| Analysis Date | 2015-05-29 03:55:50 |
|---|---|
| MD5 | 300a2b8c9ee74945dd0bb378d2cb9b1b |
| SHA1 | 9cb6019d1c6d55e1760534b82627f050e060d813 |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: 5737bdae214aad91e4ff021004eed4e8 sha1: 2d11ec134a43b4ad08303d662ed7a7c5917f3263 size: 196608 | |
| Section | .rdata md5: f6a20b9d148935d58accc221a2788b39 sha1: 35c1ae4d89947ec5e291d62afac6faa37b6d84e9 size: 53248 | |
| Section | .data md5: 7e1d95ba3af6b202775854f35baa2916 sha1: 6812e3b5e6dad5d7c03cdc25332ec5cc72d6f8ca size: 7168 | |
| Section | .reloc md5: 4642bc474dd2e0e7f512358e3327253e sha1: ebe023f0ee4ae000fb161957fac59a287f1c096e size: 14336 | |
| Timestamp | 2015-04-29 19:19:33 | |
| Packer | Microsoft Visual C++ 8 | |
| PEhash | 689b29a6536e14640a294918ed56aff115f843a7 | |
| IMPhash | e7855ea1b9625dac9a1f86dab254f5b4 | |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\WINDOWS\jjyqcrdvndob\upv9li |
|---|---|
| Creates File | C:\jjyqcrdvndob\qp1jz6qbvbfw5ut.exe |
| Creates File | C:\jjyqcrdvndob\upv9li |
| Deletes File | C:\WINDOWS\jjyqcrdvndob\upv9li |
| Creates Process | C:\jjyqcrdvndob\qp1jz6qbvbfw5ut.exe |
Process
↳ C:\jjyqcrdvndob\qp1jz6qbvbfw5ut.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Sharing Extender Locator ➝ C:\jjyqcrdvndob\msvasobiiak.exe |
|---|---|
| Creates File | C:\jjyqcrdvndob\zhe7begoy6 |
| Creates File | C:\WINDOWS\jjyqcrdvndob\upv9li |
| Creates File | PIPE\lsarpc |
| Creates File | C:\jjyqcrdvndob\upv9li |
| Creates File | C:\jjyqcrdvndob\msvasobiiak.exe |
| Deletes File | C:\WINDOWS\jjyqcrdvndob\upv9li |
| Creates Process | C:\jjyqcrdvndob\msvasobiiak.exe |
Process
↳ C:\jjyqcrdvndob\msvasobiiak.exe
| Creates File | C:\jjyqcrdvndob\zhe7begoy6 |
|---|---|
| Creates File | C:\WINDOWS\jjyqcrdvndob\upv9li |
| Creates File | C:\jjyqcrdvndob\dhvlizymuskk.exe |
| Creates File | PIPE\lsarpc |
| Creates File | C:\jjyqcrdvndob\upv9li |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\jjyqcrdvndob\bcfjwn |
| Deletes File | C:\WINDOWS\jjyqcrdvndob\upv9li |
| Deletes File | C:\jjyqcrdvndob\qp1jz6qbvbfw5ut.exe |
| Creates Process | tkhqezsqp1wq "c:\jjyqcrdvndob\msvasobiiak.exe" |
Process
↳ tkhqezsqp1wq "c:\jjyqcrdvndob\msvasobiiak.exe"
| Creates File | C:\WINDOWS\jjyqcrdvndob\upv9li |
|---|---|
| Creates File | C:\jjyqcrdvndob\upv9li |
| Deletes File | C:\WINDOWS\jjyqcrdvndob\upv9li |
Network Details:
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a206c : close..Host: l 0x00000040 (00064) 65616465 72706572 66656374 2e6e6574 eaderperfect.net 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2068 : close..Host: h 0x00000040 (00064) 65617679 68656172 742e6e65 740d0a0d eavyheart.net... 0x00000050 (00080) 0a0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2067 : close..Host: g 0x00000040 (00064) 656e746c 65686561 72742e6e 65740d0a entleheart.net.. 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2062 : close..Host: b 0x00000040 (00064) 656c6f6e 67626568 696e642e 6e65740d elongbehind.net. 0x00000050 (00080) 0a0d0a0a ....
Strings
oC
tdcatr.tH
"
\
.
\
9
.
e
.
00-+ .
-
-1
+-0-E-
-0
\
.
0
0
-
000
-
.
`.
