Analysis Date2015-05-29 04:23:18
MD532b8f274afb9616bd9e612f0ef11281b
SHA1da244a8e797ee82c20553f0cd7feef7a25c68db8

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d6d80f7618bc4496394b7b004560266b sha1: 47e1b36f1b8235095ce3f044e231b5b2868a39d6 size: 198144
Section.rdata md5: e6ecf3d6358057567c0d9d4ae1523b94 sha1: 75adc92ed7aa0c3b54f2986384227b0a501e9253 size: 52224
Section.data md5: d3c98215a9bf80304543f934ab726edf sha1: b89f5f97b81ee126850ef53f3833fe4593f86cc3 size: 7168
Section.reloc md5: d613593d3c963183fff5dc79c3732918 sha1: 31cfa9eaff3af2a7e925ba561c9f1cfbc57c2f3c size: 14336
Timestamp2015-04-29 18:50:31
PackerMicrosoft Visual C++ 8
PEhash33a5d8c4028eefb6b0d3261c7aea999d15ded970
IMPhashdfcfe6a657e18f60106b55f0a1a1ec96

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\yulfgldhcv\bjwdd7xop
Creates FileC:\yulfgldhcv\aoc91lxxpjfsfyipi1o.exe
Creates FileC:\yulfgldhcv\bjwdd7xop
Deletes FileC:\WINDOWS\yulfgldhcv\bjwdd7xop
Creates ProcessC:\yulfgldhcv\aoc91lxxpjfsfyipi1o.exe

Process
↳ C:\yulfgldhcv\aoc91lxxpjfsfyipi1o.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Control Source Biometric Collector Topology ➝
C:\yulfgldhcv\cobyqniinw.exe
Creates FileC:\WINDOWS\yulfgldhcv\bjwdd7xop
Creates FileC:\yulfgldhcv\c9jrdn5vnjj
Creates FileC:\yulfgldhcv\bjwdd7xop
Creates FilePIPE\lsarpc
Creates FileC:\yulfgldhcv\cobyqniinw.exe
Deletes FileC:\WINDOWS\yulfgldhcv\bjwdd7xop
Creates ProcessC:\yulfgldhcv\cobyqniinw.exe
Creates ServiceNow Extensible Panel Client - C:\yulfgldhcv\cobyqniinw.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1204

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Process
↳ Pid 1848

Process
↳ Pid 1132

Process
↳ C:\yulfgldhcv\cobyqniinw.exe

Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\yulfgldhcv\bjwdd7xop
Creates FileC:\yulfgldhcv\c9jrdn5vnjj
Creates FileC:\yulfgldhcv\bjwdd7xop
Creates FileC:\yulfgldhcv\tcemaodu
Creates FileC:\yulfgldhcv\owirhjn.exe
Creates File\Device\Afd\Endpoint
Deletes FileC:\WINDOWS\yulfgldhcv\bjwdd7xop
Creates Processu495hzuunujb "c:\yulfgldhcv\cobyqniinw.exe"

Process
↳ C:\yulfgldhcv\cobyqniinw.exe

Creates FileC:\WINDOWS\yulfgldhcv\bjwdd7xop
Creates FileC:\yulfgldhcv\bjwdd7xop
Deletes FileC:\WINDOWS\yulfgldhcv\bjwdd7xop

Process
↳ u495hzuunujb "c:\yulfgldhcv\cobyqniinw.exe"

Creates FileC:\WINDOWS\yulfgldhcv\bjwdd7xop
Creates FileC:\yulfgldhcv\bjwdd7xop
Deletes FileC:\WINDOWS\yulfgldhcv\bjwdd7xop

Network Details:

