| Analysis Date | 2015-05-28 09:01:16 |
|---|---|
| MD5 | a8675d8555099637f0491e7ca990c3b6 |
| SHA1 | c3745651b34ca60812900c876dffcf0af86599e9 |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: dceec2751dac8a901e7f7b247fdde771 sha1: 092439827d7306ddcf6796cb8850a4f0d272bcc3 size: 196096 | |
| Section | .rdata md5: 8d97312e4970d66d7975b3436bcafcc1 sha1: 85ec9e0f52ec248f91f9993adf5c3ea04d77c688 size: 52736 | |
| Section | .data md5: 91052329fa002d326af35a6dff0c5ca9 sha1: 16859fcb31657328cf0b0e2d14e84381071e116d size: 7168 | |
| Section | .reloc md5: 07a5ffded7baa0982c73cf11e6e540d5 sha1: 1ffd9cb1ae96de429c3a3c2fc342cc2872254a16 size: 13824 | |
| Timestamp | 2015-04-29 18:45:05 | |
| Packer | Microsoft Visual C++ 8 | |
| PEhash | d4841ee1cf0850b8a4ce4e1381023346d1e45e04 | |
| IMPhash | c25eb2383c8ea96435d2a6030cfd1853 | |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\mplipcpjpy\fhsn1kx1kwcixqnbjmpc.exe |
|---|---|
| Creates File | C:\mplipcpjpy\jla2dqr |
| Creates File | C:\WINDOWS\mplipcpjpy\jla2dqr |
| Deletes File | C:\WINDOWS\mplipcpjpy\jla2dqr |
| Creates Process | C:\mplipcpjpy\fhsn1kx1kwcixqnbjmpc.exe |
Process
↳ C:\mplipcpjpy\fhsn1kx1kwcixqnbjmpc.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Window Cryptographic Firewall Media Font ➝ C:\mplipcpjpy\cmgrfxpmp.exe |
|---|---|
| Creates File | C:\mplipcpjpy\snfr0yspnq0 |
| Creates File | C:\mplipcpjpy\jla2dqr |
| Creates File | C:\WINDOWS\mplipcpjpy\jla2dqr |
| Creates File | C:\mplipcpjpy\cmgrfxpmp.exe |
| Creates File | PIPE\lsarpc |
| Deletes File | C:\WINDOWS\mplipcpjpy\jla2dqr |
| Creates Process | C:\mplipcpjpy\cmgrfxpmp.exe |
| Creates Service | WWAN Collector Discovery Remote Firewall - C:\mplipcpjpy\cmgrfxpmp.exe |
Process
↳ Pid 804
Process
↳ Pid 848
Process
↳ C:\WINDOWS\System32\svchost.exe
Process
↳ Pid 1108
Process
↳ Pid 1204
Process
↳ C:\WINDOWS\system32\spoolsv.exe
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
|---|---|
| Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Process
↳ Pid 1856
Process
↳ Pid 1124
Process
↳ C:\mplipcpjpy\cmgrfxpmp.exe
| Creates File | pipe\net\NtControlPipe10 |
|---|---|
| Creates File | C:\mplipcpjpy\snfr0yspnq0 |
| Creates File | C:\mplipcpjpy\jla2dqr |
| Creates File | C:\WINDOWS\mplipcpjpy\jla2dqr |
| Creates File | C:\mplipcpjpy\joek2lm2 |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\mplipcpjpy\txzmudmuht.exe |
| Deletes File | C:\WINDOWS\mplipcpjpy\jla2dqr |
| Creates Process | tuvldrgtbpfo "c:\mplipcpjpy\cmgrfxpmp.exe" |
Process
↳ C:\mplipcpjpy\cmgrfxpmp.exe
| Creates File | C:\mplipcpjpy\jla2dqr |
|---|---|
| Creates File | C:\WINDOWS\mplipcpjpy\jla2dqr |
| Deletes File | C:\WINDOWS\mplipcpjpy\jla2dqr |
Process
↳ tuvldrgtbpfo "c:\mplipcpjpy\cmgrfxpmp.exe"
| Creates File | C:\mplipcpjpy\jla2dqr |
|---|---|
| Creates File | C:\WINDOWS\mplipcpjpy\jla2dqr |
| Deletes File | C:\WINDOWS\mplipcpjpy\jla2dqr |
Network Details:
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2067 : close..Host: g 0x00000040 (00064) 656e746c 656d696c 6c696f6e 2e6e6574 entlemillion.net 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2064 : close..Host: d 0x00000040 (00064) 65677265 65686561 72742e6e 65740d0a egreeheart.net.. 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2067 : close..Host: g 0x00000040 (00064) 6c617373 68656172 742e6e65 740d0a0d lassheart.net... 0x00000050 (00080) 0a0a0d0a ....
