| Analysis Date | 2015-05-28 09:03:09 |
|---|---|
| MD5 | 0f0c3671e593a2a28cf4646bd665f9fd |
| SHA1 | 7ad839a0fe2bdb66f3178313a51e2dbef53c6021 |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: f302c867c23bab46606969c243ca8fd2 sha1: 73dbff6f1ec879147e29bc9f0f408881b53561d7 size: 200192 | |
| Section | .rdata md5: e5a08475ebce6f72aacedfaeb6a20609 sha1: 3acaf1d97bae461446ed3199342f1131cca2f730 size: 52224 | |
| Section | .data md5: 9964a0578382ab6c7fe7e9989d3b10f9 sha1: 188a9e9688f70bc7558effdef62c15fd2a50146c size: 6656 | |
| Section | .reloc md5: 6d7a63a409683483ad06014863f93be2 sha1: 7cff75f5e30746fe2bcb5e0a83b61d050bbd2328 size: 14336 | |
| Timestamp | 2015-04-29 18:46:18 | |
| Packer | Microsoft Visual C++ 8 | |
| PEhash | 4b7f9d2a27287901f0301e7bff9aa339a1dd065c | |
| IMPhash | a17fb24f56c062ffd43f845469f6952f | |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\ggxoysrqd\isxyvp |
|---|---|
| Creates File | C:\ggxoysrqd\tb1jqyambfuhphp.exe |
| Creates File | C:\WINDOWS\ggxoysrqd\isxyvp |
| Deletes File | C:\WINDOWS\ggxoysrqd\isxyvp |
| Creates Process | C:\ggxoysrqd\tb1jqyambfuhphp.exe |
Process
↳ C:\ggxoysrqd\tb1jqyambfuhphp.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Connectivity Window Store Extender ➝ C:\ggxoysrqd\ntfnxgklx.exe |
|---|---|
| Creates File | C:\ggxoysrqd\ntfnxgklx.exe |
| Creates File | C:\ggxoysrqd\isxyvp |
| Creates File | PIPE\lsarpc |
| Creates File | C:\ggxoysrqd\naf7hq |
| Creates File | C:\WINDOWS\ggxoysrqd\isxyvp |
| Deletes File | C:\WINDOWS\ggxoysrqd\isxyvp |
| Creates Process | C:\ggxoysrqd\ntfnxgklx.exe |
| Creates Service | Print Card HomeGroup Controls Access - C:\ggxoysrqd\ntfnxgklx.exe |
Process
↳ Pid 804
Process
↳ Pid 852
Process
↳ C:\WINDOWS\System32\svchost.exe
Process
↳ Pid 1112
Process
↳ Pid 1208
Process
↳ C:\WINDOWS\system32\spoolsv.exe
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
|---|---|
| Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
| Creates File | WMIDataDevice |
Process
↳ Pid 1876
Process
↳ Pid 1136
Process
↳ C:\ggxoysrqd\ntfnxgklx.exe
| Creates File | C:\ggxoysrqd\isxyvp |
|---|---|
| Creates File | pipe\net\NtControlPipe10 |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\ggxoysrqd\dvfqhlphwz |
| Creates File | C:\ggxoysrqd\pnzpcjcrboi.exe |
| Creates File | C:\ggxoysrqd\naf7hq |
| Creates File | C:\WINDOWS\ggxoysrqd\isxyvp |
| Deletes File | C:\WINDOWS\ggxoysrqd\isxyvp |
| Creates Process | ui9pcnaqni0a "c:\ggxoysrqd\ntfnxgklx.exe" |
Process
↳ C:\ggxoysrqd\ntfnxgklx.exe
| Creates File | C:\ggxoysrqd\isxyvp |
|---|---|
| Creates File | C:\WINDOWS\ggxoysrqd\isxyvp |
| Deletes File | C:\WINDOWS\ggxoysrqd\isxyvp |
Process
↳ ui9pcnaqni0a "c:\ggxoysrqd\ntfnxgklx.exe"
| Creates File | C:\ggxoysrqd\isxyvp |
|---|---|
| Creates File | C:\WINDOWS\ggxoysrqd\isxyvp |
| Deletes File | C:\WINDOWS\ggxoysrqd\isxyvp |
Network Details:
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2067 : close..Host: g 0x00000040 (00064) 656e746c 656d696c 6c696f6e 2e6e6574 entlemillion.net 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2064 : close..Host: d 0x00000040 (00064) 65677265 65686561 72742e6e 65740d0a egreeheart.net.. 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2067 : close..Host: g 0x00000040 (00064) 6c617373 68656172 742e6e65 740d0a0d lassheart.net... 0x00000050 (00080) 0a0a0d0a ....
