X:
6L7V7^7
;,;6;O;Y;f;p;R<
?6?;?]?z?
717O7b7m7
718C8K8_8k8s8
718J8X8y8
727:7C7U7a7
737C7j7
767>7D7L7Z7s7
7 757C7e7
7"7*727<7B7O7
7$7,747<7D7L7T7\7d7l7t7|7
7$7,747<7K7Z7s7
7$7.787B7O7V7`7l7r7x7
7$7,7B7I7
7+7@7g7v7~7
7#7?7I7W7p7{7
7'7/7K7W7
7)7;7M7U7]7e7m7r7
7:7E7U7
7:7R7Z7b7j7t7|7
7 8&8/8
788@8J8y8
7$8.8D8L8T8c8k8s8
797>7R7|7
7%9:9D9J9P9V9
7B7u7{7
;,<7<C<P<X<`<v<~<
7fNT:gN
7H7P7\7
= =/=7=?=J=S=\=i=|=
; ;(;/;7;R;
=&>.>7>Z?v?
818J8j8
838;8C8J8f8v8
869?9I9e9
8 8084888@8X8h8l8|8
8$80888@8H8{8
8#818=8I8
8(81898E8M8_8j8r8z8
8"81898E8U8
8,848<8J8R8
8$8,848<8D8L8T8\8d8l8t8|8
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8$8,888@8H8T8i8q8y8
888@8N8g8
8!8.898C8
8$8,8G8N8d8
8&898?8K8Q8W8
8/8C8R8_8
8\8d8l8q8
8-8E8^8f8n8u8
8*8g8x8
8"8P8d8m8
8.8P8W8
8 9$92989V9b9
8 9-9F9
8)9[9h9{9
8@9F9K9R9X9d9i9n9s9|9
8&9L9R9Z9b9k9~9
?!?/?8?c?
8C8P8Y8}8
:$:(:8:<:@:D:L:d:t:x:
8E8Q8\9s:z:};
<#<+<8<E<O<n<{<
?8?H?l?x?
?*?8?@?H?P?[?g?
<-<8<I<O<U<c<n<y<
>&>8>J>Q>h>s>y>
<8<@<L<T<|<
?'?/?8?S?[?g?q?v?~?
<&<8<S<^<r<
<"<8<T<d<j<
8v8n!5
;%;8;>;Z;`;r;
9":(:,:0:4:
929>9M9U9]9e9~9
929?9r9z9
92:L:T:l:;;E;K;[;a;i;s;{;
9,939;9@9D9H9q9
9&939<9D9a9p9
9&939<9Z9y9
9.969B9X9`9h9
9$9,949<9@9H9P9X9`9h9p9x9
9!9.949@9F9W9s9
9#9-959>9F9K9S9m9r9
9 9$9(9,9\=
999@9}9
9 9$9(9,909
9$9(9<9@9P9T9X9`9x9
9/9;9^9h9
9#9:9`9h9r9
9'9<9C9j9
9@9`9h9x9
9#9:9X9
99:A:R:_:p:{:
9,9H9c9
?*?9?A?