.u
2.exe
- abort() has been called
af-za
af-ZA
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
.bat
be-by
be-BY
bg-bg
bg-BG
bn-in
bn-IN
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
Cja-JP
.cmd
.com
CONOUT$
CR6002
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
Djjj
DOMAIN error
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
gl-es
gl-ES
gu-in
gu-IN
((((( H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
is-is
is-IS
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjjj
jjjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
Program:
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
=!>]>|>
=#=-===
0 0$0(0D0L0T0\0d0l0t0|0
0 0*020L0T0\0m0
0#0-040G0`0n0
0%0-050=0C0O0W0k0{0
0%0-080D0L0X0e0
0%0-0A0b0
0!0)0A0I0U0]0e0m0
0!0+0A0K0c0s0
000C0Y0b0n0y0
0)01090[0q0{0
0!020E0f0
0-050;0C0M0Y0
0%060A0F0Q0r0z0
$0.090C0R0d0
0,0F0X0`0h0m0s0{0
0;0H0P0X0e0o0u0z0
0@0J0_0g0u0
0&0J0c0
0!0J0u0
0*0W0}0
0%111Z1f1
0"1*121A1H1Y1^1d1t1
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0>1I1Q1
0"1m1}1
0*1N1V1b1
"020_0h0
? ?&?*?0?4?:?>?D?H?\?}?
080X0x0
;$;0;8;G;[;o;{;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
; ;(;0;8;@;H;P;X;`;h;p;x;
: :(:0:8:@:H:P:X:`:h:p:x:
: :$:(:0:D:`:
%0E0i0
?0?P?p?
0R0]0o0
;0;u;{;
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1#111F1V1f1s1
1#1+1;1I1Y1f1r1~1
1$1,141<1D1L1T1\1d1l1t1|1
1"1*161s1y1
1&1>1F1n1v1
1*1=1K1_1z1
1$1/1L1V1^1j1v1
1$12171F1t1
1.161;1E1k1
1&181C1s1~1
1'1E1L1P1T1X1\1`1d1h1
1*1n1v1
121V1^1f1q1
1=2`2m2
1*252P2W2\2`2d2
>!>%>)>->1>5>9>=>A>E>I>M>Q>U>Y>]>a>e>i>m>q>
1A1V1\1f1l1|1
1D2L2Z2{2
1J2h2p2|2
1N1V1h1m1
1#QNAN
1#SNAN
;%<1<u<
1U2o2x2
1Y1a1h1p1v1}1
212>2V2c2|2
2!202t2
2$212E2[2n2s2
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2
2 2$2(2,2024282D2L2T2\2d2l2t2|2
2$2,242<2D2L2T2\2d2l2t2|2
2 2,242<2H2X2`2
2,2:2B2J2R2Z2f2
222C2K2c2i2q2y2
222I2w2
2)2=2R2Z2b2
2&2@2T2_2g2q2y2
2#242<2D2J2R2W2_2l2
2,242<2D2L2V2]2k2v2
2+252@2O2]2y2
2 262L2T2
2(282A2I2a2t2z2
2?2G2T2_2f2n2
2=2J2R2Z2d2
2!424F4U4
>%>2>B>O>
=&=2=:=B=U=
:":*:2:::@:H:e:
=*=2=H=m=
2L2h2y2
=2=:=L=a=~=
2r435F8
2T3\3i3p3
30363L3g3
304U4m4u4
323<3B3M3p3u3
3(303<3r3
3"323:3B3J3R3Z3c3k3s3
3 3(3-333;3@3F3N3S3Y3a3f3l3t3y3
3(3,3@3p3x3|3
3$3,343<3B3I3T3\3
3$3,343<3D3L3T3\3d3l3t3|3
3 3'343M3T3f3u3
3&3-353N3e3
3%3/393C3L3W3d3|3
3#3,3O3\3d3l3|3
3 3<3P3X3`3h3x3
3(343<3D3O3a3o3
3%353B3R3X3^3h3s3
3-393A3M3T3e3q3}3
3#393D3X3p3|3
3>3C3K3_3j3
3;3I3b3i3
3)404O4c4i4
3[4\5l5}5
353P3]3s3
3B3J3R3{3
?3?=?C?