Strings
e
bceeotaCCihs.S
"
\
.
\
.
e
.
00-+ .
-
-1
+-0-E-
-0
\
.
0
0
-
000
-
(.
@`....
bu
2.exe
- abort() has been called
af-za
af-ZA
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
.bat
be-by
be-BY
bg-bg
bg-BG
bn-in
bn-IN
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
Cja-JP
.cmd
.com
CONOUT$
CR6002
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
Djjj
DOMAIN error
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
gl-es
gl-ES
gu-in
gu-IN
((((( H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
is-is
is-IS
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjj
jjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
Program:
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
|'?(;_
; ;(;0;
0$0,040<0D0L0T0\0
0$0,040<0D0L0T0\0d0l0t0|0
0 0-040>0O0W0d0l0t0|0
0"0'060d0
0"0)070?0i0y0
0!0+0A0K0c0s0
0.0:0B0J0R0_0i0q0
0(0-0D0L0a0i0
0'0/0L0T0\0w0
0,010>0N0
0'030=0B0a0
0$050<0M0V0
0*050A0N0V0^0
0%080E0`0
0'0a0w0
0+0B0h0{0
0:0E0P0
0^0f0y0
0!0J0V0
(0,0x0|0
01080?0N0Z0o0v0
010F0L0V0\0l0t0z0
0#11191Q1Y1e1m1{1
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0(171?1O1
0 191q1
0$1O1Y1g1w1
050<0@0D0H0L0P0T0X0
/070[0}0
='=0=8=@=G=N=^=f=|=
: :(:0:8:@:H:P:X:`:h:p:x:
091@1L1Y1j1r1z1
0C0d0i0
)0C0M0U0_0e0k0
<0<D<L<T<
?#?0?;?D?Q?X?d?|?
0E1_1h1
0L0e0m0
<0<P<p<
; ;0;T;`;h;
1090b0z0
1%101<1U1c1n1x1
1 1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1(11191Q1d1j1p1w1
1$1+1=1J1P1f1
1$1,141<1D1L1T1\1d1l1t1|1
1$1,141<1D1T1\1d1l1t1|1
1&1<1D1
1%1@1G1L1P1T1u1
1.131;1c1x1
1*131g1o1z1
1,131M1
1,141I1m1u1}1
1&141O1
1(1H1_1x1
1!1J1d1
1#1M1z1
1#262B2I2U2`2g2
1>2D2H2L2P2
132@2O2[2q2|2
=!=%=)=-=1=5=9===A=E=I=M=Q=U=Y=]=a=
>1>7>=>
181C1]1{1
:1;8;Z;a;~=
194Y6g6q6
:":1:9:A:I:X:c:j:
1A1g1o1
1a2t2|2
=%=1=A=^=f=
1b3#467
;1;B;S;d;i;z;
>1>C>U>g>
1D1T1m1}1
:&:1:H:P:[:
<%<1<@<I<V<
1J1o1v1}1
:1;J;X;o;~;
1K2V2f2
<%<1<<<L<]<
1L2T2g2t2
1N`62N
<)<1<?<N<Z<p<w<
1#QNAN
1#SNAN
1U1_1e1k1
<%<1<Z<i<q<
203H3O3Z3q3
212>2N2o2
2)202C2Z2j2
2#2+20262>2C2I2Q2V2\2d2i2o2w2|2
2"2,222=2`2e2q2v2
2$2,242<2D2L2T2\2d2l2t2|2
2$2@2E2q2~2
2 2.2G2V2]2
2%2@2M2c2
2(232Y2
2$242D2d2p2t2x2|2
2)2B2L2Q2V2^2j2
2]2e2y2
232:2I2Q2i2
2*323@3L3S3
2$3,3<3N3V3^3f3l3t3~3
2 3.3I3W3p3~3
2 3(3u5
2#373_3
2<3T3[3c3
2*3T3m3v3
242<2H2P2m2u2}2
242d2|2
243:3L3k3
='>2>8>
;%;2;8;>;W;d;t;
<2<9<U<
:&:2:::B:M:Y:e:~:
2K3L4\4m4u4
>)>2>Q>c>
> >%>,>3>\>
3!31373[3a3
3!3)31393?3G3k3s3{3
3 3$3(3,30343<3@3 4$4p8
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3"3'3-353:3@3H3M3S3[3`3f3n3s3y3
3-3:3`364P4u4
3#33393?3G3M3S3[3a3g3o3x3
3$3,343<3D3L3T3\3d3l3t3|3
3 3*383Z3
3 3(3G3Q3_3j3q3}3
3"3-3J3d3l3
3"363E3y3
3 383H3L3\3`3d3h3p3
3*3K3[3k3{3
3=3U3b3o3u3{3
3)41494F4]4
3.4:4b4j4|4
3 4;4F4N4S4u4
3'4?4X4
3-494I4g4r4
373F3N3V3e3
>+>3>;>C>[>a>g>n>u>
<+<3<;<C<P<X<`<
?+?3?;?D?P?Y?`?o?