Strings
C
gt2We
sdecan
"
\
.
\
.
e
.
00-+ .
-
-1
+-0-E-
-0
\
.
0
0
-
000
-
.
..
p$
u
2.exe
- abort() has been called
af-za
af-ZA
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
.bat
be-by
be-BY
bg-bg
bg-BG
bn-in
bn-IN
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
Cja-JP
.cmd
.com
CONOUT$
CR6002
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
DOMAIN error
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
gl-es
gl-ES
gu-in
gu-IN
((((( H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
is-is
is-IS
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
Program:
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
? ?@?`?
$0(0,0004080T0\0d0l0t0|0
0#0(00080L0T0\0b0o0u0
0$0,03090N0[0g0t0|0
0!0+0A0K0c0s0
0 0/0J0P0m0
000P0X0c0v0
0+0>0X0`0h0
0(030>0_0
0-030F0_0m0
0,040B0G0V0
0'050@0d0s0
0$050U0
0)060L0^0u0}0
0/070>0H0U0a0
0:0C0N0Z0j0o0u0}0
0(0H0h0
'0,0Q0f0l0v0|0
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0:1E1`1g1l1p1t1
040;0K0
041@1P1X1d1z1
>,>0>4>8><>@>D>
: :(:0:4:8:@:T:p:
>(>0>4>L>P>l>p>
>!>'>+>0>6>:>@>D>J>N>T>X>j>
070U0\0`0d0h0l0p0t0x0
080L0T0`0k0s0
081H1P1X1b1h1r1
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
; ;(;0;8;@;H;P;X;`;h;p;x;
: :(:0:8:@:H:P:X:`:h:p:x:
:0:8:@:R:
!090H0P0W0p0
>$>*>0>b>
0C0R0Z0e0q0y0
0C1M1U1k1z1
0Cjhooj ldreifurg fvosucvze jobcanjx elndul kfgoub waimfiaj frp iggyed tpdeprs fem jtbagnzudu odtgu sljurdalij zjpeemsci ggmeb suscikrbiu sbo ktgitld tzr dlcavb pcraatn mpdi ktnof ljma anesg bagnixugpa pxfuzmlesj cryujdc famnilws cbasunwco qiluj tlgevimbic qviimutr iodpbi olfaobetc ltsapge cgmivspeg scnan mbnejj pvmob dmsa bncoazng fspe sgceia mbxejgmodp dbmal jlye ibavcudcv bbgeufgja awsku zotpajdr bsacenofla nhga lilofae ticgihmie mlcujluj zenareaq vymuszleu jpufi zdcu ufdcuj lqoecufum bvcokkacu zbbiazbuc ubav rcpoaj cmdi wxmokxb vln mceiaivoa omu lvciz fupbeszhu asdfazbxun ddy gsuob gijdajpe chhopvleps wefd xvfivmgexe zggi ohiuvum tsapizim gtvamzot fzbou iod g
=0=H=P=W=]=k=x=
0I0Q0Y0n0
0J0O0s0
0K0S0[0
: <0=K=a=q=
=(>0>=>L>T>\>q>y>
<0=R=X=}=
<0<><U<s<~<
101F1\1d1
1$1,141<1D1L1T1\1d1l1t1|1
11191B1
1#1=1E1M1W1_1g1o1v1
1!1)1J1d1
1+1>1K1s1{1
1,1@1T1{1
1#1/1X1_1j1q1
113B3V3e3
1,141<1D1O1c1
1!171j1
1,181C1U1c1x1
1(1D1W1]1v1~1
1&1F1Y1
1$1J1^1f1n1v1~1
1(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
1 2,242A2M2U2]2c2m2s2
1$2;2S2[2a2j2
1&2D2L2
1@2O2[2w2
=!=%=)=-=1=5=9===A=E=I=M=Q=U=Y=]=a=e=i=m=q=u=y=}=
161<1G1P1]1d1s1y1
=1=7=D=V=j=
;!;';1;7;I;S;[;a;k;s;};
181H1Q1Y1q1
=1=9=A=F=L=T=g=m=s=
>#>1>9>A>M>\>p>
?!?)?1?;?C?K?]?g?t?
>$>1>C>P>a>i>|>
?,?1?D?]?e?s?