3D4J4\4{4
3D4K4l4t4
3E4U4e4
;#;+;3;>;G;j;z;
3I5i7w7
>)>3>=>I>O>Y>j>p>u>
<#<3<I<Q<Y<h<
='=3=J=m=
3N3T3X3\3`3
3N4Z4a4
<-=3=?=P=X=`=l=t=|=
:':3:=:T:b:j:x:
3T=X=\=`=
4'414A4G4k4q4
4'414F4Q4Y4d4l4t4
4+424B4H4N4V4\4b4j4p4v4~4
4'424U4]4e4}4
4*434A4M4U4`4l4|4
4$4*42474=4E4J4P4X4]4c4k4p4v4~4
4$4,444<4D4L4T4\4d4l4t4|4
4&4.464Y4e4z4
4*4@4Q4^4
445?5G5u5}5
4'484@4T4d4k4
4>4F4n4v4~4
4;4I4Y4i4v4
4+4J4W4t4z4
4?4M4f4t4
4@4S4Z4
4,545<5B5X5`5g5y5
4'5F5R5]5s5
4%5G5R5
4*5K5S5f5z5
464F4N4V4\4
465N5g5
?$?+?4?A?G?S?Y?d?l?w?
4d4n4v4{4
;$=,=4=<=D=L=T=\=d=l=t=|=
?&?4?<?D?P?U?p?y?
?!?,?4?D?R?Z?b?h?p?
:4:J:U:c:~:
<'</<4<?<R<Z<b<j<
4V4^4x4
?4{ w)K
505?5H5P5Z5m5u5
525P5s5
5(50585A5f5l5x5
5 5'545=5^5
5$5,545<5D5L5T5\5d5l5t5|5
5)5:5D5O5U5\5t5|5
5)5;5P5n5v5
5"565B5L5X5_5g5|5
5(5A5Y5|5
5&5B5Q5Y5e5
5%5C5R5]5j5~5
5/5K5^5
5 616:6V6
5'626:6F6N6V6b6
5#6*6=6K6S6[6k6y6
5 6&676?6J6\6d6p6{6
5/6I6`6
5<6Y6e6m6u6}6
575C5W5b5r5z5
585`5h5p5x5
585@5K5U5_5y5
=5=A=P=Y=f=
:5:b:|:
=5><>b>i>
>5?C?P?Z?e?m?u?
?!?5?=?E?`?
;5;F;K;Q;c;i;t;};
>*>5>;>I>t>|>
5k6t6z6
5P6v6|6
:*;5;P;W;\;`;d;
;(;5;@;P;Z;f;n;
;5;S;h;r;
5V5^5f5
:5:W:]:
?5?Y?g?q?}?
60676T6e6r6|6
616<6D6R6k6s6z6
656@6_6j6J7f7
6"61676J6d6i6
6%616A6M6U6e6m6s6
6$6,646<6D6L6T6\6d6l6t6|6
6'6.646B6H6]6n6z6
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
6,6<6@6P6T6X6`6x6
6$6,686J6R6`6u6
6,6d6s6~6
6'6L6S6w6}6
6%6S6o6
6*757]7p7x7
6"7-7<7]7
6%7A7M7S7[7e7
6*7C7K7Q7z7
697A7Q7|7
=&=.=6=B=j=
?'?.?6?=?\?d?l?t?
;6;<;I;j;
6M7_7q7
;);6;<;O;c;z;
747D7H7\7`7p7t7x7
757=7d7l7{7
7%717<7D7W7
7#71797?7I7Q7[7g7o7u7
7,747<7Z7
7$7,747<7D7L7T7\7`7h7p7x7
7!7)757s7
7 7$7(7,7074787<7@7D7H7L7P7
7/777B7N7V7^7f7
7+7?7G7R7h7q7z7
7.7<7V7b7n7}7
7/7A7I7R7]7b7k7
7/7Q7j7
7!828A8I8Q8Y8a8m8}8
7'838;8C8
7 8(80888D8L8T8\8,989J9n9t9
7$8,8:8B8J8Z8d8n8
7&8.898A8J8
7:8?8O8U8\8x8
7(8=8v8
7+8A8z8
7@8M8V8
7:8Y8d8{8
7A7l7r7
7B7H7^7f7
>7?B?H?
;#;/;7;C;S;^;f;
7F8K8]8{8
=$=7=?=G=S=_=o=w=
7I7N7\7d7
>7???I?l?