DNSbelongbehind.net
Type: A
95.211.230.75
DNSvariousmayor.net
Type: A
DNSreturnmayor.net
Type: A
DNSvariousbattle.net
Type: A
DNSreturnbattle.net
Type: A
DNSjourneyunderstand.net
Type: A
DNShusbandunderstand.net
Type: A
DNSjourneybroad.net
Type: A
DNShusbandbroad.net
Type: A
DNSjourneybehind.net
Type: A
DNShusbandbehind.net
Type: A
DNSjourneybutter.net
Type: A
DNShusbandbutter.net
Type: A
DNSdestroyunderstand.net
Type: A
DNSlittleunderstand.net
Type: A
DNSdestroybroad.net
Type: A
DNSlittlebroad.net
Type: A
DNSdestroybehind.net
Type: A
DNSlittlebehind.net
Type: A
DNSdestroybutter.net
Type: A
DNSlittlebutter.net
Type: A
DNSriddenunderstand.net
Type: A
DNSbelongunderstand.net
Type: A
DNSriddenbroad.net
Type: A
DNSbelongbroad.net
Type: A
DNSriddenbehind.net
Type: A
DNSriddenbutter.net
Type: A
DNSbelongbutter.net
Type: A
DNSchairunderstand.net
Type: A
DNSthoseunderstand.net
Type: A
DNSchairbroad.net
Type: A
DNSthosebroad.net
Type: A
DNSchairbehind.net
Type: A
DNSthosebehind.net
Type: A
DNSchairbutter.net
Type: A
DNSthosebutter.net
Type: A
DNSwithinunderstand.net
Type: A
DNSsufferunderstand.net
Type: A
DNSwithinbroad.net
Type: A
DNSsufferbroad.net
Type: A
DNSwithinbehind.net
Type: A
DNSsufferbehind.net
Type: A
DNSwithinbutter.net
Type: A
DNSsufferbutter.net
Type: A
DNSeffortunderstand.net
Type: A
DNSthroughunderstand.net
Type: A
DNSeffortbroad.net
Type: A
DNSthroughbroad.net
Type: A
DNSeffortbehind.net
Type: A
DNSthroughbehind.net
Type: A
DNSeffortbutter.net
Type: A
DNSthroughbutter.net
Type: A
DNSforgetunderstand.net
Type: A
DNSincreaseunderstand.net
Type: A
DNSforgetbroad.net
Type: A
DNSincreasebroad.net
Type: A
DNSforgetbehind.net
Type: A
DNSincreasebehind.net
Type: A
DNSforgetbutter.net
Type: A
DNSincreasebutter.net
Type: A
DNSwouldunderstand.net
Type: A
DNSrememberunderstand.net
Type: A
DNSwouldbroad.net
Type: A
DNSrememberbroad.net
Type: A
DNSwouldbehind.net
Type: A
DNSrememberbehind.net
Type: A
DNSwouldbutter.net
Type: A
DNSrememberbutter.net
Type: A
DNSjourneydried.net
Type: A
DNShusbanddried.net
Type: A
DNSjourneyfifteen.net
Type: A
DNShusbandfifteen.net
Type: A
DNSjourneyangry.net
Type: A
DNShusbandangry.net
Type: A
DNSjourneyarticle.net
Type: A
DNShusbandarticle.net
Type: A
DNSdestroydried.net
Type: A
DNSlittledried.net
Type: A
DNSdestroyfifteen.net
Type: A
DNSlittlefifteen.net
Type: A
DNSdestroyangry.net
Type: A
DNSlittleangry.net
Type: A
DNSdestroyarticle.net
Type: A
DNSlittlearticle.net
Type: A
DNSriddendried.net
Type: A
HTTP GEThttp://belongbehind.net/index.php
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 95.211.230.75:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   656c6f6e 67626568 696e642e 6e65740d   elongbehind.net.
0x00000050 (00080)   0a0d0a                                ...


Strings
lC2rvirnte.
"
 
\
.
 
\
  
.
e
. 
00-+ .
-
-1
+-0-E-
-0
\
.
0
0
- 
000
-
.... $(,048<@DHLXdlx......
.u
                                 
2.exe
- abort() has been called
af-za
af-ZA
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
.bat
be-by
be-BY
bg-bg
bg-BG
bn-in
bn-IN
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
Cja-JP
.cmd
.com
CONOUT$
CR6002
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
Djjj
DOMAIN error
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
gl-es
gl-ES
gu-in
gu-IN
         (((((                  H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
is-is
is-IS
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
Program: 
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error 
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
= =@=`=
>	?!?>?
                          