<&=9=A=I=b=
9%:<:C:T:\:d:x:~:
:.:9:h:
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
already connected
already_connected
AreFileApisANSI
argument list too long
argument out of domain
<at-<rt"<wt
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
(}b_9V
bad address
bad_address
bad allocation
bad exception
bad file descriptor
bad_file_descriptor
bad message
Base Class Array'
Base Class Descriptor at (
__based(
BeginPaint
;#;/;B;J;Q;Y;q;{;
='=B=J=R=i=
>&>B>J>R>]>i>y>
=)=:=B=K=
broken pipe
burfopaop bhmicvo ndboom fuoop osch lrvajxocax jogca jnjo iyvbau iov ejd swjez virsai nfw bcooy migojegt ghyethuf vynap mzfibbnai gfpivfzet vcexaj gqua ynteusf jdebemebad rcgonr bllafs bdzel nlbumlc nenp utf nodcor berneb tpozepdimi obydaga opcs odeilzoqn ajt umgnumwja osmjuqmuo jdce idy qnbetivios tnauutem dof tljagrtonp bdqodu elj wngooaalm pldaqn hbfafcl uodpcaji uixob mjrancf jjgocgaxe lozfo mdulumdj lalda ndasawml erjigiub tjapuk vkhoj mlrimf cfnejjl ndmicbxo bcefuzdpo pcve lbyioib goo vmujefef mfivud necdicze hsduabnno upggasef gdgimjcuyg hsjufbtof dddobalkop gumzeyd vtgumndox dvjibzdu ciognaibjb neas jdsopbbud objs rpodibgxa abtm socado ncgowsbe kxo ocsnugg iubuf gfodumbrum dgvi cdze uwntevcip erpcepan efceduf ltyo iusaffa cdewurdzah yfp qtpij blal iiytbuxllu vfm umczomc j9q
bWWWWj
__cdecl
cenlaeo juinpixjd jxdee pdujecogo ocwbev fjxidmbara yocfi saicecofzn eag ubhtuer foiursop nsusef dmhao hfrocze padcojym clu ndlarniced imsu ftke jomuroprub wczi blgaaxfba msdib okk mpajobadlu ssxifem dlv cuim wfdubxjo wukco sgl lbtadfti knsas lenabod iiets abeapbaupf faupooxi nudadefkne bdio bcr fusledb qsrogpfac sahfalci jwbanlpep bfocumeadp bggiqzb ctfunxbol dqdingua yplomz wgcoo clhubgfe cvnaj wdoi gvjijbuovi vbtucnjaez qigxe ufvsapp gaajopi bdro bpem orvqolzc umlpi mlzage jlabotb xjdib sxab rilos ocdesaatp egfcasgb xsjabbjij qevdics lcpaog pjva sbgefbpe tmaf erabnimrne pcjo jbdomfza wwgusubigo fjv rgduoc hderox bsi
CheckDlgButton
<%<-<;<C<I<U<]<o<w<
Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
:#:<:C:M:b:
CompareStringEx
CompareStringW
Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
CorExitProcess
CreateEventExW
CreateFile2
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
cross device link
<"<C<V<a<m<{<
@.data
=#>(>.>:>D>[>c>q>
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
delete
delete[]
DeleteCriticalSection
DeleteFileA
destination address required
destination_address_required
device or resource busy
=(=D=H=h=
=^>d>h>m>s>w>}>
directory not empty
<.<?<D<L<e<k<t<
;D;L;T;X;`;t;|;
=:=D=N=f=z=
>!>&>+>d>n>t>z>
DrawTextA
=]>d>w>
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
e=i=m=q=u=y=}=
=-=E=K=b=y=
EnableWindow
EncodePointer
EndDialog
EndPaint
E#NKz&N
EnterCriticalSection
EnumSystemLocalesEx
=%><>E>P>]>r>
<E<S<l<}<
executable format error
ExitProcess
__fastcall
February
file exists
filename too long
filename_too_long
FileTimeToLocalFileTime
FileTimeToSystemTime
file too large
FindClose
FindFirstFileExW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
?#?F?N?y?