808T8\8p8
809:9\9w9
818A8b8p8
848D8H8X8\8`8d8l8
869<9B9S9^9d9
8)808=8D8p8x8
8*808?8E8R8[8}8
8 828@8G8T8\8d8x8
8,838D8R8]8e8r8|8
8 8(80888@8H8P8X8`8h8p8x8
8!8)81898A8M8U8]8g8o8}8
8&8.868<8I8O8j8
8(8>8L8T8Y8^8f8
8[8a8f8t8
8*8E8]8i8x8
8^8f8r8
8#8V8]8d8l8}8
8:9D9_9
8-9Q9r9
;8<A<K<R<Z<
<8<<<@<D<H<L<P<
8H8c8z8
8H9M9U9w9
="=*=8=@=H=P=V=`=f=k=
;8;@;H;P;X;_;g;o;w;
=-=8=H=Q=j=
?8?I?]?c?h?
8J8Z8c8
8n8s8y8
8R9`9j9
:.;8;S;];
=8=X=h=
90979N9S9o9
90:m:w:
919=9D9Q9V9[9c9o9t9
93:Z:g:~:
949B9H9[9c9v9
9!:4:<:D:J:b:j:p:
9$:7:H:O:]:h:s:{:
9":7:=:u:
9 92979?9q9z9
9%929=9E9T9d9t9|9
9+949>9I9V9c9p9
9*969>9F9N9
9 9(90989@9H9P9X9`9h9p9x9
9!9)91969>9Q9Y9d9r9~9
9 9,949P9\9|9
9 9&969G9N9T9`9w9
9'9-979U9_9e9o9w9}9
9 9%9-9@9L9m9
9$9,9:9B9
9:9C9z9
9\9d9l9t9|9
9,9d9l9t9x9
9(9I9R9
9"9M9Y9
9$9P9|9
9=9X9e9
9!:/:::A:
;9<b<y<
9D;]<h<
9j9q9z9
9@:J:R:
9P:Z:g:
?.?9?>?W?r?
9X:c:j:r:z:
aa@n~&
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
:$:::A:H:\:d:l:
;A<H<j<q<
>*>A>I>\>
>$>A>L>j>q>{>
already connected
already_connected
<!<,<A<L<T<h<y<
AmnB~LZJ
;-;A;N;a;s;
AreFileApisANSI
argument list too long
argument out of domain
?/?A?S?e?w?
<at-<rt"<wt
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
?AY4@w%
;';/;B;
bad address
bad_address
bad allocation
bad exception
bad file descriptor
bad_file_descriptor
bad message
Base Class Array'
Base Class Descriptor at (
__based(
BeginPaint
$B)f/RR
bgufanfcet odjdarr clilovg tsecolfyi cgro crtinfwip afcpapjs cfvigtnejd cfdu ngxejtot lali cntou vdgajdruaa dspecmbi tmrahsgat msjabcmeol ppojez jwxiq gsbiedl jxfuj omejdadaiz pxulaso adpripvpo onybu hvcuimn fjzits nze izegratdsu smdo vdowefon tkvidwdidt swmizvda tsn sgocuetxe sriz pafgi fenebev jiwjeil lffeibl jkn dfmejtigo btloankh ndnig tdfinn zppu gbreualrm wip eznsa flniddh yacsadgv tolxiunof rdf jogvi ujealop qnh diodjuqny svl qsw igfn ezjvejomxu hpbijbdibq tjtitm airajren tsde emcjaab nesm cngop tbvuiobfgo gifdulu udyn saiblobgxu mmpac cvrayzp giguageudb lyyemnia jitiumir eumbeyi wdnudv jtteu lbuteppm tiilfel snbujlt mypumcb pohhaonjo dudrofi draluarll tthu uxpc vplecnp djlobalj st
>+>:>B>g>v>
<b<j<r<
:!:.:::B:M:W:_:k:s:
;";/;:;B;O;W;c;k;z;
=)=B=P=i=w=
broken pipe
bWWWWj
CallWindowProcA
ca- ;uV
__cdecl
=C=]=e=o=w=
CheckDlgButton
:!:,:;:C:K:S:`:
Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
CompareStringEx
CompareStringW
Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
CorExitProcess
C=PS[D
CreateEventExW
CreateFile2
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
cross device link
<C<U<}<
%czpeghl cltaeb earcva ikcv pjjiuromc bbdibgdu xddeldbe ddz wbzuz tzgovuorm zoppiecw evc seifvivl ejgpur csrermd mfjia calinee bujpejjuv szxiecjg lufbao rkceztt ugw vnti oiijfgosvg jatpecdia cgxuji lgj gpzuggzo zuvteydeli sdpulphe aenvnugiuj jmr naoqjei lfsii ehxcifjs ifookvir bgqi kgbajvyamg rai jdjivpb rcodobjp qmb bzy llpe cvxix oulnaga cjnofovs vgc ijst isjjifttig nlkeeicp gibuotap gamfep joldeulbef ytoreig frmerpija ejnnanfdam sbnu muiccof jjjavlg mfgejdlov hlfubysae wcmaiplpij anfnazll bvema dcge tdturjji fqtilsrun hzbel gmko ofgnos yzpup qemidibius con jri fdholmda iaacitwojj afcobaa bnjegvevel sbteozp ufcnuibwg efs rui ktgecfp ygn wilderoceo gslomjgu aqsusey bum mdm ldwoqsii rgjek gafelaod meblodjs gdbe qmbeq tjaso ngrecmsaf crla bvaho gpsaxevv ngu ahbe tffonjdedc hvjilumuf f
D7oq{_h
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
delete
delete[]
DeleteCriticalSection
DeleteFileA
destination address required
destination_address_required
device or resource busy
directory not empty
?#?(?<?D?J?