<%<1<;<E<S<h<r<
1#QNAN
1#SNAN
=|1Wj#
21292A2M2_2g2o2
2,2024282<2@2D2H2L2T2\2d2l2t2|2
2%2*20282=2C2K2P2V2^2c2i2q2v2|2
2$2,242<2D2L2T2\2d2l2t2|2
2-2;2T2b2{2
2+232;2C2R2\2}2
2)242>2F2N2U2]2|2
2#242P2y2
2(252?2Y2k2y2
2)252M2
2^2d2h2l2p2
2.2D2N2T2_2
2*2E2`2m2
2?2O2h2
2*333<3C3L3Y3b3z3
2*3<3V3e3m3{3
2/383`3
2*3E3j3
2@3M3^3
< <*<2<:<B<
2cUW&%ov
="=-=2=e=m=
=2=F=N=V=f=w=
;%;2;:;J;a;
2k3l4|4
=*=2=L=
;2<L<X<
;&;2;N;V;^;
2Q2]2h2v2
>2>R>k>
2V3\3n3
?"?,?2?>?w?
2Y2l2y2
303J3X3q3
30S0]0o0
31393A3L3c3w3
3 303@3L3T3`3
3&323:3B3M3g3n3y3
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3!3'3/343:3B3G3M3U3Z3`3h3m3s3{3
3&3,3;3B3R3X3^3f3l3r3z3
3!3)343
3$3,343<3D3L3T3\3d3l3t3|3
3/3:3E3U3x3
3'343<3D3L3Y3x3
334;4B4R4)5v5
3 393G3`3y3
3'3c3s3{3
3$3h3v3
3 3L3Q3a3g3t3
3)434;4C4K4W4_4g4w4
3!4@4H4[4k4
354W4b4
373A3Q3W3{3
3d=h=l=p=
:#:3:G:g:o:
?(?3?H?n?v?~?
<!<3<<<L<k<z<
<&<3<=<M<
:3;@;O;b;y;
;&;3;@;];x;
404K4S4[4c4t4{4
4!404<4G4O4\4}4
4"40474D4M4n4
4&424>4F4U4{4
4&434J4[4w4
4 4+434B4L4T4\4d4l4{4
4)4.434J4
4'4.4<4]4
4$4,444<4D4L4T4\4d4l4t4|4
4 4$4(4,4H4L4`4
444?4G4Q4Y4l4q4
4#4+4?4M4Y4a4
4%4:4B4J4W4b4
4*4<4Y4_4i4s4
4)464B4
4+474~4
4"484Q4i4
4!4b4l4
4!4L4X4_4o4~4
4:4N4V4^4f4n4u4}4
4 5B5T5g5u5
4!5F5O5T5a5i5~5
?$?4?:?A?}?
;-;4;B;Q;t;
<&=.=4=C=K=V=j=
>!?,?4?D?P?[?v?
4e5o5v5
4F4^4w4
4F4V4b4j4v4~4
<"<,<4<I<q<
>$>,>4><>J>P>^>j>p>z>
;&;,;4;>;L;\;h;v;~;
<4=M=b=t=
4N5V5o5~5
4Ncageegotg aaielqo glpulu vcceg olmici qtfe iogfjold pjujun cgaba kemlu sjxocf beocgefrp mjvujdfadu btcenw mlrej mce ajlnoanp aqfsijo fjebodbba fpz dfjileba sgmap gysa yybekozjo oangpiuu effqenfqu agfiluawgt busti sensaddhul vofc tzpagf mkzasgofal jollo vsm usbfuupb gsrupylelf dnlur dlzotel ejffo wpkool lggilfmelu edd jgdevklau fkseplbi hdmip pegg tbsovefda pijnade ssluztga ohpcas tjle nvubuxnl cbj egryeme usighe fjmadabic zzfiebxvuj paatit trxinvg fota oma tmdubao lmpiq sdtu yojridzsea ylofinlno adbcuetov monlepjl zdasubhf jdlojabfu brmipojpo qnadourano ucd qtoiiine txma cpmubxibaj zljeszcarf ljqush injil ouvsd jqdudbqau zamtigfg mfxu ltluoam cuftivbr bxcuf mozt gpnod o
?&?4?N?X?`?q?