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
>F>T>p>
ftsazuyo dznecdfud nnizus upfegau glye ulyjuapoop mkwougm bpo iceenvufkb gfaicedv zozifej nij tefpaf uebmf uwtohosab bggeeqdl fruho smiy lggaengjez ahnsayl aikrm sebf lnme bcugu cuydegblu oehoobi zgkupa qpcencaxap efocziol ndte dcoded ufcbiprt ucjxoz adbguncf bogsok adlnajmw ntl lgucu tkgusp ywnofmuvae vxjacgd mcba tlecefcgo eslju tzavureb mzulab buj hyfolg fbkabou bqaazoeamz ljayopoe ujle fdsovdje lharo tpjoctjoos ffsouv wlu bugd njloenjx jxfohoa pwodajrt eof xqbes sidziljf diaq lxcefklatd aagd egnvujv nkkaoigi dpaehebzd nwlafcqubi psnodjtu lndugsejis npxaaiosd cmkepid bbumaj tmsidevw ngilaw cdcide fbjus cleiruc uigacru ljvi mvgeldefo bligefg secp odspaag vmpojammi ecq hfbo mgij vpsurfdaju sujeij ufdfui ltkugcs ffqucaeuju vrfeenrcou qtoeso lbri lldevsej itclemhl sfpimdg iE{z
function not supported
:';/;:;F;x;
fxx avdvebup gav mpbe bsnue aqyimui inb ajjye irlifefmla vld gyhiajcd dlfupfcocj fgneiyvc bjduvkiiep fibbeviebn xpzoxgb ofojban cvbacp ffsag pbcofwla pnlijdjejn gok lfcog siqenec naatsunj cdced acaskoraal klsu pojzimzfol pstoo dmlekjzaq hplofoe agdyouwly zqbezauff tvbin urecnorbne rmguioibqw zmlofzemox cqbigu eoeljrifn ngubandc fbofecczad rkpojloemu lpxifcw ioen jcbutez cdm tsmigjs qtzaogvene kvcucai rln gfmugo nid dttonezqan yvri sfpio ubab vgcac clrea evcbukai legl cccozhguj kubimo ecc zwnohf ztf fgjebbgu mqpibupb ppwutt dcpulnje cqsasc kluce uvfd mhdea gtpoisej lqrekb ibxoa dbiga swid iuxjtuvgli zlfogpp cpvaord bbhiurcm osbkabolu sgkihnl gvwuan mydaan ejunmicd fjd pmgibgq rafioposld(
;#;?;G;\;
G0R0e0y0;1D1P2Y2E3
GDI32.dll
generic
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetCursor
GetDateFormatEx
GetDCBrushColor
GetDCPenColor
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileInformationByHandleExW
GetFileTime
GetFileType
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameW
GetGraphicsMode
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLogicalProcessorInformation
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMetaRgn
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNearestColor
GetObjectType
GetOEMCP
GetPixelFormat
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropA
GetQueueStatus
GetScrollPos
GetStartupInfoW
GetStdHandle
GetStretchBltMode
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTextColor
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
;@<G<N<U<m<|<
= =<=_=g=o=|=
>$>,>?>G>S>`>h>
<)<G<T<
=_=g=u={=
`h````
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtVHHt
hM_W|M
=&=.=;=H=O=g=n=v=~=
host unreachable
host_unreachable
?!?@?H?P?X?`?g?~?
>&>,>@>H>P>Z>d>n>v>~>
>H?R?[?|?
;H;S;[;s;~;
:@:H:S:Z:a:z:
Ht+Ht$Ht
>(>H>T>p>|>
_hypot
identifier removed
;%;-;?;I;d;l;~;
~ieW_lL
illegal byte sequence
inappropriate io control operation
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
interrupted
invalid argument
invalid_argument
invalid seek
invalid string position
?!?i?n?x?
io error
iostream
iostream stream error
?%?I?q?~?
: :@:I:Q:\:l:t:
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocaleName
IsWindowEnabled
IsWindowUnicode
;.;i;t;
<itx<o
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
Jbcronfmoun sla bpgejjlo rbj aejvhexo lcdid cob gekpeerq clmuqoqso upjwu sskibjd jkausarpbe lullerkded tpcozmd oexgufeh ajn mio hojumul adjfagjuec anjzo jgmuso ivcz pfgalxsut bavmacbna jllosj owzjolfg mlbewmbe uosoli ygd jnd jbbiud pfnoviax nrzatluboc ibqquz cjgea cktu jpteos njd elsgokr lafvidgja ujan dikjo djjijjjafd intdo qcdalbbo rzfuz jpcepmk vsp vyecihn itqlejvu vwganvp midjuficli djodifit sjlaguxr dwzogp avonf abtb hrsica ojmfoym bsaf nxkodable iqvlui zjdaab rvm jpfe mgredgd qbdaejd bnt utr rhwemj etr bjiu dclohobfu xulnufo tpjefegsi xsgocx rrqeggp vesniuiwim sqlevcj cgpamg mpufooet sbxucidof egcrunpf dorli cuzm rmilu iunfavett sjos lemca nre berof mbfehbje wgboqeun npfeipenk lwemu gose cfusojcg zqfemmbujp mslinbpuc clq rsga saassoujt lck pmhorbipi pgcoltpupg aectva
@jd_u
:):J:h:
j/_j\[f;
j@j _W
} kE$<
KERNEL32.dll
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadIconA
LoadLibraryExW
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
L>P>T>X>\>`>d>h>l>p>t>x>|>
M0X0d0o0~0
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
message size
message_size
?M?i?y?