;';3;G;z;
? ?3?I?R?^?i?
: ;3;I;W;p;w;
3L3b3l3x3
3'(Nz=On
<*<3<P<e<s<
3z<%=,=R=Y=
414I4l4
4 4044484@4X4h4l4|4
4%404k4
4)414=4B4J4R4_4
4)41494F4r4z4
4+434?4Z4o4
4 4(40484@4H4P4X4`4h4p4x4
4*4>4F4N4
4#4:4j4u4
4$4-4N4w4
4#4?4T4h4}4
4/474>4T4h4
4*4s4z4
4*525:5A5I5]5i5
454<4L4`4h4~4
4.5=5`5f5q5x5
464B4I4P4^4w4
474B4w4
> >$>*>.>4>8>J>k>v>|>
494n4s4
?'?-?4?A?L?\?j?
>*?4?<?B?J?R?Z?a?m?r?
=$=,=4=<=D=L=T=\=d=l=t=
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
:':/:4:D:X:n:|:
?'?4?>?I?X?f?
>%?4?>?J?
;4;M;W;|;
4P4X4z4
="=4===P=^=m=
<)=4=r=~=
^4rh/ms
> >,>4><>T>_>g>s>{>
546I6Y6i6|6
5%505O5Z5:6V6
5'51585I5T5~5
5$52585M5^5j5q5x5
5$535I5Y5y5
5 5(505[5i5y5
5 5(50585@5H5P5X5`5h5p5x5
5!5+515
5"5(5.585I5U5^5d5j5
5 5$5,5D5T5X5h5l5t5
5@5[5z5
5.565=5H5d5o5}5
5(585>5C5R5j5u5}5
5;5C5U5z5
5-5D5Q5_5x5
5!5X5f5}5
5$6,64686@6T6\6p6x6
5*6]6s6
5=6O6a6
=/>5>;>A>G>M>T>[>b>i>p>w>~>
5b5n5{5
<5===b=i=
:!:):5:B:J:R:Z:b:j:r:z:
;";*;5;B;S;f;v;
5D5U5]5i5w5
>+>5>@>F>R>Z>b>
>->5>=>K>
5X5`5h5
;+;5;Z;
646C6h6v6
6'616;6E6O6Y6^6l6s6|6
6#656X6
6 6(60686@6H6P6X6`6h6p6x6
6"6,646<6D6L6T6
6 6'6/6<6P6X6d6i6
6!6+676L6T6`6
6*6;6C6K6S6[6h6x6
6%6=6F6M6S6c6l6y6
6-6<6G6M6T6\6j6w6
667;7M7k7
6"6c6s6
6%6J6R6{6
6/6Z6`6
6(70797E7X7`7h7p7
6"727d7
6 7/7:7B7k7w7
6 7*7o7t7
6^7c7i7p7
6^7f7r7
:%:6:;:A:S:Y:d:m:z:
=%=6=B=J=R=Z=
6C6[6r6~6
:(:6:c:j:t:|:
:&:6:@:J:T:Z:l:t:~:
;#;.;6;;;N;o;
6Z6f6m6
<%<+<7<
=*=7=@=
:':/:7:
737B7Q7Y7a7i7u7B8L8Z8b8u8
757M7Y7h7
7!717z7
7!747:7H7Q7V7\7b7l7r7|7
7#747B7M7U7b7l7
7.767B7j7r7
7 7(70787@7H7P7X7`7h7p7x7
7$7+757K7u7
7%7-757L7V7^7r7|7
7 7@7`7
7 7$7(7,7\;
7'7/7;7@7P7e7
7%7-7<7L7T7p7y7
7 7-787D7[7n7t7
7%7-7A7e7p7
7%7/7Q7_7o7
7.787E7M7U7f7n7s7{7
7(7A7O7\7f7n7}7
7+7d7y7
7?7G7O7
7$7Z7g7}7
7*838j8
7#878r8
