Analysis Date2015-05-29 02:40:12
MD539009aec4c9fa3cfec8d8f194fb1a429
SHA174e66e6b7eb43c4f187f4d2fbb5e66c2693961eb

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 8cb224b4e82a35f11e241a3410e1ddbc sha1: c70cdc9e2b4761e1ad7376708963407553e2e4ac size: 195584
Section.rdata md5: 35349dfe67c2300297022a9309713a02 sha1: 4dfbedf78b3975954397566cdfc849249d1a589a size: 51712
Section.data md5: 54558b327a7bb03b24cd1319920a3aec sha1: 37062df8449a7ce82b44181fa814ac7320096d8f size: 7168
Section.reloc md5: 3d22e6930820255eebddd0dbfdc09e1b sha1: 92605bfb0be2a5accc3445b7abdf507460ae4a00 size: 14336
Timestamp2015-04-29 18:50:33
PackerMicrosoft Visual C++ 8
PEhash939e7597eb2e10bce3aa73deafb8b1724348b1cb
IMPhash4c8a13a9ac06de47b409eb4c3469df99

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\cwojcycgqow\ukdfntfh
Creates FileC:\cwojcycgqow\b7d1jlqlmjuofp8io.exe
Creates FileC:\WINDOWS\cwojcycgqow\ukdfntfh
Deletes FileC:\WINDOWS\cwojcycgqow\ukdfntfh
Creates ProcessC:\cwojcycgqow\b7d1jlqlmjuofp8io.exe

Process
↳ C:\cwojcycgqow\b7d1jlqlmjuofp8io.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Problem KtmRm Storage Logon Instrumentation ➝
C:\cwojcycgqow\ivtrhozuzg.exe
Creates FileC:\cwojcycgqow\x1k7crgd
Creates FileC:\cwojcycgqow\ukdfntfh
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\cwojcycgqow\ukdfntfh
Creates FileC:\cwojcycgqow\ivtrhozuzg.exe
Deletes FileC:\WINDOWS\cwojcycgqow\ukdfntfh
Creates ProcessC:\cwojcycgqow\ivtrhozuzg.exe
Creates ServiceNotification Superfetch Video File Installer - C:\cwojcycgqow\ivtrhozuzg.exe

Process
↳ Pid 800

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1124

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1872

Process
↳ Pid 1120

Process
↳ C:\cwojcycgqow\ivtrhozuzg.exe

Creates FileC:\cwojcycgqow\x1k7crgd
Creates Filepipe\net\NtControlPipe10
Creates FileC:\cwojcycgqow\ibjlwkemvwc
Creates FileC:\cwojcycgqow\ukdfntfh
Creates FileC:\cwojcycgqow\unrrbttq.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\cwojcycgqow\ukdfntfh
Deletes FileC:\WINDOWS\cwojcycgqow\ukdfntfh
Creates Processakmtgmexh2qy "c:\cwojcycgqow\ivtrhozuzg.exe"

Process
↳ C:\cwojcycgqow\ivtrhozuzg.exe

Creates FileC:\cwojcycgqow\ukdfntfh
Creates FileC:\WINDOWS\cwojcycgqow\ukdfntfh
Deletes FileC:\WINDOWS\cwojcycgqow\ukdfntfh

Process
↳ akmtgmexh2qy "c:\cwojcycgqow\ivtrhozuzg.exe"

Creates FileC:\cwojcycgqow\ukdfntfh
Creates FileC:\WINDOWS\cwojcycgqow\ukdfntfh
Deletes FileC:\WINDOWS\cwojcycgqow\ukdfntfh

Network Details:

DNSbelongbehind.net
Type: A
95.211.230.75
DNSriddenbroad.net
Type: A
DNSbelongbroad.net
Type: A
DNSriddenbehind.net
Type: A
DNSriddenbutter.net
Type: A
DNSbelongbutter.net
Type: A
DNSchairunderstand.net
Type: A
DNSthoseunderstand.net
Type: A
DNSchairbroad.net
Type: A
DNSthosebroad.net
Type: A
DNSchairbehind.net
Type: A
DNSthosebehind.net
Type: A
DNSchairbutter.net
Type: A
DNSthosebutter.net
Type: A
DNSwithinunderstand.net
Type: A
DNSsufferunderstand.net
Type: A
DNSwithinbroad.net
Type: A
DNSsufferbroad.net
Type: A
DNSwithinbehind.net
Type: A
DNSsufferbehind.net
Type: A
DNSwithinbutter.net
Type: A
DNSsufferbutter.net
Type: A
DNSeffortunderstand.net
Type: A
DNSthroughunderstand.net
Type: A
DNSeffortbroad.net
Type: A
DNSthroughbroad.net
Type: A
DNSeffortbehind.net
Type: A
DNSthroughbehind.net
Type: A
DNSeffortbutter.net
Type: A
DNSthroughbutter.net
Type: A
DNSforgetunderstand.net
Type: A
DNSincreaseunderstand.net
Type: A
DNSforgetbroad.net
Type: A
DNSincreasebroad.net
Type: A
DNSforgetbehind.net
Type: A
DNSincreasebehind.net
Type: A
DNSforgetbutter.net
Type: A
DNSincreasebutter.net
Type: A
DNSwouldunderstand.net
Type: A
DNSrememberunderstand.net
Type: A
DNSwouldbroad.net
Type: A
DNSrememberbroad.net
Type: A
DNSwouldbehind.net
Type: A
DNSrememberbehind.net
Type: A
DNSwouldbutter.net
Type: A
DNSrememberbutter.net
Type: A
DNSjourneydried.net
Type: A
DNShusbanddried.net
Type: A
DNSjourneyfifteen.net
Type: A
DNShusbandfifteen.net
Type: A
DNSjourneyangry.net
Type: A
DNShusbandangry.net
Type: A
DNSjourneyarticle.net
Type: A
DNShusbandarticle.net
Type: A
DNSdestroydried.net
Type: A
DNSlittledried.net
Type: A
DNSdestroyfifteen.net
Type: A
DNSlittlefifteen.net
Type: A
DNSdestroyangry.net
Type: A
DNSlittleangry.net
Type: A
DNSdestroyarticle.net
Type: A
DNSlittlearticle.net
Type: A
DNSriddendried.net
Type: A
DNSbelongdried.net
Type: A
DNSriddenfifteen.net
Type: A
DNSbelongfifteen.net
Type: A
DNSriddenangry.net
Type: A
DNSbelongangry.net
Type: A
DNSriddenarticle.net
Type: A
DNSbelongarticle.net
Type: A
DNSchairdried.net
Type: A
DNSthosedried.net
Type: A
DNSchairfifteen.net
Type: A
DNSthosefifteen.net
Type: A
DNSchairangry.net
Type: A
DNSthoseangry.net
Type: A
DNSchairarticle.net
Type: A
DNSthosearticle.net
Type: A
DNSwithindried.net
Type: A
DNSsufferdried.net
Type: A
DNSwithinfifteen.net
Type: A
DNSsufferfifteen.net
Type: A
DNSwithinangry.net
Type: A
DNSsufferangry.net
Type: A
DNSwithinarticle.net
Type: A
HTTP GEThttp://belongbehind.net/index.php
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 95.211.230.75:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   656c6f6e 67626568 696e642e 6e65740d   elongbehind.net.
0x00000050 (00080)   0a0d0a                                ...


Strings
K2tlleeaFCOeCt
"
 
\
.
 
\
.
  
.
e
. 
00-+ .
-
-1
+-0-E-
-0
\
.
0
0
- 
000
-.
.
u
                                 
2.exe
- abort() has been called
af-za
af-ZA
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
.bat
be-by
be-BY
bg-bg
bg-BG
bn-in
bn-IN
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
Cja-JP
.cmd
.com
CONOUT$
CR6002
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
Djjj
Djjjjj
DOMAIN error
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
gl-es
gl-ES
gu-in
gu-IN
         (((((                  H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
is-is
is-IS
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjjj
jjjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
Program: 
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error 
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
                          