;&<[<}<
0!0/0<0}0
0 0(00080I0P0_0
0%0-0<0B0
0'000D0W0g0m0
0$0,040<0D0L0T0\0d0l0t0|0
0!0.050
0$0-070E0M0`0m0u0}0
0!0+0A0K0c0s0
0#0<0C0K0P0T0X0
0&0.0n0
0%010J0v0}0
0%02090D0H0`0l0s0{0
0'030;0C0O0r0
0*040H0P0g0}0
0&060A0W0_0h0w0
0$060U0y0
0*0E0U0o0u0
0$0I0P0
0#1(11161?1D1Q1
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0,161>1L1X1`1h1p1
0&1C1b1
0@1O1W1a1i1q1y1
020:0G0Y0d0
020B0K0i0
02181<1@1D1
+030J0h0
?$?0?6?O?[?
: :(:0:8:g:o:
; ;(;0;8;@;H;P;X;`;h;p;x;
: :(:0:8:@:H:P:X:`:h:p:x:
<(<0<8<@<R<c<o<w<
>0><>B>
>%>0>E>S>u>
-0F0X0d0
=0=;=G=O=T=a=
:0L0i0
0P0V0[0b0h0t0y0~0
?'?0?V?
0Z1f1q1
:0:?:Z:_:q:
101e1m1u1
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1$1.1=1t1z1
1$1,141<1D1L1
1$1,141<1D1L1T1\1d1l1t1|1
1#1)1A1W1v1
1'1>1I1x1
1'1?1L1n1
1&131G1\1l1{1
1-151=1t1|1
1'161>1F1h1o1{1
1-1C1M1U1]1e1k1
1=1c1z1
1?1G1O1_1e1k1q1
1!1G1Q1`1n1
1)1J1R1_1l1t1|1
1 1R1y1
1#1T1^1f1y1
1;1Z1v1
1;2\2d2l2
122N2o2
1+282B2J2V2f2v2
171?1V1
:1:7:A:M:U:e:}:
;!<*<1<7<=<P<X<`<f<|<
=)>1>9>A>J>\>
>,>1>9>F>V>k>
?)?1?9?H?
<%<1<A<N<Y<j<
?1?<?E?M?a?
1G1N1V1c1p1x1
;1;I;O;X;^;h;s;
> >'>1>L>T>j>r>
='=1===M=Z=
1#QNAN
1#SNAN
202;2E2M2U2
212D2W2
212H2P2W2f2u2}2
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2
2$2,242<2D2L2T2\2d2l2t2|2
2$2,242D2L2T2\2d2l2t2|2
2!2.242G2`2n2
2 2+272?2G2S2^2d2i2q2
2#2/2D2}2
2"2]2d2n2v2
2'2<2F2_2i2v2
2,2^2i2o2{2
2)232;2C2O2U2_2g2o2{2
2#232@2R2
2+252?2G2j2}2
2,252P2_2l2
2!282C2^2t2|2
2$292@2F2P2X2t2{2
2/2a2h2l2p2t2x2|2
2*2A2I2Z2m2
2*2B2X2f2u2
2@2J2y2
2	3$323
2#3@3Q3r3w3
2 3h3w3
2=3o3|3
2*3U3\3p3
262@2G2
:$:-:2:8:@:E:K:S:X:^:f:k:q:y:~:
?*?2?:?B?H?m?~?
<%<2<:<B<J<
?&?2?<?C?K?`?h?t?{?
`2d2h2l2p2t2x2
;$;,;2;:;?;^;f;l;t;
2J2\2d2j2p2w2~2
?&?2?:?N?[?o?|?
:#:*:2:?:O:i:q:{:
2P3W3^3e3}3
2psnof yubp jplogmpilp cfn rlsof neos ivdru uij leaa eemdfudbg edufg tftui igcnu nnniafgj bbseplsa zusxiix upjj gnuojew tttufou zlaofas esbjodecu mbjialnl ldmes lvsepza sjn lbtigjp iqu spno ljg tcpaoascco zlopem xfbuakjde vuyag ttliicu tprivyf cyb nfco shd gab ctomuj wjjoecaui usjmoyerxi aynpiro bleiizop jbefijbu pds ida ozndesjyeb dji nbg otocio jacelojezc lgnufvay cwqosufgal nqbauoj fufs aempmacn gpmifm sgwu ngyeacgm ljpayr ptpaiy lfuosufo embuisa jbidu dodamobys lgidubn pdcacsdof oits vssid loganuac swmam puxbasg inqbek sgowicdzi urxbeflfi ezlgadwg qcm bjrod mjyoor qrfapd nnpohncol cdgic gzxiaby nqotafb dbmolbudo djee xlaeezi fb
2S2[2t2
;$;,;3;;;
303`3h3l3p3t3x3|3
30383U3b3h3{3
303C3R3^3o3}3
3$313=3E3J3[3c3j3
3!313A3N3i3{3
3"3*303R3`3
3+333;3C3^3l3
3)333=3C3M3U3a3k3w3
3$3,343<3D3L3T3\3d3l3t3|3
3!3.363>3\3
3"3*363>3`3j3u3
3#3/373D3v3{3
3!3?3L3X3
3 353i3q3
3$3B3r3
3'3E3a3i3n3
3,3F3P3W3{3
3/3Z3v3
3!444L4h4t4|4
3(494M4`4h4p4x4
3A4m4x4
>3>;>A>q>
:#:+:3:?:F:_:
<3<<<F<m<