7&8,828C8N8T8{8
7 8*8L8g8
7/8I8a8
7/8M8U8v8
=7e$E|1
=#=7=?=g=s=x=
7I8Q8g8
7L7m7|7
<7<?<L<h<z<
<)<7<N<\<f<p<~<
7P8r9z9";
:#:/:7:S:b:o:
8*:2:::K:Z:v:~:
838@8}8
84:M;X;r;
8*848F8L8T8Z8l8x8
8 8(80888@8H8P8X8`8h8p8x8
8!8)81898A8I8S8d8j8}8
8#8+838;8Q8t8
8'8/878K8W8_8m8s8
8!8(8/878W8p8~8
8!8>8^8k8
8$8-8d8k8s8
8.8@8G8Y8m8u8}8
8$8(8H8d8h8
8&8.8O8
8+898P8[8g8~8
8;8K8S8Y8c8m8y8
899A9J9R9f9w9
8 9]9g9
8A8^8i8p8
;!;8;>;F;N;i;
?!?)?8?H?Q?]?~?
8K8Y8l8
>$>8>T>\>
8W8_8k8|8
=8=X=x=
-8y3`f
>,>9>?>{>
9":1:S:y:
93:>:E:M:W:_:g:o:w:
949P9p9
959<9@9D9H9L9P9T9X9
959A9I9Q9Y9
9#909D9Z9x9
9(949P9\9t9x9
9/959W9u9
9$969>9H9N9^9h9r9
9&989l9t9y9
9 9(90989@9H9P9X9`9h9p9x9
9 9*919Q9_9v9
9&9-959T9b9p9
9#9+9;9V9^9
9'9-9e9q9
9 9=9E9S9]9e9v9{9
9/9;9N9\9h9p9|9
9*9>9P9Z9d9l9s9
9"9H9Y9o9
9*9Z9c9j9r9~9
9A9I9T9l9z9
?)?9?B?O?Z?b?j?r?|?
9 :*:D:X:g:u:
=$=9=F=N=Z=v=
>+>9>G>`>m>s>
9':>:K:X:d:k:q:
|']9m"8,h}
=(>9>M>S>X>
9M:V:^:x:
A8Q8a8
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
< =;=A=[=c=j=
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
aktzohpem spdekvjoov nxe deqpau ggub ybcibpziu uqiu jnb ddvusdepid pcjiclay gwropchu swzaavpt lejufiag hjpeax jjamiszpe inxcojd efcra gnduipcl pdxat xorgulr rfbenype bdnifnnizt slbodzde oqjve dejf phcifg maflu npsex cavdubkmu bjgabvpue evbxu ncl czcejllu jdnaul lpzefgzedc lskea volcin mjmaebktay jvnofiijr pndiispdep dyvifbeomo mkaye tcec bvigegrsau lmiofojw xedijumda fsgei rmte camn jjlalmib riroxafj iygla hinelie ltnizzoloi odvnediuo byfidugpo dfbatwjija lgcotm mvoopefdj rsbozqri zjxeydjo sdjuzbum jcuc odgxi ogfgomjqup fgracetk toonepu arhnoo afojcez wtguffmi danrifnlis ndel nitme rjefib eguvgaumf gpdirmmolt xgpesjafn+
already connected
already_connected
?-?a?q?}?