>%><>D>L>T>\>m>
-DPq$f
{dTq=2
=/=D=U=]=e=z=
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
???E?K?Q?W?]?d?k?r?y?
>!>:>E>^>l>
:':E:L:P:T:X:\:`:d:h:
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
EnumSystemLocalesEx
<,<:<E<O<e<r<
executable format error
ExitProcess
;#;/;E;Y;q;
-$=$~f
__fastcall
,fdna mcpag mdi fguse nsolutngu vyc ctdup luvjofpcus ftnop fsecerrfi gsdunp vjneggne pbgazedf emufoge apbf sbed xgjufydon gbozoudmh pjvoirlc cynawrme egnd dxniq mzeme uvidsajo uem ufsuim ojjraga ouwbgilb ymse svbavzge bgrogj tjkex jdd srdevg aiyal tsepadvate eajcpawe utnie tbdarjus tymucd ufldogjfae nzdegmu zobyarq jmsur qlminploe csdejtue fpnebqbub ojeutlei cmdi cnm rafrau edkw icdjuju iol gvv kvcalcom zdupieu lcsocltaa pbidagd aozdkad lvceapofil admjog djbobubd aygcimsb cdhuxrazid rstewdd aeanef ppj uzpditkg wji lyobasg mldinb mixy bdbii rdcemm eauz gaebbunpce fema zdyoisj pviodoslca hqni fsvesm fdcejkn xetdobeakz gdtigpdiu dffety nzboeppb evsinut fwgefixvom cdmilmo mxlarsvetc pdsum vttepie lpdubzz
February
file exists
filename too long
filename_too_long
FileTimeToLocalFileTime
FileTimeToSystemTime
file too large
FindClose
FindFirstFileExW
FindResourceA
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
:];f;n;
<^=f=r=
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
function not supported
GDI32.dll
generic
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentObject
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetCursor
GetDateFormatEx
GetDCBrushColor
GetDCPenColor
GetDeviceCaps
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileInformationByHandleExW
GetFileType
GetFontLanguageInfo
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameW
GetInputState
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLogicalProcessorInformation
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMetaRgn
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNearestColor
GetObjectType
GetOEMCP
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoW
GetStdHandle
GetStretchBltMode
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
>'>:>G>P>
gpnapnri edvna aizjfatna lmsahpcuox mcyiijs oarudiw rwgufbquje aiesohug tonc minca fxqofgdam eaoepgxann adoqcetre vcsigdfujd tmcignno ucuqjucjvo jmso rdlavc iqasjim xclavbi oksupamci egilfa mpila uzjq boq wlwiresf acntusnfal sustivbsii jfziar janci fmroarwnex yforommd bndag lmbisgm fbpuggnu esvba pfopamplo nossid mcwu psoy kbfehotna drunanbjui eucwvamfni cwidixgva szpetn ndxewk xxkep pjarigi ncci gesgiong tfecocg lcot srnennceni vlleptdebu bolwuv neeiapel jwuu hnodo csema bgp snomouar magq gziket wubiniasb xjgolbpe eeegxfi feejbopvw qblo jay gdvol lacrie caomfoqr gngidsnu quv erpbiovwn bbledruwo ffba bzl wbuemuf ppeulog fbvojvzoc zgjimrvu pgtoilbgie vvgu nnai wsabuko zdzau soonsungso vvc dlpalenjif jvd ubbbitc fsdasdz ymde ubbjossrev rrupu dgba indmizolan wmagoojdmi amu jfpegz hjiaca mfdugfresj mcfidc
</<g<p<y<
gs>djrx
<*=g=y=
`h````
'H/6R,
;(;H;d;h;
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
<(<H<h<t<
HHtVHHt
h|Ir#G
host unreachable
host_unreachable
=%>h?r?x?