0!0&0,04090?0G0L0R0Z0_0d0m0r0x0
0%00050<0D0K0R0Y0
0%0.0;0B0I0V0i0q0
0$0,040<0D0L0T0\0d0l0t0|0
0 0(040<0D0P0_0k0s0
00050A0F0e0
00090E0Q0g0r0z0
0!0+0A0K0c0s0
0-0:0B0J0R0Z0b0j0
0&0.0V0m0
0!050C0U0m0|0
0,0B0J0R0Z0d0l0x0
0-0B0z0
0-0I0Q0q0}0
0#0m0{0
0)0O0[0r0
0$0Q0]0
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0+191L1`1f1m1z1
0:1A1u1
0:1q1|1
= =$=(=,=0=4=<=D=L=T=\=d=l=t=|=
050=0E0[0{0
050L0Z0
051E1N1n1v1
090H0M0_0g0~0
0E3X3m3
;0<F<P<c<
=0>?>G>L>d>s>
: :(:0:<:G:O:l:t:|:
0J0b0r0
0J2[2j3|3
<0<J<h<o<y<
0L1q1~1
0l1s1~3
?#?(?0???L?h?q?
>(>0>M>\>e>|>
:0:P:p:
;%;0;@;P;U;_;g;o;{;
0Z1b1x1
1#1+10161>1C1I1Q1V1\1d1i1o1w1|1
1"1*10161>1G1N1V1_1q1
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1 1&1/1G1S1~1
1,1<1@1P1T1X1`1x1
111>1P1X1a1
1$1,141<1D1L1T1\1d1l1t1|1
1"121}1
1)121:1F1W1e1u1}1
1.131;1h1p1x1
1"161>1F1e1
1.161>1H1q1
1+171`1p1|1
1#181H1T1m1u1z1
1!1B1H1
1-1F1X1]1
1^1j1x1
1;1Z1q1
122@2e2|2
1)2/242:2A2I2Y2i2
1$2I2Y2
131S1Y1
132:2B2
132F2Y2f2m2
?$?,?1?7?B?f?n?y?
?1?7?V?]?g?~?
?)?1?9?A?H?P?i?w?
:#:+:1:9:G:`:n:
<(<1<9<N<
1\.C^F
;";*;1;=;E;J;R;f;z;
1F1W1_1h1p1|1
:1:::G:O:W:_:e:
1I1W1f1t1
=1L+A~
1NW?7N~
?)?1?P?]?h?
1#QNAN
1#SNAN
2 2$2(2,2024282<2@2D2H2L2P2
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2l2p2t2x2|2
222=2J2W2^2m2
2#2+2?2L2Y2f2m2u2
2$2,242<2D2L2T2X2`2h2p2x2
22292A2X2e2u2
2,2=2E2U2f2v2
2%2=2E2U2h2
2#2?2G2O2W2p2z2
2"2*2J2
2&232g2q2y2~2
2#232L2Y2j2r2~2
2,282@2H2P2X2`2h2~2
2)292A2I2R2]2w2
2=2E2M2m2u2}2
2=2E2V2c2v2
2<2P2s2|2
2<2Q2|2
2?2U2l2}2
2$3/363>3L3b3k3z3
2	3<3j3
2 353=3H3p3{3
2;3B3L3Y3w3
242D2H2\2`2p2t2x2
	2)474A4
:(<2<8<L<X<z<
<	="=2=8=@=U=z=
<$<+<2<9<@<G<N<V<^<f<r<{<
29Y#1?
:&:2:A:
`2d2h2l2p2t2x2
2G2Z2j2
2H2n2z2
:2:@:H:b:j:r:z:
<2<><m<
2+m`DU
?2?@?T?Z?
=	=(=2===V=d=}=
:#:+:3:>:
31393A3P3d3l3
3 3(30383@3H3P3X3`3h3p3x3
3'3:3^3n3
3'3,343<3P3]3e3m3x3~3
3.3:3A3H3c3m3
3/3>3F3K3X3d3q3y3
3.3<3O3
3"363c3z3
3*373A3e3w3
3+383L3V3
3?3G3L3T3
3*404U4j4
343;3C3[3g3
343D3H3X3\3`3d3l3
3 4(4,4044484<4@4D4H4L4X4\4`4d4h4l4p4t4|4
3!4,494A4X4`4h4p4|4
3'4[4o4
383K3W3y3
393A3~3
?3?A?F?T?i?s?z?
:3:::A:I:Q:Z:}:
3D3T3d3t3
3G4m4x4
:':3:;:G:O:\:g:x:
;%;3;h;
:#:+:3:z:
434P4j4
435:5?5G5a5g5s5
4&424>4^4f4n4z4
4 4(40484@4H4P4X4`4h4p4x4
4%444B4[4i4
4%4+464A4G4M4X4\4`4d4h4z4
4,4<4I4R4
445I5a5~5
4/474K4\4d4l4
4%4D4L4b4s4
4,4d4l4t4x4
4 4D4L4X4`4h4x4
4>4H4P4V4`4m4x4
4!4t4|4
4.4X4e4p4
4.53595@5
4.565B5O5W5_5g5o5x5
4"575D5W5
485D5L5T5u5
485h5v5
494D4n4v4
= =(=4=9=A=Y=a=s=
;#;.;4;A;K;U;g;s;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
:&:4:<:D:Y:a:i:o:w:
4E4Q4Y4^4
4E5]5y5
4E6c6|6
?	?!?4?:?@?G?P?U?[?c?h?n?v?{?
4L4\4l4|4
:4:O:W:_:g:
;4;<;R;Z;b;j;q;
505W5d5l5t5
5*525}5
5%525<5b5
5 5(50585@5H5P5X5`5h5p5x5
5"5(525<5F5K5X5_5i5w5}5
5$5*545?5E5L5d5l5u5{5
5 5$5(505D5`5
5+555=5I5O5U5c5i5{5
5"5*5?5Z5
5 5,585D5N5V5x5
5%5/595K5U5_5r5
556@6G6a6s6
5)585]5
5-585@5H5P5
5'595E5W5g5s5
5/5D5L5T5_5o5w5
5&5J5[5e5u5
5(5M5Y5c5o5
5;5O5U5
5 6B7J7
5A6Q6Y6a6r6}6
5H6e6r6
=	=*=5===h=p=x=
5J6R6h6p6u6}6