MJ>;TF
MM/dd/yy
mnfureksav bks catsisnfa uopsfih pjetile wcdugy ewpusizsf jkm cdx glpiptqezm szmayinzom mscipnni ijkci umqs lvja lmbifh dpic luc lemjoubraj ljdi ugkquldi jiei lhpumokbu vlaconu dgnicj wneoje lipc jfnubctao bjguztd ytqiiqtig rmrauzpba vitpavrciy lnx ppn uer bdc glewazf ntvofgt gfw fiieicyi rzyiifhiel rzfeivbfu zahne hfmikfap egq hbru givjaoc qxpemfgufw jjcadhf wjcidjsii gvgusxbij rie ygdoydfo umbrivv cfgel uckgoa qiscodfla pfvi zmipilcbud socdaf ogdja pjboo tyibunble sqlocffu nlgamgjow svneqffetu uwsudilm cldud nyi aagvc ibfsaagwl yjgazupsi azc gzma gnwu lfgubidqi dcjupsr fasabi uebydotgm ceunluonjs mfmialj jydezlnit ijoc mjhif rsbanpfump pibx nzgispeh drajodu xracadw lcj pig ssju oddoro abnjaknn isfaquecj fsceil gdqozcf
Monday
MoveFileA
MultiByteToWideChar
</=m=v=
?*?<?N?
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
new[]
_nextafter
^Nhz`N45eN
< <-<;<N<i<w<
:";N;j;
njpammb trbupnhi pbo rcka vbhoxcpaxp cuagg upamfoetb ttsoslyeh flj atdovacbu jik mpkafmd mnji wpxe dfmaufd ulrg tcn oseb fio fqbabj zubfodb ppcubgdogr scce kbrefj qnenaikvso cpx lngabu bml ivzonezlg xulosict dlmihjx nnqel lcefu nud vbpeelspu bcr xtjijp spz htso gjpigq ibedyu ikjsapx ggokuutkc jjb mzveddlitf tjcefvgagf baehkejvs belnitiezp ldbeps uozfube azogbotd dejt frmopdfod iqfocofnma mfg rlgupiuend gjda ubanicai mfooreln hdnouxz rdacewbzi rpjahiccur tbfeu djnebnd lsj mucjiup mzod sqcagf ufuflal gvs vbbuwsl sfroeu rnnajdfeij jupupem msogayicxo blposv cbsignaya mdjuw enadvedpfu mnba jimbilp lffueozra tdgib yqepomoen arubopetj giingojmsa lgboiom okjticaj bgbam aopgupigf klna agyfivsbek ccemo njuluabjqo nbleb hzmetc gicno skt s
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
(null)
;N-X@N
October
Ol_^[f
`omni callsig'
ONkYPN
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
OutputDebugStringW
owner dead
P2zfYa
__pascal
pdmp qvn umfci eoctg bdn fjxifjxem qaoaavocol lfiqojw kdhasjp vugabigu tjemejdd bzatinlt snqelqbi daxluouq bijfeh ewu pvcugmole jueornar dufhagufna ntepuot jkuyi jewyu inie gmlipi vjyometloj ftsadzio cpdu tzzugdl jxaga kugjissl ocltoiff bpbejjfuaf tqbo notaoeude ndsusiifde ssfusbmol vdb zymagmfoj gmi gulv elnluw rglem uczejepgne tfhicjla pgjukpberr geffufoj llravhvoc adhli fiawp aobzfa nqlignfe xwfa bobgupfo apbjebol rlcomv nlnavadqe eughfulfhi njhelgla jcored vnca ilebade pgrin lzvireq odzadom jnsisla mha keuiuuid wjnuhnm aiff cijunimn jmaz rszem lnaru zsgutalze eifzlij lglulmbovo cnd bjf bmxozc jlmags drmogeoiue uefvwagk sfbamdavij dbudeooy cafko dgdaluc lsnancsu szjam cddojtzif zrs bdpezujjor zlze ufmko rck vbiifitm fzisons gjum djsunz gaxfe cdij nsvefun lzanid elyfamnfu bsqofn fgbedvpag gezque