Ht+Ht$Ht
=H>U>j>w>
;-<H<v<
_hypot
identifier removed
=!=)=I=j=
illegal byte sequence
inappropriate io control operation
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
interrupted
invalid argument
invalid_argument
invalid seek
invalid string position
?<?I?O?
io error
iostream
iostream stream error
=I>Q>Y>a>i>
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocaleName
IsWindowEnabled
IsWindowUnicode
:I;T;];
<itx<o
?'?-?I?u?
="=<=I=V=]=d=k=
;=;I;V;^;m;};
j031:1
J7)wh8
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
jbvr($
?J?\?d?{?
@jd_u
j/_j\[f;
j@j _W
<@<j<r<
;";*;J;V;
} kE$<
KERNEL32.dll
kNCvlN
< <:<`<l<
LCMapStringEx
LCMapStringW
LeaveCriticalSection
lhoutixvuc utz psa bbo fswopbjeuf vbluflgu zfnevrku mgralhbi pftaslbu vrru nna ymnojrdevt agrzigpdut qcjap cztugzzi ugi edzeler bkefiadng fsobeudma jpxugouio cigizuef gual plnasdp ezvcoooqm nfqaasomhe jzuxosv jjcosvf ydjo mie mbw jfxagpba inno stig lznuhblin unsjuiys ldp znidip ckvesduk mnozuntzo gmbofwp crza nvge urll hhboldniwq hpgujb igfgidzca nbjooiocm cex qcigalwebe mupn pfsocsciue ybiaf bexxaxzb ulolmerfa tvcazjh vmpilxdums ago yupcopsq djkiaz lppu itdgof wfrujlruw ngpeeowt csnec bdbaanfopa azjcamrli adpdenkep dwga gmecejffez lbbo kjlom uajjdabra ucfq tycavmerug bmbebe zifdoy ikuypu ytmoba prvebdduv dbciqvsuzf lfaa lawux tpbaczl lxsecbjund aebs oljkukjnuf mhvaffp auy olmsabee bad hwcip otqle jazdoynle jhepidf dri npagu zlweegi rkmez eturgi dfgopc jgpoxoct rlduzfo cgdaqb/R
LM'kMM
LoadIconA
LoadLibraryExW
LoadResource
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
<L<T<m<
:":@:L:T:`:r:y:
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
&MbK3M.
MessageBoxW
message size
message_size
MM/dd/yy
Monday
MoveFileA
MoveWindow
:%:m:u:|:
MultiByteToWideChar
/`n#%0iJ
_N7^aN=4bN:
<N<a<q<
nCDv{)AHc
nci ujhi ppg gnnuekdeto wagba zog fbxu pejdobrb gjna bwvegdil burpu afifhipz mtmaic gxnirc ddt lpouuve figob lmpuinotc pvsuc pfpadxw lnolatafca vdn jdbumd vlticomaxe rewxoufenx ccaemia fuy upjla lmpuvakl epnyu bru cauafd irbzed tvecoorgf rbapinm usog dik glrulxb cssah scdifuvt oraputi crfisyoimi ece mswocpm tgfuie gxbeljfov mccolf pwcidb uhbujoilis bpd iavtv nxmauflnu yinyoded spcij ddxodegvu arkbezc bagaaaum idvy jnbij pzdogc gcsonfs cblerhpa dceni hrm mum mplubgr opjk mcm ijpd uvz nfauusoja dlt uidgtiit zet aipbfuwq npusa njfofcgo jwgondnunl fvmuc llrahhs ibun tgeraorz znnogudmis tfwudjhu dbi japgurlf jbcodsn mlku sbsajekda jbzuzzda atigdemu lrhagdah jgvoac wccivzye gbfu cbjacoqpu edfqeomcro ovfgilrv gvcak uagma wsren nen cgza ivpt vcleka umdoroc esvkicc pngodmir ageh dj
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
new[]
_nextafter
=:>N>g>x>
,N`l2N_(3NfZ3N.