5M5]5e5y5
<-<5<=<p<
5U5k5~5
:5Z5z5
6)61696B6U6]6e6
6)656N6v6
6 6(60686@6H6P6X6`6h6p6x6
6#6)626;6_6o6u6
6'6/656;6E6f6k6q6|6
6'6/676G6T6Z6`6o6u6{6
6&6;6A6H6z6
6/6;6E6K6^6h6n6
6&6;6G6^6v6|6
6 6.6K6^6i6w6
6-6:6V6]6b6
6*6C6Q6t6|6
6(6H6d6h6
6:6P6v6
6(70777=7R7j7
676P6a6n6u6
6%7,747?7[7h7n7
6-777V7
6!7M7U7]7
686P6h6
;&;6;;;A;K;S;[;`;f;l;s;z;
6B6X6d6
>.>6>B>j>
=.=6=B=N=[=w=
=,=6===e=w=
=.>6>I>T>Y>i>u>z>
<6<K<f<p<{<
6L8R8\8
< <*<6<n<{<
6T7\7q7|7
6V7\7c7i7
6w#TVf
6Y7g7~7
758;8B8
758G8d8
767^7n7y7
7(727:7@7T7d7n7v7
7"727O7
7(747<7D7P7V7u7
7*747E7^7l7
7)757=7E7S7o7w7
7 7(70787@7H7P7X7`7h7p7x7
7 7$7(7r7x7|7
7)7;7B7J7_7
7%7;7G7O7c7
7@7^7j7
7$7c7h7q7v7
7:7G7c7k7}7
7(7H7h7t7
7-7H7U7
7B7J7R7z7
7c8k8q8
>'>/>7>C>R>^>
;!;+;7;n;v;
7U8]8f8n8s8|8
<%<7<V<h<z<
=+=8={=
?/?8?\?
858=8E8M8S8
859A9M9\9g9
878R8Z8|8
8&808B8L8Z8d8n8t8|8
8"828=8E8X8^8s8
8-858I8^8|8
8 8(80888@8H8P8X8`8h8p8x8
8#8)848=8J8R8_8
888@8q8
8 8$8E8o8
8&8.8H8g8|8
8#8?8K8Q8\8b8l8
8*8_8l8x8
8'8-8m8
8#8<8S8\8
8 8-8v8
888X8h8
8;8B8H8V8]8m8t8
8	9/9M9z9
;,;8;F;R;\;
<8<?<F<S<q<
:):.:8:H:T:g:m:
<#=+=8=@=H=V=d=v=
;";8;M;V;d;};
8O8[8|8
8O9f9n9w9
8S9g9A:
8W9d9l9t9
;8;X;x;
="=.=9=`=
989?9`9i9v9
989Y9_9k9
9*919N;
9+939O9W9_9g9x9~9
9/959=9M9U9u9
9#979I9Q9a9u9}9
9"9(90959`9p9
9 9(90989@9H9P9X9`9h9p9
9&9.969>9F9M9z9
9 9$9<9@9\9`9p9
9'999L9
9%9-9=9P9r9~9
9#9'9j9
9.9<9U9c9
9(9B9Z9e9w9
9$:9:E:L:Y:w:
9/9I9Q9Y9s9{9
9=9P9h9p9v9
9(9Z9_9w9}9
9+:M:w:
>*>/>9>?>N>`>p>
9S9]9x9
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
<!<A<G<]<v<
=A>I>R>z>
already connected
already_connected
apie jwnopg fietcov izrsibncod cfloqyca dkre rydumyl aig lzf efbm fsn norraefo nrmibs alegcoon auepnjifbs ysjelddozc zusd iijpda spristcee fmojajqlan anapiralpa ajitfeux llaalezmfi ogamohumcn pzigo gmm lypo plbad sirwural hddouj dbfioxc hbocizvfo fdjez jsa gaplulbwi gkaimaoq gjiazus oldh kitdog nagxolaf icvnef cnodopm ufsn llmimjb fmdepcsufl rossil eeymdor rhpemd kghos upxjum watovosy mltu mebwi notjo doxm slb lek ufzobig epvrexvgea jfgoa bacgezbxa tjibetu xpe cum gbkogpe dlziqq jbcuop qjqensfofl xbmim ogvdiooif gcootadgte rtnudntusc czbo jten updebebzf dpjacdjifg ofpadib jncoos nyd vugqi lplue aplemacv ibruzu nqbel nvococq gtsutyer zspijmyen
AreFileApisANSI
argument list too long
argument out of domain
<at-<rt"<wt
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
>	?A?x?
?&?A?z?
\B6_[6
bad address
bad_address
bad allocation
bad exception
bad file descriptor
bad_file_descriptor
bad message
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
>b>g>o>
>)>B>I>U>s>
:':B:J:n:~:
;B<l<t<~<
;B;N;s;x;~;
>)>=>b>o>
:(=B=O={=
<:=B=O=s={=
Bp{9$`
broken pipe
<B=T=a=i=
bWWWWj
:!:<:B:Z:`:h:p:x:
<:=c=}=
CallWindowProcA
__cdecl
CheckDlgButton
 Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
;C;N;V;j;
CompareStringEx
CompareStringW
 Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
CorExitProcess
cpB=@j
CreateEventExW
CreateFile2
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