PeekNamedPipe
permission denied
permission_denied
~pjCXf
`placement delete closure'
`placement delete[] closure'
pN JqNy
PostMessageA
PP9E u
protocol error
protocol not supported
protocol_not_supported
PSSSSV
__ptr64
pvOS8;w
PWWWWV
;P;X;v;
;!;,;P;y;
~Q%5>{
QQSVWd
QueryPerformanceCounter
;Q;X;\;`;d;h;l;p;t;
R8j h!6
RaiseException
rbqicgf ifkxe tlusubccu nljogmban ubmmih pfmieu argcus abc fnub bfixeky niekr ufgd bzjuusbla lbpap pzli nifj crmeoar apbpiajldi gngijyi nbsundais bcfu evpjigep bcjo ojzbo dmj cjcuo uocglojiqs vnnescu eivq luauib cijse pyja igdaanad fgpaclc cakfagmxa srinufuzsi kijiiqoer badpidljeh eugdbeupc sbubal zivc fxcenfcejt gyana djulekmsa wboug mfnozgjols qezbedkco gclog uquna dtdayha gbfirajpa jbdafu nmiliue jgveh ssteg odhzumq agvaf qfbeclx pmajojsb gxdononxa jycofjakoj oaxmwubk rhaqafjl dpbu pmkumvyug dfd pzf lsnurvl efutpics xulduib qfva niful nwni lma wxk sccolfsoor qavzedr opbe zhjabpcec wsjibqaqem umbxikll bpbarbouv cvara zlmiplezi evafsefj fsfeeic tdj waprit faygu mzdejtg rlgoazfiau peofsubgu gmd ksgailmd arhuafe mapjo jjotoxapwi vnbo rglu spoaiiceml suslov njgoplnaw jvbeimjo tmne lzd lj
`.rdata
ReadConsoleW
ReadFile
read only file system
.reloc
RemovePropA
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
RtlUnwind
Saturday
`scalar deleting destructor'
SendMessageA
September
SetDefaultDllDirectories
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetFocus
SetLastError
SetStdHandle
SetTextCharacterExtra
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
SizeofResource
#S&LY?vI
sncuebt pdcu tpfetggegh jfjam mnl hub edbd otmsafyl bsouvepp wpluro rdguen rjgewjak ojjerunmvi ikra blt pntea pdne lmlamhujes ffr piagdefgga vigbada ppjejgbu srce mimepawjki gjciblu cfiraglz imhhujd esbri nvreitw wiswumij znga tbjeisiu nugriemut gpinucf pab pedibis jfadaguai nmxiv lfgodpga gatpol ijrmeagc yfv fca ndlaw iub tbnajsd lxu aldm fnpo wfbah mlo bmd pjqiau jddo cue cjgabsca plpo otldogv nffa ainlfuli uhnudev jjvazf dacsoueed kmp qvzepros efqs djapuj cgli ujbsepoo ilqdougfsa qaepsezav ffsoy sdboif vep uhovcomacx vdfivdw egpecurgma qfc fotm kdla nfzuaptba ovgbi azuobfulia smnu slfitoypoi naclespfa qgoatei fnwacftao glbobpb afjjeso txf pdbon rdd segteib gcpi tmfobcdeab jvzeg ppuocinj roah tqlufu cfraoenas vclep cjnaz qjdaomv gfdu bejsenjdo lnpollja vrbuhftiA
>=>S>[>n>u>
SSPQSW
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
,SVWj0X
SVWjA_jZ+
system
SystemTimeToTzSpecificLocalTime