=4=u=}=
50A0j0v0
5%535@5E5P5V5c5j5}5
5%545>5F5M5Z5q5|5
5 5,515
5$5,545<5D5L5T5\5d5l5t5|5
5"5'555c5
5%5-5[5f5x5
5&5.565W5c5p5
5(5>5i5
5#5/5z5
5 5A5^5
5'5A5G5O5W5b5n5w5
5)5C5[5c5k5r5z5
5%5E5P5o5z5Z6v6 868
5!6)626
575>5D5R5X5m5~5
5A5U5~5
5 :D:p:
;5;=;E;
5F5N5]5}5
5F5N5V5
;%;5;J;W;x;
5O5a5l5s5{5
>$>5><>O>s>~>
5Q6d6l6y6
5R6Z6e6~6
?#?,?5?;?S?[?b?u?
>5?U?y?
=&=-=5=V=\=b=p=y=
:&:.:6:@:
61696A6
646<6J6k6
6%626G6Y6~6
6$6,646<6D6L6T6\6d6l6t6|6
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
6#6)6/6T6~6
6$6[6c6o6
6%6<6D6Q6g6
6%6,6J6
6$6<6L6P6`6d6h6p6
6'6-6O6z6
6!686\6j6
6*686@6J6P6
6*686Y6x6
6,696?6J6W6e6n6t6z6
6'696D6K6f6s6{6
6 6E6Q6f6z6
6:7f7n7v7~7
6#7H7T7
6*7n7u7|7
6-7q7y7
<-<6<D<T<\<p<
6F6N6V6q6
:/:6:=:F:\:i:
>">)>6>I>Q>]>y>
;#<+<6<L<Q<w<
6lwMNI5&
>&>6>>>M>h>
6V7[7m7
=#>6><>z>
:.:6:?:Z:
=7=]={=
757J7R7W7]7f7q7z7
7$7,747<7D7L7T7\7d7l7p7x7
7 7,747<7D7V7[7z7
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7
7%7-797>7F7d7r7|7
7%7,7A7V7l7
7-7<7C7T7b7m7u7
7(7,7D7T7X7l7p7
7'7=7y7
7'797`7h7u7
7"7A7Q7u7
7;7C7K7_7q7
7=7I7a7
7?7I7W7p7~7
7:7U7m7y7
7*7X7^7f7
7#878Q8e8
787K7]7
7@8J8l8
7!8J8q8
:-:7:C:n:
7d!awg
<+<7<?<E<M<a<o<{<
7F8L8R8c8n8t8
=,=7=J=W=`=
:7:U:e:
:7:U:t:{:
80888@8G8O8h8
829G9M9
838=8E8J8U8d8z8
848N8^8{8
8*828:8H8Z8
8,828S8
8 8(80888@8H8P8X8`8h8p8x8
8"8+848<8J8R8
8!8+848N8X8f8
8"8*858A8I8X8e8m8v8}8
8 8$8,8D8T8X8h8l8p8t8|8
8-898R8z8
8 8D8O8]8c8i8
8+8H8M8S8a8
8#8I8e8n8
8 9T9\9f9
?&?.?8?C?]?m?
:,:8:D:P:}:
8E8W8i8
>,>8>E>Q>Y>e>m>u>}>
<,<8<E<R<b<l<
)8h kXr
=8HqEL
=)>8>?>J>Q>X>^>b>
8T:m;x;
;8;X;t;x;
<8<X<x<
9):0:8:E:M:j:~:
909g9n9
9):1:7:v:
949>9F9N9h9p9|9
979U9\9`9d9h9l9p9t9x9
979v9~9
9*929@9H9P9X9_9n9
9'93989@9i9{9
9$979K9Y9e9s9
9 9(90989@9H9P9X9`9h9p9x9
9!9)969I9
9'9/979C9M9k9
9 9(9-9<9D9O9c9{9
9-9:9B9N9[9
9-9=9K9
9$9<9t9|9
9*9D9U9a9k9
9.9L9]9c9z9
9aQp}c:S
9(:E:c:x:
9::E:`:g:l:p:t:
9>:H:c:m:
9j9';#>L>Y>_>
9K9S9_9g9o9
=%>->9>L>S>]>e>m>y>
9R9n9z9
\)9u9R
& ]A56
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
Ah!Ksb
already connected
already_connected
AreFileApisANSI
argument list too long
argument out of domain
<at-<rt"<wt
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
bad address
bad_address
bad allocation
bad exception
bad file descriptor
bad_file_descriptor
bad message
Base Class Array'
Base Class Descriptor at (
__based(
bdnieqljaf fndosl fduyupk omyjaa dlumo jqbasb rugsivcia mms uxo raglaoba cbpebsirec dstasbj pfzaubdzu myca lpa egbl jio uaj gfdatdisu eljpavu gmg sleudux tlqujkd vor xcdai pfci bpmi zzueiex fbog fbdanrtag fumluiecfu paean upufcira bvabeacsc goxelavofj salfavenv mncaldicib esrginm sddusocpe mlnefz ant poesmu sascenir rvusepbjel ane dkdez uql tsbipasx fawjefxuz bvpivaaoj ofzgev oaakj jlqifi qefcabvge ouamutlooa kjtugtzep uzubhu xzraan gmfeote yrmib qitudedpc kldo toiuakaqe dlt mczijyton mnemecrfe mlfeereete sqomaeoy gpecutbga vmeusu codru ifsjept scpewa tbopac dgzubdi craso gydozbzecp gmwat pdmuog aoouatas ltizek bbmulie nopyu erjgo gxtenh azcbaoumd tisdujfw pijpiqyd sgoacicj daqcegyn nbcatsto cprileld bascerddi xtzocfm aiwflicdgN
b-e;B!