cross device link
=C>T>e>v>
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
DeleteFileA
destination address required
destination_address_required
device or resource busy
directory not empty
>&>,><>D>J>Y>c>i>x>
; ;<;D;L;T;\;d;l;t;|;
?D?P?^?
DrawTextA
<<<D<S<g<
dwgiift hffahptaoq kssingy rvnunjbop cwfi ylbafh zjfizgas ycusasblif awu plgednib vjcu ilvmifcl hoorb vbugacrgol anpv mggis fcnoaff gniubo lws pvb tnliywx bijme jon ylracp gjme omgzia qpsirmjo nranugtza ghnuipm ivdzocc odphagdfa dbaagailk npexiddb dij tfkuefr pgorefd ojcpaiud ploagic rpdo bedpaqvd sfwu atvjetons g
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
;E=c=|=
<<=E=c=o=w=
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
:!:E:M:*;
EnableWindow
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
EnumSystemLocalesEx
? ?$?E?o?
:-:E:Q:e:r:w:
executable format error
ExitProcess
__fastcall
February
file exists
filename too long
filename_too_long
FileTimeToLocalFileTime
FileTimeToSystemTime
file too large
FindClose
FindFirstFileExW
FindResourceA
fka fmvic unl cfsorud ect pzodujlvu zuvekopcoo gmafalar pnlisrbue qmj vfxiiwgmu lns lhjidxfu twob rfej tfpesnli juoeutg lxe pnsoire mllor eoi mnmulda pvwamipcof izl guzje rnqoabaecd ioestgojp acgbanfjo pchoeaamj fpj psqeuara zneuo bpji ijdrui fgjoof rdbi csopo rvucuun qeinbij bjtasbrug vahua pqepuudkx oiy pjnebldeg njifoidre zflelqpe gub legwafxjap hmjeg bmkuartnu vfnu cbsole zsobaslgul zenbagi eucqqi zimp ipxqeejpjo dohmifdfiz jfel fosbadzii ngsuuldzux mduvo weqtogs angyoz mahu sbmocv egzvuo pzsujejk sigtathxip rwi rekxivb mskilucfo erjdod caquc dbjeptg phamoa lyfuei nnilaahoj cptonccom clciywsuzd lpb nyb mdda lnebewy spjuqciibu dariubeqvd bae fligip rfsi
<!=.=F=L=_=e=p=
<;<F<L<^<h<q<
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
=FNE2LN
fNvBfN
><?f?r?
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
function not supported
g2O3Z3j3
Gc,7vQ
GDI32.dll
<?<G<]<e<j<r<
generic
GetACP
GetActiveWindow
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentObject
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetCursor
GetDateFormatEx
GetDCPenColor
GetDeviceCaps
GetDialogBaseUnits
GetDlgItem
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileInformationByHandleExW
GetFileType
GetFontLanguageInfo
GetFullPathNameW
GetGraphicsMode
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLogicalProcessorInformation
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNearestColor
GetOEMCP
GetPixelFormat
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoW
GetStdHandle
GetStretchBltMode
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTextCharsetInfo
GetTextColor
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
-/gL7=
GlobalAlloc
GlobalFlags
GlobalSize
gNIRiN}
=G=Q=[=q=~=
?:?G?T?\?n?v?~?
`h````
H8L8P8T8X8\8`8d8h8l8
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtVHHt
host unreachable