:,;3;>=H=
?#?+?3?;?H?]?m?z?
<%<,<3<U<j<
40484@4j4
41494E4M4U4\4d4}4
4$414A4F4W4p4{4
4$4*40484H4X4`4
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
4"4(4.4@4[4c4k4
4$4,444<4D4L4T4\4d4l4t4|4
4 4,444;4V4r4
4 4(4<4B4G4W4_4
4(4<4H4Q4_4x4
4	4#4J4
4,454R4Z4
4 464B4Q4X4
4(484<4L4P4T4X4`4x4
4 494C4V4l4s4
4/4Q4q4
4#5K5Y5
4>5N5t5
484C4P4^4u4
>">,>4>A>I>S>]>e>
;4;<;D;I;Q;h;z;
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
?$?,?4???E?R?d?
4h=l=p=t=x=|=
?$?,?4?I?S?a?z?
;";4;J;a;g;r;
=)=.=4=k=
4M5X5e5}5
<&=4=M=W=_=h=
>4>P>c>s>
4Q4Y4a4g4u4
<,<4<<<S<b<
50J0T0Z0`0f0
515C5U5g5y5
525:5E5N5Y5c5o5u5
53585>5J5T5k5s5
5(50585a5z5
5(50585B5J5w5
5 515B5J5V5^5l5
5%545H5
5 5(50585@5H5P5X5`5h5p5x5
5!5(50585A5I5Q5
5 5$5(505H5X5\5l5p5t5|5
5 5.5:5B5I5R5m5
5"5.5?5L5T5\5p5w5~5
5/575>5M5V5
5$5J5_5g5{5
5>5Z5l5
565>5F5O5Y5a5j5
5%6-656
5'6/686G6e6
5&6+6F6K6m6
5*6Z6|6
585@5F5^5n5v5
5A6Q6a6a9
=/=5=?=F=o=w=
5n5t5x5}5
?$?5?N?X?b?{?
>5>=>R>_>
; ;*;5;?;R;b;j;r;~;
<(<5<?<S<Y<j<o<
5V5i5w5
616?6E6
616?6H6s6
646D6H6X6\6d6|6
6!61676\6f6l6
6(616y6~6
6&626;6@6F6P6Z6j6z6
6*626@6e6u6
6&656C6M6W6]6q6
6 6(60686@6H6P6X6`6h6p6x6
6'6/646H6P6W6l6r6
6,6<6\6l6|6
6$6.696?6L6Z6c6i6o6v6
6"6;6I6
6(6:6L6^6
6.696L6
6'6C6K6S6d6l6t6|6
6;6E6W6^6
6?6G6p6}6
6=6J6l6w6
6>6J6R6
6.747@7w7
6,7]7{7
6'7,7=7C7K7_7k7s7{7
6#7=7E7P7g7
6)7C7i7
6$7I7U7n7
6<7M7Y7i7~7
6 7Q7i7
>6?A?b?j?r?z?
;6=`?d?h?l?p?t?x?|?
:':.:6:D:`:l:
:6:>:F:Z:|:
6G7N7S7^7}7
&6{KBN
6q6z6W7b7u7
6S6a6q6}6
: :(:6:>:T:a:t:
<&<6<W<^<
72888<8@8D8
7'73787A7`7m7z7
7%757=7E7T7\7a7y7
7 7(70787@7H7P7X7`7h7p7x7
7$7(707D7L7`7h7|7
7'7/777\7h7p7y7
7&7.7=7T7~7
7#7<7C7K7P7T7X7
7.7<7D7P7
7%7>7E7S7j7
7+7?7Z7g7~7
7;7E7n7v7
7"7R7h7t7
7(8J8h8r8}8
;*;7;A;G;a;{;
>7>B>f>n>
;$;);/;7;<;B;J;O;T;];b;h;p;v;
:7:B:r:
7D8J8V8
:,:7:<:G:h:v:
7j8q8~8
7K8T8`9i9U:
7L8e8t8
<	=7=m=t=
}'7oemkn pcajomjfa husmas ncv rzpojbiouc vvliy sdpedis njkiiaj lmulafqmu ejbtubbu gfa iqjsuyii rbaleclgam yresucgl zsfir sdt imgab arb fenbind fkfew upni rxzelav jvda pydadmv codpeulgxe dfixek tjloauegag iflfoudmp jonj joktawsjo ftqa qcmisbgoac uftviej ejjsicdqa jedxefxez sbrialqco rfbenfolu bbmadcsuai ybco uacjonub fekfi lisp spbeuiez ffkiysxicy bgfavploon tlqub atilqe osru nkvemi tovgolomsu okb enaoyd vssuo ksgiabiny flotod jcaw dcq gedwub fuj ddbuvlm ticiseuvrj malpugdbe ymgubl gdpamb vfgurao cfjii ejmcefgmib uogcsuzu cssofqves perxu pmapamamnu fpban nffamikc bpjoloqux gadlelv iqktahcnut edqibuqj bpziu nbevauadun lpwiionfb odks rducolrxUd
'7R3/QF
>7>Z>b>j>v>
808P8p8
81:@:c:t:z:
848<8D8K8Q8Y8a8
868F8K8Q8
8'80898F8L8z8
8*828:8p8
8$828t8
8)858:8E8O8e8
8 868F8R8\8b8g8v8
8)878O8Z8h8
8 8(80888@8H8P8X8`8h8p8x8
8$8,828;8A8I8S8[8c8y8
8"8.868J8U8x8
8#8)888B8H8Z8l8
8 8$8@8D8H8L8P8T8X8
888@8H8P8b8j8r8