BeginPaint
bfloyldup gdlipjw sejlornq lyjuobh bgpitzlivv ibafrog lrcegd kigper buln gpvugdp poysivkg ecztadeglo lmdefuguj rya oxxru ecndat gjbejex sflus bhfiglc gobgu odq bsf mrkoll kcnivamyir uxlm ejgfinmkuj wdodaktca pung chpeb zifnuo bzdocqco opgowubsh locgenscu gyeuob tjpuuer bvzoifrt igjfu bqeri emsdawbbuu iiscvoi gcneo simneceiss vslua zpsoq sjpifzm saptukdqei myviiwbrew nehvifj fjqommq vrifedgn esbmafgp nuaintojrc dltonf gubwu tajx hpno kzdedvugap occioi olgf wjac bjju eigmji umltoe fajdecfz hpf lib dbo ncdohv grliwqip ddujic wozxaihdo fxbald ehdpubzmip nshitayise zuuaani dfreche nbea clnuthfutb eel uibmagilcm ulpaon mlfamjxio lpcorjp vbevejt vwapirpde<B
;.;b;i;
?"?b?m?
broken pipe
bWWWWj
:+:C:a:i:q:y:
CallWindowProcA
__cdecl
Cdjiamopjte evp ldaxap jhfiistfo bsdiujco vtn vlc vugm eelctebka fggegogfac bmpicvq ryjezben dllaedr rjcasnfaec vdlenhb gevfudgey owu fjtox vdzipijok iemzse fjsaucn pdacasbdar zwin epejlidbna fjgafv hbi lmje aif cbeveypuzi upm imeuv vwbu eohatfiplb ficdaxlg cajgepialn lubg mtwump pwdagll fnsucamcac onlpec iycmicx geos ivdsur dcniht xffe wjr lzlecntuj vmjaobhav ezyi cicn beodwosuz pcjojw lhv azcdigbefu pujcelciso qfnibjmi dnuvi dnbazgfud nzb dcafempp mpjoloja pjruutcpem icrx wmrefrcisu lssel ddjemeyj ledru ytjozj pau ybcoa wnvuijzhe jjuafoclil fzefujb cpbo lznobassol qbgezumel pcatui ibqbozo rvmoyvoju vmuiugo zidqumum jchafdb uunsdup ftzagj votpajdomo gfec cwsupq bqgob bzm xbzon ngcof npcenad lvbilbd ffrescgoad iii
CheckDlgButton
>#><>C>H>p>
:-:C:I:
<#<+<C<J<Q<W<b<o<
Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
CompareStringEx
CompareStringW
Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
CorExitProcess
CreateEventExW
CreateFile2
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
cross device link
>!>C>S>a>n>{>
Cvy7@0
C^xeqP
=*>\>d>
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
delete
delete[]
DeleteCriticalSection
DeleteFileA
destination address required
destination_address_required
device or resource busy
;^;d;h;l;p;
directory not empty
?D?L?T?b?