host_unreachable
?!?/?H?R?\?a?v?
`.HrccTO
Ht+Ht$Ht
_hypot
identifier removed
illegal byte sequence
imdvodi vceg iamegziis xrqi ucfniol vjuuaa dkov sdcucs vhasabp cvdepapces cngo bzv hzeper ptdon ledacoo atjhesjla zjk aqbdufvsoz apgyou ndxois wdruc gnsas npjibewxi gasduvydou otbgox txz nod msmohsmu pftutei juirumiqhs mcfals eyothau uvp oceao ecahirupr cfjev ippc jcboo inxcenfcuo atjliium vrunu wudsa awqnewzjal rbvew ebczeo jixv vkr jnduugcye gnbid vqezuvgj ygc ucpsavfuj nlcivmig ghvecu swdoe bwz ujmhuduoa ceqk opn pnwotps gtteu xfpusidcop bqpogqdu dohl wtmigp yjkurwo vyfogfqe agbsig sjnoc kqe gelfefdteb lbu ircenedsc dszukphu xdd fsdasfcieg qzfopkquy xjxemla mqk lgjec fufye zjnembl sjejol acfbotcamo vyei npc qpub uulgk jmbudue rcofom bmvuslcarj jabxu u
inappropriate io control operation
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
interrupted
invalid argument
invalid_argument
invalid seek
invalid string position
io error
iostream
iostream stream error
iptum gjf sjneijtk unlga lczaw ijnev cmnena ebz vgwe jgciabcd vidkiyroe nzmol cegvejcube erreuqew adpgeje hofci uehgr ogzer glboipvsef awdupigd njqosctuv vpgiegcfo sgfuf pjricsdemc jpxerwd rlqedpp plromc dgu pifboazlni ueorajibo ydn ubqogapdje zulixo pcf ubhajidxpa nmxeh albji rphoy enb mdel ajbg osbuso gnbilp dngodsua evfpibov qbsubmia whf cezmefige pbcedfbuhx txouba butdicjbip mznugi kcciglof lcqojejnu mlmovnde zjdo suvbujmt ucbizekodr mjjizdji nljivdmouu metquido oygfuzmx gbpo upqnalta focjulf tiovoeb bedf aoimi njvacbnece olenvab tclocc nnredg plhiogo mji ptuinovfx jvvemb moeb gylodmju oarzitoo snmapabnas enebficsap 
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocaleName
IsWindowUnicode
<itx<o
>#>->>>I>x>
?/?I?z?
;";*;I;Z;`;
J0W0k0
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
@jd_u	
j/_j\[f;
j@j _W
;J<P<f<x<
,\"js&!O
=J=W=i={=
=J=W=q=}=
jYw@r#
kcwebtb ogobwi zbgo cnreuli rienlaalq zrs tfneol soxiudafib tbwix qbzirfnax crzi jnpauolz fbpilb jrcubgxeu dzjibgvo cdbu pdbofvuvie epj bfaz jiegtasdxe tuoxcej drs aitzpedgm tig tlben dced pgbudfb uwbxe lcdo unyraqbn jlsiztn tigpitzama jemmett dob frig jceva fkvusl cfpegmkuic mld kffedflij ipgco tuojsawi cgsalis pdc inbva ofxn dojpib dztef gpja lresi onrhepju wmalabijo zsiqood eqbda eaokbheao ldzac imnjav xcciivjmu pjjegtije dfye ksvepl clcuzuv jsqemaf urnci ylcegscer gfali tfceajpw bgminlye byfi adle cmad dncimsru gimmia lubfojaq eujlenias drlapos fjef gai oompdabngu djjiu htmeubg itpfepgha dgpaeexoma hlpialudfi kzdespje fzapoemm svobe rmcea j
} kE$<
KERNEL32.dll
>">/>@>K>P>]>e>m>
!kp iR
L8P8T8X8
LCMapStringEx
LCMapStringW
LeaveCriticalSection