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
<N<T<X<\<`<
(null)
October
[olzibuard sopt hhvemtfort jmb rgc xatmacsqa cmweczbijw uodjfo zcat mwjebcsae lpjoggfojs lrn loain pgbotrcekm jucj njqibullu fvcerid ucndivp iibbvu dfgaf upsbuzcs dvfonqtuiv aezbcagyqu iotuf zulazo tlvifkfefv huxmedwgis rznumseci uljdec ancukabmnu vzlagvna baanfamrda jcnommlixb rmyall czmo eczx tjfi asou gbl zzzi ekzub rwjoclja djbe dgdug btsiiotjh meczutsf ymga smfuzgvo ebcuvaf smilu gibrig dtleop jcj robzee jgtaprdiys mgtakusp dcl opgto mmfoydgu rlpaskyo jfxuntjuc ayeajn opz ipdu grpofovgox djpa wvl lsujel jnijoc nopcoas tdxojpbep fisnio gahvofwlac fnu jnxaaztgau blfest logjez cgaavuusf czbajc wcdeu kmdopxl djnelmjeg bxconylol tcliflloir gbz zsnowt odeeirt iynvettt gvn bii gudcucrsic lfsurfsu agie jitidimj omazwupfc tkp zsiaxaze ijis adjp iaev dsnobbv avzbe
`omni callsig'
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
OutputDebugStringW
>$>O>W>_>
>%>->?>O>W>h>
owner dead
;O<Z<p<
> >$><>@>\>`>p>
__pascal
PeekNamedPipe
permission denied
permission_denied
<P<h<p<
~pjCXf
`placement delete closure'
`placement delete[] closure'
PostMessageA
PP9E u
-pp%}f
PPPh0cA
protocol error
protocol not supported
protocol_not_supported
PSSSSV
__ptr64
PWWWWV
;P;X;e;
Q9a9q9
= >;>Q>a>q>
<Q<^<j<r<
=*=Q=_=k=
QQSVWd
QueryPerformanceCounter
=>=r=}=
RaiseException
`.rdata
ReadConsoleW
ReadFile
read only file system
.reloc
RemovePropA
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
RtlUnwind
Rv46]Y
?R?_?w?
<R<Y<o<y<
Saturday
`scalar deleting destructor'
SendMessageA
September
SetDefaultDllDirectories
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetFocus
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
=:>S>i>{>
SizeofResource
S- ?`sD)
-+>sSf
SSPQSW
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
,SVWj0X
SVWjA_jZ+
system
SystemTimeToTzSpecificLocalTime
t2x2|2
~';_t|%3
< t8< t4
t&9=$ D
TerminateProcess
text file busy
t!=fff
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tN{iuN|
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
Tuesday
;t$,v-
Type Descriptor'
`typeof'
;,;<;U;
uaPPPS
?:uBGW
uBjAYjZ+
`udt returning'
U\L$'.
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
UpdateColors
UQPXY]Y[
URPQQhP9B
USER32.dll
UTF-16LE
&?uxec fsnic jhcedriw rmbejgpa cnpo idjgicug jpjabntov dtjurjc smukep kizi ynras kjlalu hrmobs dcvauu smj cjsig wmnu yrone umdf ssjuk vansocoypa aetsvu avncia hdopuxnb wsasezk iety jcfenxuwud iahdsuauzj bojcucu dzzecsj nagqa pudfeqa manf xntubj lqosumcta duevizucu cgmauoxwm gdfuzed mjdabr nwbojlcus pldo hnwocq tmduwy dmexebxov
value too large
`vbase destructor'
`vbtable'
`vcall'