8$8:8z8
8*8K8Y8n8x8
8/8n8{8
8'8Q8e8u8
8,949<9D9K9S9h9
8&9=9J9V9f9l9}9
8.9;9m9
8;9[9z9
8@9H9x9
8=9Z9i9
?'?/?8?A?I?U?]?o?z?
8b9k9}9
?"?-?8?D?P?Z?b?j?s?
8L<P<T<X<\<`<d<h<l<p<t<x<
;8;@;T;r;
?(?8?U?Z?h?
8W8\8b8t8
>->8>Z>
9#:0:J:Z:i:q:|:
919I9b9
939;9C9
989T9X9t9x9
9-939:9P9i9w9
9&969>9E9M9U9^9i9
9.969H9U9s9
9 9(90989@9H9P9X9`9h9p9x9
9"9*929?9F9N9`9t9
9#9+939a9w9}9
9 9*969J9R9Z9`9j9t9~9
9	9%9,929<9D9L9T9\9a9l9|9
9#9(9.969;9A9I9N9T9\9a9g9o9t9z9
999A9L9j9w9
9(9_9g9|9
9"9=9P9[9c9k9v9
9/9a9h9l9p9t9x9|9
9D;J;p;v;
<9=E=a=
9fmyo vnsovf amobcaiug lne gtiiii adsye gnjuj lsbe bopsauyxg ijtben qou txfucm fvmulsfon dfla elthe wjgopjgevl foj mhguzs mbdajbecal ojgcu locgi nxb bvhenfla enggoa uiz fnpu kfbesssals dmmim xalpe chnufebhov bpnefmc pfsupls gdowayrh ezsbapvbu ssedalec atjbi mierpar glgunnoz blelezrni zpme zlbefv januf ugmekibpge lju xcr gtxedvd isnjuddi yerajie telr jbaveye xvmozgjeg pggekpnoku ppt bgdi padlio phcebngadp jzcevfqarj csnambpos jfip sjcagob cxbopfmuf ndleambtof ott rsriwyuus dlxutb uerg aeujyle pindidfpu mcaziry npjipq qdbaszg odrk oms sionnes laxr jepjosdd wlcie ueaadort abvfeedcg jrfuisbava mmn yzquzfkof vsceocia bnbif ydcobndo zjbo!
9F:T:\:i:
9H9`9s9
9=:K:U:y:
</<9<><N<g<n<
9T:t::;O;|;
>/>9>>>z>
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
<(=A=I=U=k=
=A=I=Y=r=
already connected
already_connected
AreFileApisANSI
argument list too long
argument out of domain
<at-<rt"<wt
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
bad address
bad_address
bad allocation
bad exception
bad file descriptor
bad_file_descriptor
bad message
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
?!?-?B?I?d?l?
;!;B;J;P;];n;
?!?:?B?M?Z?j?z?
=#=B=N=V=^=s=
:?:b:q:
:*:B:R:`:h:p:
broken pipe
<B<T<h<u<z<
bWWWWj
bzeoy vckaofcan dsdimxiei psieo tjjasmsav wibjuj lrjecqo reonqerogd zgja sscevgxu tgsubsco njmulmf hsosi spbocezg ofmu pcq lcvuxfnaoe msgepmya vzwosrixen unio mhalugpmu bbol iujmz rjruf itmojicdd ubbulald aitmici pqjoianes tba kotnacbs obljegl fjbed iiuaxl oml gjz aezatvoxec ljbarj dkgupg hfconsju jjjudi imkdabf stibivda xzg clbipsii izvzo stoeaop mdtul ljsiznzui dgciaz eyzbixjpoz cto ezgdeasvl jfemac xpcod fpen jcamepz lstij yfnoul eendzor cyuce gcfinbbac wmci bopefoil zkopav btaoo ofgj jnmuwird vtpaavp hgjuggriu qlz xdic ogagfejg qglugpxer rlnifvjim mgcecki jec hygoa jesneb jxmoxpp reni cagmeutvq svubifexp faoacpag svipahmmed xfsuk slho eavl fkdalfciel aisj 
CallWindowProcA
__cdecl
Ce0Y}2
CheckDlgButton
 Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
CompareStringEx
CompareStringW
 Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
CorExitProcess
?C?P?a?n?{?
<.=C=R=d=
CreateEventExW
CreateFile2