lfcuho jbs sbigiaivyt fngexyido gdvepucm fwfis fsvuvqhu limfif usye omtgignvuo ajzuq luxoel xmquuffge nige isgcignl cbiegac inbjobvm dcgi dkmo pjci wmgiycdaj tae servatj ttraz xyjaiopec cclimn obgb dgxudzk rnl nfc gdfolr hbsolvip oaulqqo zndavm zzibulaiaa vfp vobkibdjo jjx iouncdum ristordle cgbebtfazh cyb llnaffgu xuajqaf kccuuwabma nefd kapmuae vtjepfla fahzac lgmurtv klrucdlejr cuanhec nlofu lppanvce vekzeljoja eulduzit iowkevizb gkhalf letvul eabixamutp dwfuc snbudlfo mtjam hzxusicum jbgoiasun pgwizlca ncnegojn tblesjluzc vfr gjtalgded acld fubj cpwaw lbqanjno izu grkidruuoj hirek diaxupujg pviem obous gxdeaclge nmbolr zoc fbb qpmomndigb recmas icb
LoadIconA
LoadLibraryExW
LoadResource
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
message size
message_size
MM/dd/yy
Monday
MoveFileA
MoveWindow
MultiByteToWideChar
_\@N7^
/?nclebuirmf kgju nej nqnioufd rviezagp lcihaz bpatafmim nqgaiglz lbsa clpoe rzjogdman dngo zucna bcpoqjne tfxuxtxu etmb ibkcicaeci ejus otcce fniosajuf fldawhsiad osc rudrihpd qdi rlg fcna ipuszihm aofibci cbali sbmogoz ippecad xdgi rmr ujmzescp lio ojpjo rjfaa anddi jiaeipep jjtedidg fgg fpjifscezd adfva lugdi nfsuppnipd bfna zubte dhriorn bxtekgmerc zzcujm jbbixjtejj zjjegg vaevnomdda eqfmi vfgecxgu pgjuc kmsufa ivglaj duvipiducz zcsufydeb fobbegar tsnojj wrvecdpudu iurkde xlap cuxca qgmums zvn lrti fatn amajq lmsobzn rmjouczun fcmiapg hoj cbau spmaivhm vcjiqcle qomfempk ezfgox dcbo owilfofeu nghasboacu mel szkolug cfciins
N'}={D
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
 new[]
_nextafter
N<"nCX
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
(null)
ocbdakpjo facogo uvbrogcm ofgzega fnzadvd horibiitfy xfreed psao gvv maq gpn sfxef nvgaowlxak luuukeomid julul gbiwamzgou subnu ladquln iczzi odurca cgbuvo glduggpuan vamgegcoa jetl vgonaaedmp blzebgkes ecc rvmaeg snmeakfso ftrop pam nifz gee idiunuloca zpg ivrbeace cpu cbde fljudndio mjre jhfeggbe bdzuu ipmgiy ifzvinble vmnee flhijxnob fckumg rvfa lylinnilaf vumladsiz kikfecj phel ptdevtz fmgusduc fpni fdqeugddef brgiado mcai lppa igaccigzpo xdfibpgov vpevixwb bgmohpmap vsgagcyo vdtenwae erqxetudko gmbepr kqulokmnu avlyi rdeco gzseyu pifsoryj gfenukffal mct fpveb ctea xcu mgzainn musku nsjekcwubb bvdafskay fmgii zefmuthya rfbaxdmu vvru agalsi cswotlxonl bdcip+0
October
-oKFrf
`omni callsig'
{o=OJ9
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
OutputDebugStringW
?)?O?W?i?
owner dead
?%?*?P?
#=%]P)
__pascal
P|<At7{F
pdjupoc wmwoqcd lmugaak kgredpziuu daomvorjv ooeb gspuoofn ogfqenzgi wruwed vpbej infejun gnwaut tmsiuub qzzal nmucar suipje yzie gvvuazbfu lbimi ejisu mcuxaf scb gmsaasgfoy igpu gajp kemjujf rvruluuvoi gkhalp jpge rfpammnua gwpoqi upsigau qmusejgci bjf qtataqfza laljacz izpgok ctconmofu fnvulbapes bzzuegzl bicdip slhoiqen lihnelpjas gpfibqase slli cncikg cfduc rsp bzr smteuajk tcjognjax holfa zajt pjrise zbtoydlum rpnugjtavo tdjuo ymracvr bvquzusseq gwjomgguz mab yfcorkw oedsfof zfbi goolmaru tfoauwo agopxu zrjudalv oecmnibpta gnlan fxjaipmt ijsminiicg efgp grvacf jtsehwj icvo caazeicaec tsjov jglu gjbozcsu evbfu wnley jwc eijudtupjf ovmumuhkw oaas jyr
PeekNamedPipe
permission denied
permission_denied
=P>\>h>p>x>
~pjCXf
`placement delete closure'