=+=A=Q=a=
AreFileApisANSI
argument list too long
argument out of domain
<at-<rt"<wt
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
bad address
bad_address
bad allocation
bad exception
bad file descriptor
bad_file_descriptor
bad message
Base Class Array'
Base Class Descriptor at (
__based(
;%<-<B<^<d<}<
bedk psvelozv wflu mwue ddke pxleqznuv ccfian njbimex lpuebeljvi aja uflral kydamgsi umx ulu gjkofsn gyfa jpf jglatlitoi swpiyyucad blsevfrelt ncnafg lrlavnqale zimjis crsac joebkua qlgeddup olncop sgjafbsi fgjulk ofs gzvec pmbipzji gdxoedr mjg rboto nfl nzpip tbjuazh ufoipi urdmic bxnejv gem unsdebgija gcgidsmijw cbm mdduzhno lldatc jmniffunaf pxcitlj gind yvciiliq tsmumi vbsi tfr mcnav lafxiss zngeynde bpo opud nwaji zixt sodciua rissa erwpua czto munmiomx fngucspiwj macifi fbza ejb autfjargac dillooo taipicensq ggcopcdaco jpjoziqza bmleukw vlzu xiujrojcm wfsuw dfgiv gsco jbsuscc zxdirolnei jymojuiut znovo rcle qid zlfidojtee inJ
BeginPaint
;B;I;_;i;
?B?M?_?
broken pipe
btA?n^
>bT-ly
bWWWWj
?b?x?~?
;-;B;X;`;z;
CallWindowProcA
__cdecl
Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
:(:C:M:
="=C=M=R=W=
CompareStringEx
CompareStringW
Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
CorExitProcess
CreateEventExW
CreateFile2
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
cross device link
cv=U?P
}cwfoq mphev rhzoufjn lod pqtazflajs nelfonpae jal vcyolf dsogiz mpogubjzo covnaficj pmconad cvba vypa nmgugah jfi owgbiiovrj gsgam lreopi gnwerfu jbjuuvnna glmoibn ssraxc mddeavbfoc fbciv bbpeympem kpxamfj nesopofvf tugrecdsa afqru lfzaj ejmvueb kkceaang bmmaqbcoz wvvovzji mxf mavjeogjd cude jnb jdxefvjugp zzsue lukfi jmjelsu athgitlb pcfednfos honaoioz gngucisadu juqb ssu bxesoemmso alxm xglaglj ltt mfgappf iivrde jndubzfiu btgolcbon ooguwjuj eusunlunj ictzojydas kpn phnu sitj oaiz gfsovujye mqfukbpafz jdaicubsa ofqouleln rur sjdunqj cmsirmzuij yxobeajsu tebrafaj aigfjia ramnawlpua prlivi rgparz frsaulnvis rkcaecvr itbcog vfnipp dckede c
:%:C:X:b:
D7H7L7P7T7X7\7`7d7h7l7p7t7x7
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
delete
delete[]
DeleteCriticalSection
DeleteFileA
destination address required
destination_address_required
device or resource busy
:>;D;H;L;P;
directory not empty
?D?k?x?
>>>D>L>n>
>">/><>D>L>X>u>
:D;Q;l;v;
DrawTextA
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
=<=E=]=j=
>+>E>j>q>
: :e:k:r:
>$>,>=>E>M>\>b>
EnableWindow
EncodePointer
EndPaint
EN^(IN
EnterCriticalSection
<*<E<N<U<c<
EnumSystemLocalesEx
;!;e;q;};
executable format error
ExitProcess
<#<,<><E<[<y<
__fastcall
February
;);F;i;
file exists
filename too long
filename_too_long
FileTimeToLocalFileTime
FileTimeToSystemTime
file too large
FindClose
FindFirstFileExW
FindResourceA
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
;$;,;F;N;V;^;i;s;
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
function not supported
>:>F>W>a>y>
fYr!VE
+Gdee uceyju pbfeovgfak grhanazdo bcsofsoz efg lfkuecpj dnb osf rjle lnk fbjoim lfnoycitov rndotxdogs scvotnd pifges ndfadeafuq sygadljo pjpuhvq eyfbab modsi zdgoregt epfsuegnxu xcqedjl urbpeuqull dcgiz hzocuxdya ohmcu ridraz pckojeecge assbifar meogitab avdjoacfn fzlug nfduglpii pbzawua hnajelno gnqesd jcnat cfgibncigs lfdagcl usg hskenm jamoducgka jpca ttigowjde pdlovcl ueibbfob hyget zfgii valj lpfank unnz inwfi uyx alu oqltefyma ltsusmteg dnloaspc jpbayzpea bassojd dnp nkp ofzve oircsarde oxxlan elu bjame pbjui wib vgba axduo yacmodivc coufsuadl ajufepu zmudajsbeq mjeionib vtgotgxanc rvnibmif cojopoa pdmaf agy ozgjaj zfipunnbog cplugo ep
GDI32.dll
generic
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentObject
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetCursor
GetDateFormatEx
GetDCBrushColor
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileInformationByHandleExW
GetFileType
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameW
GetGraphicsMode
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLogicalProcessorInformation
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemID
GetMenuState
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNearestColor
GetObjectType
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoW
GetStdHandle
GetStretchBltMode
GetStringTypeW
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTextColor
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
:%:@:G:L:P:T:u:
?G?U?j?}?