=D>L>T>\>d>l>t>|>
< =(=:=D=N=a=g=
DrawTextA
`dynamic atexit destructor for '
`dynamic initializer for '
:!:.:E:
__eabi
E%=aqNYt+
+ebDMjL
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
<E=L=r=y=
EnableWindow
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
EnumSystemLocalesEx
;*<E<Q<`<i<v<
:&:E:V:[:a:s:y:
executable format error
ExitProcess
__fastcall
February
file exists
filename too long
filename_too_long
FileTimeToLocalFileTime
FileTimeToSystemTime
file too large
FindClose
FindFirstFileExW
FindResourceA
^>@!FK
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
'f]QVf
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
function not supported
GDI32.dll
generic
GetACP
GetActiveWindow
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetCursor
GetDateFormatEx
GetDCPenColor
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileInformationByHandleExW
GetFileTime
GetFileType
GetForegroundWindow
GetFullPathNameW
GetInputState
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLogicalProcessorInformation
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropA
GetQueueStatus
GetScrollPos
GetStartupInfoW
GetStdHandle
GetStretchBltMode
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTextColor
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersion
GetWindowLongA
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
G+(+{M
=:>G>r>
>G>R>X>
`h````
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtVHHt
=(=H=h=x=
:+:<:H:M:Z:i:v:
host unreachable
host_unreachable
: :h:o:w:
?$?H?P?
=:=H=P=g=q=
;?;H;P;h;t;
Ht+Ht$Ht
>H>Y>m>s>x>
_hypot
-^$$}=i7@*|(
identifier removed
illegal byte sequence
inappropriate io control operation
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
interrupted
invalid argument
invalid_argument
invalid seek
invalid string position
io error
iostream
iostream stream error
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocaleName
IsWindowEnabled
IsWindowUnicode
='=;=I=t={=
<itx<o
{iz?~4
;,;=;J;
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
@jd_u
j/_j\[f;
j@j _W
:#;:;@;\;j;p;y;
>J?U?_?g?o?
=!=)=^=j=x=
} kE$<
KERNEL32.dll
!khdTu
;?;K;m;t;
<"<><K<V<w<
<?<l<{<
l&4];z
LCMapStringEx
LCMapStringW
LeaveCriticalSection
Lk(6Ie
LoadIconA
LoadLibraryExW
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
<)<<<L<R<Y<f<m<s<z<
:";L;T;
+LUJ*D
;&;:;m;
<m4KhrNY
<Maa?MM
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
message size
message_size
%mJ+X?
MM/dd/yy
Monday
MoveFileA
MoveWindow
>*>@>M>T>m>w>
MultiByteToWideChar
:m:v:~:
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
new[]
_nextafter
NNt2PN
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
-NUFtf
(null)
|O2{,9^?
October
{@OGCI
`omni callsig'
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
>O>U>[>a>g>m>t>{>
OutputDebugStringW
owner dead
__pascal
PeekNamedPipe
permission denied
permission_denied
~pjCXf
`placement delete closure'
`placement delete[] closure'
\%;pM5
PostMessageA
PP9E u
>)?P?r?
protocol error
protocol not supported
protocol_not_supported
PSSSSV
__ptr64
PWWWWV
p,"=x0
>:>P>X>`>h>~>
pxolulzj dsfi edmcujwha pgjaallr gnnipnc boym vrhovappa fuzuuvelpi idmfa jmejib jlozerjtog upc bcnueuqcki lcduugeuia ijmtur kouaslu vgbo uldlusssu mmvukiscid miwdatvb iggajiibx tldimlou fgroooa ebrw isevcu bogj ienhgodpdu ssd vfto vvgegt dop pof fnb lemnove uovnlam ybbevj ljruu buum gfz dpadina mhesiten mapgosbcuz uhdsezcgo drhu sdgacsy wbn vpgujl ecorq tuj czimagmw relene cac rgebad jowabed leabza fsw nziobavcp fko bryutezoca ndneqs bab sjezagjono dvdedfdevw aggreikm misxoikg twjuzfgec nojcafts slr efljavovr blviztbep ogijewec faoi lvuxis mufmunm qdc kya mfsi zfipoxt uardjoajj vidbuegqs uqcef trfulq evknajj dihyillda fcjasm gbmayefva sibfeij gbraeg
?(?Q?~?
>->?>Q>c>u>
;Q<\<q<
QQSVWd
QueryPerformanceCounter
RaiseException
`.rdata
ReadConsoleW
ReadFile
read only file system
.reloc
RemovePropA
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
rJZwwL
>?rR=d
RtlUnwind
=">?>R>Z>b>}>
Saturday
`scalar deleting destructor'
SendMessageA
September
SetDefaultDllDirectories
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetFocus
SetLastError
SetPixel
SetStdHandle
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWindowTextA
SGS5q{
ShowWindow
? ?*?@?S?i?r?~?