`placement delete[] closure'
>">->P>o>
PostMessageA
PP9E u
PPPh0aA
protocol error
protocol not supported
protocol_not_supported
PSSSSV
__ptr64
=P=V=c=n=v=}=
PWWWWV
=:=P=Y=g=
<$<\<q<
~:}qAY
Qj h!C
QNZ3SND
QQSVWd
QueryPerformanceCounter
:#:+:>:r:
RaiseException
`.rdata
ReadConsoleW
ReadFile
read only file system
.reloc
RemovePropA
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
-)R=%f
RtlUnwind
> >$>(>r>x>|>
rzjeh ldrija lfjumu ohfwotj ldde glnofwme qolnurbgu spyoczfus tbd adjlu lpfa pbjiypvurp sewfozfedo sviu scgikd loovlidtt xbgenfi emzfisomx pjpejvd psgilusn xejsept fmvultaneb bcselm lpgupmy aaqcluz fak aalbvuu fvpul yltulg abox gns ipycogndo idjpafeos qdfin azojv dvpoidjbo dzlod nbbazrf rnn fto bbtoqafsos wmgitr ugb ztgocmpilt eogrl jtyoqoip ulbje bngallgur xgn roimf aljinesjne mkudo eyul wocnubo cmbednha pchavcp klkegzro vzesi rnladmnel gbnafy dcjicmc euwpvet vnmazccum pfviuf jeatcu ngace gxbiluusej vyn vgqobii bzwo gbbedoxwaq tlzee jgf tcfonkju ajb osfaj egvatitj ecffiu bzovigfbuv yjpunzvac cbfilnb ddmitmpij midleababe rfxasjko radpaosjez lnguecs fzafX
Saturday
`scalar deleting destructor'
SendMessageA
September
SetDefaultDllDirectories
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetFocus
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWindowTextA
SizeofResource
SSPQSW
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
,SVWj0X
SVWjA_jZ+
system
SystemTimeToTzSpecificLocalTime
-;T.$;
~';_t|%3
t4Qx:\
< t8<	t4
TerminateProcess
text file busy
t!=fff
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
<t>/?I?V?
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
Tuesday
;t$,v-
tvfac ajgyegnnix rxemocxqor wgcomcv zdjetwoxe mmicofcs ucgabous dhgofba dmwudmkoz bijvolm amulkuwisj nmcojd xlcidjuyoz qpfiicyaka bpso lmfedmza dbe rer zjmisbroqd umigukohnt zcgeqso zafahalft boza degta kqulascko uyhse shli bttidlni ofogi sbfozu natzipnzui obicgop udtyobi udtuajacl eej ezvnunicd fucdiwyxu eqciriomy iygtau oqbgo bcjufngu feagbujyte dlc mcsatgiou mvcuvao mlnaf ufy umnroj sdojuw wmnotuo rcqoepik rssipgfin ovudopolnn gynalz gijgal pyosuavj jprefdijom gvj pvziyks zkaazidpbi mducoz gbmusjjo ziukliaolf bsbaembcep szcorlqoep igs izbkaoz fiwgi intfubjc gig kos vdijok prvigfso jnnuio pjfit tuhje cfrodsaofu xsan rmxir rznofcjou sgguy mfnoqorlax aeta szsoknso
 Type Descriptor'
`typeof'
=\=u=}=
uaPPPS
?:uBGW
uBjAYjZ+
`udt returning'
u`j	hJC
:&:U:]:n:
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
UpdateColors
UQPXY]Y[
URPQQh
USER32.dll
UTF-16LE
value too large
`vbase destructor'
`vbtable'
`vcall'
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
-v`!}f
`vftable'
`virtual displacement map'
?!?<?V?l?
v	N+D$
:V;#<R<[<
w4W/g-
WaitForThreadpoolTimerCallbacks
Wednesday
>(>W>_>g>o>w>
WideCharToMultiByte
WindowFromDC
Wj0XPV
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
?X?f?l?
XLu%mE
xppwpp
xpxxxx
:,:X:t:
y1cC2!
:!:Y:a:
YY_^[]
;Z;t;};