&$!gz/
`h````
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
hhgHs~
`h`hhh
HH:mm:ss
>%>H>h>t>
HHtVHHt
host unreachable
host_unreachable
=@=H=P=X=d=i=q=
;';H;P;X;`;h;p;x;
Ht+Ht$Ht
<H<V<`<
_hypot
identifier removed
-i%eC;
illegal byte sequence
inappropriate io control operation
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
interrupted
invalid argument
invalid_argument
invalid seek
invalid string position
io error
iostream
iostream stream error
>#>I>Q>]>l>x>
I[QnIqW
='=I=Q=Y=a=g=n=v=
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocaleName
IsWindowEnabled
<itx<o
>">*>j>
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
jdafeuuc jltouplt zvejop gudeloim hgmaz lcala ojgnajlli jcdakf ajwz bcromeuofb lffemltoub bcberndu nfrogftide lcgub cfzonm jznawg oaadgd uxlajic futmigef ndtudgve rvj mmigeimi fvdu eqoi xbbumldepx pgmarf opm hajjopigdo vozuyoje uhcnus ulgoye mjxud tgjiuts iid roducug rgbes viox ccovi rufdafurso fsti bkrif gmazancalo omuzu yzmefmd msfajpto ibg xbalebb fsu bbesucsc sjp umt belae czh ron ulfguizfpe jaldapj jcrudjigon bcdemgbump ppsincx dxnai bvciabf liuxfoznc oeifc fiagvi jsmunagv jnijijy boipgoduuj nco rapeijubmx akcjujgga xojodiiun mmu lovvonvcol fiywes add xebig kdd onfsecwpa rdjuvfbe gocnanmti eij uqvc fcremknoc zwreaauc llfukz ks
@jd_u
j/_j\[f;
j@j _W
=?=J=^=k=s={=
="=,===\=j=w=
~>k*?%
} kE$<
KERNEL32.dll
;-;>;K;s;
k_=v <*
- lBKf
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadIconA
LoadLibraryExW
LoadResource
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
:%:>:L:W:
:(:L:X:`:
M"4 M$B
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
message size
message_size
MM/dd/yy
Monday
MoveFileA
MoveWindow
~mQI}&
:&:M:S:a:v:
MultiByteToWideChar
_NbF`N
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
new[]
_nextafter
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
.@NqEom
NS%`'d
(null)
;N<V<b<q<
=#=+=o=
October
`omni callsig'
oNeLpNW
ONKKSN
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
OutputDebugStringW
owner dead
__pascal
PeekNamedPipe
permission denied
permission_denied
~pjCXf
<P<k<w<
`placement delete closure'
`placement delete[] closure'
PostMessageA
PP9E u
PPPh vA
protocol error
protocol not supported
protocol_not_supported
PSSSSV
__ptr64
PWWWWV
> ?'?/?:?Q?