SizeofResource
SSPQSW
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
SVh oA
,SVWj0X
SVWjA_jZ+
system
SystemTimeToTzSpecificLocalTime
:S;Z;|;
T2X2\2`2d2h2l2x2|2
~';_t|%3
< t8< t4
=#=)=T=b=t=
TerminateProcess
text file busy
t!=fff
T'Fx*I6<
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
Tuesday
;t$,v-
Type Descriptor'
`typeof'
U-9Tys
uaPPPh
uaPPPS
ubfali oidaonxod eji amoefzoiv czfem fmlu tedcemsfu dlafenlsao cfzovtju artf ajluquztzu hockajjdie oljnep glcanows pupvitpt avknotu ddo klmeesrmop cbvolaf scvioreba kzcan zss rirlok itacu gylizclamj ldamip iellucoy ajcd eejqgu wbfileqoif edrjecc qlbapm gbfasc slcetjtifv lyiu pulmipnqei grecempnes bulni lle qgir eneijdu uaavhca owtfolm yuhsud vvemoufhz uxkeo jmciod tjbod zjtidjculm vcsasp zlpa mefs imbpaejs jkd dxt hfdav dpxabnho dodxoq dow cbuuekat jatjupwcir zssacs fwh uajo dgiun xbe ljbuudeu splovzada mjfuomdic gsdatpse kspuxbt sdfilmjic nujofe iidvi zrnoaxicf pznean plvokcfisp ksbarma htfid iddrul jlroccjoeq lpvodjpu jldoo cnnq
?:uBGW
uBjAYjZ+
udfnovmlu fgaba ggmes ddcoe olu tpn duaf izc jfne jdbuefb grj tenvefwtu jlfufimogu eln dvas jkgi jjdutdoda idgdal raigdisr oicglaqpli bgbalau cnnez peotziuzbg meexu smjixssii fnm zfeudu njzou enuathu aoaolvfaeo fgm bpl gbfajerp hwlebna axlqupcd orctipids gufgixgoa moegze cpnedrje pcxoctc mro mgusojlim nplesu fgmak pmcavzyu kbiz fiseqedbe fud gch jmr egdpi sdfetijmi gampowlxas jeefjaff cikiweip vvduldtep advdam rusnuvcsa pqcacam epukam anzo godfigcx umzbu jvqivng jtqec lmicuetd peta ahojdirz esao icfpudnma gnmivjeci jxbicsoca lrduklpof woxd kbhu zvgaq dskisrcazg grnif brloabpyoj ffyi cgmumkwalj ivm nxkaqup djur cvraawcs gugsepa bsvoyjsa ulbjuuwvto rfm nlb fpbeps cbdacnfubn zub tansi sjufaoldt vffopzlok zcradmomo dlqechak nubqupea smdozbg dpeqe pbugacy gclorwjagb ujgE
`udt returning'
_Ud~~w
?U`ievotnasgv fnqugcvevm fobvopi oubh nnu weztupbv llleladvat ngdi ujcfobecfe aidsge asahfeulc ixlabucgfi avfjiatfi frgomqnog basnaxplie dpkuumtri vgpicp jbjifeoge mib otcei gelsenbne fcg alflevdaf ypm dlcaifd dfta lnr oin bezpo etdimas enjt ddp sopfogq iglpif eheg oidif jdbacwoein rbciiad jnhea jiumnoeggn pknect jfjoagg ldvu hgfad jllujdzul epz qihmos aaj dsepi fliduop tbborvjid ulvlumjl jnminim occrurq fcqadup jlli vmgex dtrackse czgoff mccogyj jfm vrrufojl tpf urfjasev gctoicpnum wtilevsn tvk bpm yodzu gdfe oeub cbn jafl clhoaiea rkkibgr fdgisegep hza ngce lzxewr pcleemdvov muekl edjlae cfuy qnhiupk npxubbite gtmisdmopm iefxbaaufn zlixeoo wiejqaxl gwvodi fswof lpvoskica ahmyaz nvtihj gzlovyru yffoniqsig rmuya lgosoksi yug tvaluv lfs vmee bcmauf zufenugxna lcnilvpa mwosuwuof pqwiawb csviebvlee bgpi csfe vfzoc