</<^<t<~<
~';_t|%3
-T5\@=
< t8< t4
*t8u'l
TerminateProcess
text file busy
t!=fff
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
Tuesday
;t$,v-
Type Descriptor'
`typeof'
:<;u;};
u1j h<F
uaPPPS
uasas wfuxibyko crno ompde bzdis jsseg glboxcoco obcju ofx cclu nikdobmh rslijsibag kmoda jhbad fdfign jdfu fczeijdb gfziepjb sdpod jwax zti ibsgipnjab ncsu ceumoa ucfopajdb prbi rvse otgeq ccdumut fgjous ebdbib pde nib fgja mcu bvzirf bxocidopde zpcajijdon agsoom fuhmu bnz slotokax ainnz ssse dutmak hlta ilfn wkjoj djawexe swjiesw efvozeur aqkepasg zfujecpuco nsqo jpjuclaf cdfaapn cszaje bgcebu loue ecfmiu nmgomzma fgsi kvl vtesoxbra talniapu fmxincko ughx ntgilmd covnobu dtolarl exsepegsv urbegoa ngdici xqpupds fucpid dffaa ntifomarf yczetfa cthouahjx zjrijtgold igj vwidonbbu rsyef tnciugfzav hchonjosa mkalooudg mblunuefje thufibpmo mondavuj fpqaeegt pyjozpujo gfkil wvmely grsul tmzijt gibe nuao gpo fojg
?:uBGW
uBjAYjZ+
uCNemGN
`udt returning'
;*<U<m<
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
UQPXY]Y[
URPQQh
USER32.dll
UTF-16LE
v1?Vt-
value too large
`vbase destructor'
vbp coeifyefib fugbef aol ccbouayh acbj yes iaiies gdbemmme aplsox sfton eaivam ddijemp rnbaqccas uoilli kebdeuuggr dac slxu upsjopg cpumiedbj bekk jazje esluvi vct eezj haeapaelot zlluqzwaxg crqi usskud gpoqo rgmegl ocpwar slogel ijufez azcsornhe logpu dcneczb benfukoj lfya gkeeomec bjuwiffl ecnce mgfajucsii pejpolchii ugtg gfnogrj nazp uofurl idfd rnmibi tjvejer cgd sdfaubddoi bngeuvir saatnudibp god eyq fuxliappzi pipd oducduxxo pddede ndbalqsicx cbbe jgenuizwe gsgaktpe qtdubsagem bmeo aotoqnu ioideaji ggzucj esj lqmoojb mnf rpzajgkuhz macibaap sxluwp ilpp kcbanfomex ias ocj vgli eifv esfwobrico bgmidgob nrowobc iszjepoj
`vbtable'
`vcall'
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
<=vh<>u3
`virtual displacement map'
>v>*?=?M?X?
v N+D$
w7r*If
WaitForThreadpoolTimerCallbacks
Wednesday
WideCharToMultiByte
WindowFromDC
Wj0XPV
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
<@<W<z<
$X2JP>
xppwpp
xpxxxx
YY_^[]
zdjyahkaapi ospug ldboam xqfud abug jvf eojt cffiuvl sezkajnas pil oduploivkg shtitewno uci uuz ewmc jfdinis bjtod foyd bnwatf udt mlcefmozuv isfmipbe vocbaah ocwc wfdetjoro lup aeog rlpulbpel dssun jhjedjnupp jqvav fcduq glf pzcidwzui tckuktijue snmamgr sppian vxxaeif ggyunps gccoa dib hmen lnlakm owglunj fppavx copxanuhda blc mcridtn dmvugr bvra ozlgaymsa nsqujpg fvzit gloika gvrisqlo ctibogb efospue nnpukduled foldia ddasejjbe qagno gjtanyniey ugabb nauaifmioa jbne
ZMU{]M?^_M%L`M
ZNn&\N