+Q8EYV
:':Q:]:e:
QQSVWd
QueryPerformanceCounter
qyCK.a
RaiseException
-#rC,f
`.rdata
ReadConsoleW
ReadFile
read only file system
.reloc
RemovePropA
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
rpbocjro laflafd miahbircm lelmio lqcummda sjpaljke ztboivpl bftegffupd btoebo ilsi pnsafbo ozmv puduosurl mhqelrsij zxwimm rlpajv ctpunmkog njd ksr blfedeucf mrricw eilidpobag bcyuzsfix oqh sjleblj ncpavlfa iaibjpusdu fpvolgunea lrmuim odjmuaoudj obw dmqos scwescalaf ocj vmdoucbv icfsaabnn flru iwsosobpe lums gechuf cmd foui uijd nyaca gcguzldewd sglo lxusia ecnnozdfa tpmosml dlvaffsu arasafuamu inog liojcigpmo mlx bcjuhz vgnib gxgujlfa pvpenlhut gxxe iruffei labni laj cccafcn hmpadp pldoymb zoolm dwsajfima mubdoov cddam ctja nlmedsibah rmtiwoclaj cjbudpeon ufijj fnzaafmdo fpofiexj vjjeb oegip cauufjid rgsouhubqo bobnuuo h
RtlUnwind
s5Bi|*
`S!8rb
Saturday
`scalar deleting destructor'
SendMessageA
September
SetDefaultDllDirectories
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWindowTextA
S?h"b
ShowWindow
SizeofResource
SNR<UN
SSPQSW
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
,SVWj0X
SVWjA_jZ+
system
SystemTimeToTzSpecificLocalTime
~';_t|%3
< t8< t4
TerminateProcess
text file busy
tezbofol elb zgma jic pgvinibike glsucuesg lrfejgg kbqo lnfi lcgoy jmgo smab jrqaobij gmfefjaxae fvefapfio ure ujbf orn itpjam fadig byneaa iyndium larrillc bqmifz olbbig zgudoczge islzea zfjibh uudy nzma djb scon ncdiab zslau bhr lsa njebidjjin ctsap lncoifh npcicnuefe hms evjneoydl zlditd uzehpeus iaplqoud fegocim acpvir qoz aff olisaouju qxbaj jzv fmjejbqu bbxalivk dfna dnofencmod ylvijtd bbqac ftj gjpom fjci ppnecifrik tvuduvsu mfbuagb enmtojun addzudkzoo chlu rupayumje dzpecg cappe emvzo ebdboe lcno mgjawfahaJ
t!=fff
<T=\=g=o=x=
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
Toft%j
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
Tuesday
;t$,v-
Type Descriptor'
`typeof'
>U?_?|?
uaPPPS
?:uBGW
uBjAYjZ+
; ;(;/;<;U;c;
`udt returning'
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
UQPXY]Y[
URPQQh@HB
USER32.dll
UTF-16LE
<=v=<>
value too large
`vbase destructor'
`vbtable'
`vcall'
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
-!.V}f
`vftable'
<=vI<>
`virtual displacement map'
v N+D$
VVri&i
VWjAh&=
>vZN9~
WaitForThreadpoolTimerCallbacks
Wednesday
<!=&=W=_=g=m=u=
WideCharToMultiByte
Wj0XPV
WM<^aM
wPq88*
Wr 5yRV#F
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
X2\2`2d2h2l2p2|2
=X>b>h>|>
X;mkyijcda flded meipjidfc prcikusfa jss sewsoilw pvmamel xjde kbbadqlee zzlafubcof fheriem azbjot zcyusploji pfli ifnbi pgpow oml fmh bnce jjdattyi hegkib ybe adsb mgpoos zutji tbbo qoou csdagebb gutwixt olnlac adc bojmoajbni ndt jzxi jje czgibjedar snsej ltila bkgoaaozlt bnjiq fqz uxxneczef epyxujrlal mpqaexfpej igkve fzbe awqdacn vdifid fqnoao uzpdogt lcilem tbboejz shziv aib nlgebx jxcanemra gigmucbib ljyo epbvuhvg rrro imsfa disegenv vullegse ebb ywfibxak gbaifoibmp qgso mfuqeuf mrm dadm lachouf egjos bubdopcs jmboiid bqdovjeaw tcsuicrhev ljvodcsoj fdup gip mgce hcgohf cllirvfeg ygobospre nnfufxxir ahelareclq zsnofodl
Xoppl laoveocu onsalixi udlfecusqu ndsiihz brfiv fktissdi lzhengruld ellidasr rghuidlcu ucrt mga ltomunpbib fvredsejoc cfotatrxai qahbouim iij qcs afs hfefudrs lfneglj bife mfpamn yqlaisy lunaqona yceifepl cjmamf ereodxod gipxedn ltfijg awf jvperlti lcc vdceydb mbqalsju axbsu vmgamw vglibbj noxbufch smdoxjla ocfd tunhigeg mzdeg ebvojee cciogupeb cnfazbmig eagctilan eenbnuj eol anpabinb ynsejdxal ojfcuker lslefzro ukbxor ftfopfetam gahyiqg zsfu bpicifvs wss qgabu eamjlofds xgd qacguiufd gifmeny zdigofpjar epcjou dzcaemj djt uptimaldx mmdeqom ppwis pabgein popvoaivsl aajc suxpaon deifni xpuiege qtapi rzo xnlegosyug gilboldan
xPf5s(
xppwpp
xpxxxx
>->:>Y>f>n>
ykMDGpM
?Y?`?n?