ulgiu wjvuvovl hzi mhapadtfe losvuxfg fvdudlo lginaj fttan ueg lczuapbvem euac orirmuwoj laozmewebh orl sccodkoujo fulpeuluft ovbyudfqib lgeliitf bmgazvmonl kozze vuuz upiieknab jgdizmxeu ysujifstex zhoror rjlef svteppe mfsozg nony lyumalecb lbguovood umz isjdolbgo bgkaj ibsdap jnmucdrag bjejeso ubsraiym ottla cecluufvu ckba fgo ujlematgc umupci czmeljesaw pzlusfa goif gdseinu mlfodij nzesie xcomaahn xggudxla dzf algbogjc sdviarnyi dfwerf gcoqa ddkufnvoc czgufjvur cnniapbdu jlracgm zlvocju pgbizl icduxofsb bpdolr poelzotgm llliifazpu lssufst jav ewflilazl opnco zdtih abjazafsue fliloejgbe ltolibetpa pmzixa pgse zddukzyulg gvdidru kgar ogjraap sfdofn twluinlfug ksfucnsesu cegj dtf xbpihbji cmveytis aseys fsmeluvv tydiuc ebfgo furzof bpjam mem nbcu tfumef mcmiqrmufi pjepuqrvoi jabvewcfom ijgcij dche dbtocnigol rraw fluuaawil cb
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
UpdateColors
UQPXY]Y[
URPQQh`8B
USER32.dll
UTF-16LE
value too large
`vbase destructor'
;@;V;b;i;
`vbtable'
`vcall'
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
`virtual displacement map'
v N+D$
wac icl bulalevixl flefiqb fnl acpzahp sacg zzjiii bumsilzd uul cite susmiic luhqo ssdikdlipg nbjondsif pgt dnlade enilemu drove mogdoyiq twfascp flbe zwnebeb snapouamj nxoufep cneacubi bsza cncijuevde laovl elw ltbiju ppodo vubbekfe bcbers ejeflocb nkjusztume gfcamj bsfiw rvria okjfap trpikumima quuer vfp igxlemgxoc fgda ogrma nvdakeh iccrofacf jemf lpowievpde usvbi mrhex ltapu gizyovxk liabmahn rje jdcuz dbveqkfo gbqac eombnallma nbugohkduc fvlonpojuw qbcuppu fmuziwxr lmdavlere cnga nlpemdp snsuepyye mihxak jetcis gdmaglfu maaoum clmac jsric ztup sbmus zlujev pfmudeqnoi cjcebpis ufz ngohunhcob yeu ofungabsda sls pjp mccev bosmujnx mccukittuv jmr grjebbzozd bljobub qmregfoi zmnu vdsei xoggihkse fjbe tfb
WaitForThreadpoolTimerCallbacks
Wednesday
<&<W<f<
wgsosjmu vxgatgezu dnc mszor icbna zspowzv efa ejpg uacgn mzt wxra ugu nbloded dsdanfxu fulyabj qrhu bsagimztob rsm unmfaoi ssbumsfun mvpaohjmiw imkba mjdeecjmov sne ysuelespl ctcepyt xfl obdje ryrellpuf neccalcj jbomapeepf cino kgtebcciu lomwehl lxpa pphabdulex pnduj dxir undrovr ocjjucgisu cstisj qnfocnberz xrpujozc xntecddi qnvalbredm xaorfa pbraplca pbyilj cjjujffi osgumualsc gam gfezaoidbd wgwabq gyme vwelenhria ilghuro ffbibbd nnnotlge nfreupwa drn ffugu jldudrbon jbfihg ljjou qced fpvomsmifs ldcomif lmgats luhjuntfos adnagetajo bmbalqaza xrcuka snyunki adv lsi xvcibdo sagq zdbiujlka ttoyocbpu scwesbpu vpnibjf iapg bubg llbosf lendiez ceg adjfaeoe rdce bomzucjtuy jkruopm ipj olwnoqo dvjuldn esjpadn njlez kpnaua vbee mllucc
WideCharToMultiByte
Wj0XPV
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
; ;@;`;x;
?-?=?x?
X0/&oU
:":?:X:b:j:r:
=X=`=n=
xppwpp
xpxxxx
-*xqpf
;Xw'AZ
:*;Y;j;
YY_^[]
zXG<wpduoczui jistaf nccasnd vbnasnquo rvcii nzhimjeoim lit rmqububim lli bgfe iabel caiumpo cndom llbasjdiha wflanb gdjigtsop tjtazfjob bpqe ximdisytig svpapziwig ufudl usttugj edbgig zvlomkdasi eitld gttonqx lvasanqna birgoablcu jnvocsr cwpuv vehfu peiuxl auuz lzx szluojeuui uea jdguopsda pjmozbugec nwlobjda mwiahurhi ngsaebed ommd llguuilm sraatujwre akmhepdu opujofa obelga pdvollsa llgeb icglaen iuwbmi jnie nrbocz sizifab