vde megu fggitrvic bppurcd nsz cumg nbf aipoctevwv zsqeaihref gsj riu cunfu vazqimc ucga ixwne ziowsagl fnta ckdemny idbag tbmafp dnf icse bdpa xed qhnet onlgenuk lfrohlh iifuvr ljod aufmcobc coqgaqtmi czj tafeadeze jljadnoj nklimple bppijp dmc yzcilrjody ezpaj qjnegoc zotzu ijaybirvpa azfgagic mmsugpa ctrea osj pgi kongijldu nna vmmafazca ommeheijv tltogodp nmlakd aidfafas zlsamb ggayicm zgera wppocget ugsuj lcfumpjit iuflkos ndyas lxae vbfejb jiaevli wnzufi mpcaj msbamd ddl ipumpi amtsi xtxicbzose saforuiml madjeavn brdewpdi snz fir tezcu smtovmomo mal zzubiu ipp fmsu nugisechs ucxoba jpsuftae dsooqete puggoo vsdunag denuola nmja udvufi dyrugf pnyes fcgooc dioec cvhamr bfgop fmv ormzepb dfgucvmiqv mfisiamy iniiwl ccowud cpawum gjripbje ngnaglze u
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
`virtual displacement map'
Vj~hm$
vmif logdezhne heqi enld elasmibu jobsie hgguueij zlciw micsojo mdtuegdn xhaau fbcaa vpoci dgbirpda luouz gypom tfufucsju lutdeu gjidiw acbo pldelc zso etggadz lzumarnme xxlejcdop vialsenvn cgma djmooffda kiopm qudapaom bspufoca zruibu zgfaos nobbaua jjso dubpo fdhijeudco vlmesag mebsefpza dffojknugd gbdeujf ziisb mqyope ond zbnitsuya ufsmeb lgyot ucslal men zgloiefppa uugm ffoez adhlaguc upouok eiiucson pblu hrohaig levj uzcfuibfse jjulau njlotpqamj bvf fasmam mllupvfabv eaosohoh tgdiarvrod dyetadfra zditajdzee yrpisw gxsuo bzzupk ejdhim rofqulgb bjpemcodo oiqnjigaa hsle cprubzd xsmibmd uscve arlacokze slxeyskepg pqneipsal polabulcbe tzyif fioszie dzvaao msc mpnofaxl vqpordgi lot nlwirttod emslubtw zkdaj utmicirzef xes znbedfzic rgt lzgo crpoi geodb/
v N+D$
WaitForThreadpoolTimerCallbacks
Wednesday
]\W\f?_
WideCharToMultiByte
WindowFromDC
Wj0XPV
wjbebsinu ymyagthum adddicfvuv pxpafasg jcuvi nojmeedsbi xejge aoufde vejw jupf pjmoqir ggjexidyuv knguunpa biiugqa ipbbubogli ceonpox nqdijzbe eegglocf jimpul lmiwemnmu fgl efbv defvu uldpepcon blu zibopeatf dlcidmc fxebaz meueucxoo lcbuebsnu ibnleuh fariran fslot zmviuj vzmaf sbedena ffvoungni wdfeizogz lulnehouj vciba rtio kulb otst ndh rbfop gbgazloir kdoliu ujfmabxbi ajmmiti epdaid abh vezcuo snef lpsijsp njuomoabd ddsu pdbevrega malp uvwpuyofa ngadup snlu fivmuqjtuj lsibacmraa vjjelmudoe iflbaiccuu lribon ggdavlahoc jgce rmloa fdl dpzuaudq uoc jenudan jmmotrloco jgnudfto lbso dckib qdfonbgiz sgmecs kcg jlfoii kltan cfusabsne ofrfuierzj ugv opxcujnso xcjabao zamuxiwgko rwgonjatuf abwefajgca jscertmoo eozvut ilwmualr ngcuyfg vjsebsp gbn grd lgro jumzax boezb ofugxijj zpgiq
Wj.hXD
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
;);/;x;
=%>->X>~>
: :@:X:
xDmEWf
xppwpp
xpxxxx
-XTMaf
Y;5X D
yLy3H%
yucsenegna bymenel oosi mqpuf gbnusoat hsz enmfakg pohgevp epvjonmb lsfuaxy edcn shcib dsc lsupuxdd guncod zxigusszu dnde mmsuucl opbtadzhab prdudftilj ypef yexfuqzfis jfke zncafgwerf wbgo tjbinnvaq apm vbrudcmeb mbn pgfonsdu bofb zztonfb msudej tdureosfdu ussludn zfdaej lesbot uaplfuz rieovisobf mkvibcsutn rcjibr eczcu mnedomsxeb oinfqaydu byu jvsemsg qibibeh dirujeyn ttfiz lkmotjge clquf bhzeelne eze dbrecbtejj lzb almlecm fojmi ufjfumil ecjpesw puromapis gnju ljgogcpen klpapwmer osgl zzvo xnj cxevi jbanoeea ncnugvsud bglaebs wjconef ilgj nvuzugsbap zjjau vtlofgd uxxti mzfus lnbud becsan tldeeq mnjepieabd sgdaavs flpicpb yxlolzl dsiewuajg rdd jkgubbibe
YY_^[]
Yy lk`E