YNNdZNBk_N
ytwapoxud ixz kaqsezjl pmcungmaa aqle suxxesttov pgz ykaociwalb fnsebil ggaciyqjo ugiosfolim atbmela ulkmiil ctileklas iowx dlacuwm ormoiga btpivcs tejj pvazi zenbioa zfvegs bcfanevije sfnoshsioa bvvucimwo gvulutp sgiu ylseise qqyojs nendu xvejeljmo srjojbgug ajvpi cjpaqfouja clq bvp cbca bcaefot ompbu pcwuzg zviluflsoa chopicdtaq larnueonbi anrrip lfh pntelsgu pfk bcku dojyuz xlgosfna vcefet cimlelccal aigbweuml feet zasb sfo uflcuikn qnl zdgaiz hvmilkkuuq lbsedi vns diwexi gcbio yprulyculv lcofu cen yabcan ljjejyfi cpyuzfvo ucpp mci chy qseumai fumjo flaajo mom pufmo zfqu wdiil lgo uorocla kjv ngp ftmedlnum rbpoo sgusaj wij zbqepbmo l
YY_^[]
Z}1grCGuk
zcy neil fzza wmaurojb ltzi dcqul wrgud ugpfecfiu aaxcpo rhgeigdc mkah uqqekaqvc cmuxem osjriodmdo gdc heoen azsruvfn lcatezlmo eleuwvucme ferufode ftucac ffn orjzekezma yedcijd obiqb lbk dbfongdudm mpnufvba zzwed fnjeimrd zzkafelbe feuf mvxepzudob olbeotezl evjv bcwa goelqip oguffo nfco llcu djboogad alin svlipoil dmad ngyazcnusg emglu fnjomvkeg dmicit cgoe pgbi vcevempxa brilo dyupefygeb cnte vlsadk tsvuap szlamll flae rpo ajxuse bomhavfqa azzbireo cpalens jjw igoflo gcib ddbo algfafupg fmuw guskifh gnsodsfel doz qjeyalrpu ladcafjr fkfu plaselfd bnnezp diuplui bbcipffi lmnizotg pre ntzazyfa buencoe zjfubed mqhon dfliquh mnpi=Lh
@zEvt*
Zxdevtouzq fgyiazl jgjauqtsef rfsirrolug ibzebelu sxs llfobceave zhkojg lnrogpreg ofgpumfoi hogazorzxa meo iilopmuuj egfcesdhu yeftaglc mexuhiic nmxuo vjdidr lwoki crm muqyew caacetomz evbnoych uqgxa mgetunztu bmleazd nefse ylfuud jjguspnebg ssfucac nauts izqrigirla jnfampu ivxeni uhohqax vfojafj apmley fjseai lgdolcjid hncisobp ldboolfrae uhtecid cdtofbful zpsu ndboprsii nfd txputvbos toe pbnohnfeb coakb weteeezagf biqs bsrafa dmy cmh yjzomb nfaa bsmuejnye tigbuculb bvbissjair ragaino sssu aspf jcdulr vpdawl azejug mov sifca weeymebn gimsakeh vlsutcp nllamfqio yfilimnnui ggfemb wojvik nzhe sulg ygmogcpeb osf mpsa fdgeogbj auo jzzutoizj seod