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
cross device link
=)>C>S>z>
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
DeleteFileA
destination address required
destination_address_required
device or resource busy
directory not empty
:<;D;L;T;
< <D<P<X<
DrawTextA
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
= =(=/===E=M=l=
EnableWindow
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
EnumSystemLocalesEx
?,?E?R?Z?u?}?
executable format error
ExitProcess
<@<E<y<
-(&**f
F0O0Y0u0
__fastcall
February
>*>F>g>
=.=>=F=\=g=u=
file exists
filename too long
filename_too_long
FileTimeToLocalFileTime
FileTimeToSystemTime
file too large
FindClose
FindFirstFileExW
FindResourceA
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
<F=L=T=}=
FlushFileBuffers
FlushProcessWriteBuffers
:.;F;O;W;o;u;
<==F=P=d=
fppemh neb awk mjje jsecaorg hug tdpao rtzulnnad sgfisplufk iapjxosu pgavofu jffistjul oilb rbriclrefy etou tmc qbe qnniuonmt sgze fczofjki qai odubozijj uyfwe nufjufb bkvital ddduz ofcl muaubmas oul mvsuwgicii kepz cbzusog zus adrsacwg qliozezu dcbiy isoccecsja mlpuecgg ejfjejlde jdvorzimub fea tnh udngebooft tcjoe dapdo vdj jgve maqmilm nrjigpc jljaddpib esdjidf qnjidzro abfneblo modlafddia trpedb ddrabcl lfili iaslro wacve eoddpom vsukej yai dhcatk ndleig bszubwpi mgpuz ads lmcab cunoaanupi onlalas zrfouapzj zspof cttoz ululr duijxedtpa seuzmoubc xer qpgugaebbo wvim rsde gtipapjev gvhopoi febusap mlfec zani crses nfaqecmz gobcaw sgmajl
;;;F;P;X;`;h;
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
function not supported
<^=f=v=
?+?>?`?g?
GDI32.dll
generic
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentObject
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetCursor
GetDateFormatEx
GetDCBrushColor
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileInformationByHandleExW
GetFileTime
GetFileType
GetFontLanguageInfo
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameW
GetGraphicsMode
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLogicalProcessorInformation
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNearestColor
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropA
GetQueueStatus
GetScrollPos
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTextColor
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersion
GetWindowContextHelpId
GetWindowDC
GlobalAlloc
GlobalFlags
GlobalSize
="=g=n=x=
=?=G=X=d=
`h````
<HB6*$
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
>(>H>h>
`h`hhh
HH:mm:ss
HHtVHHt
host unreachable
host_unreachable
;<;H;P;
Ht+Ht$Ht
_hypot
i0q0v0
identifier removed
illegal byte sequence
-IMKIj
inaofzar mmbeuvyo clfi mdsond szlohncozu mxbutcs fjn ulfmitf dujol dijgagjco rzh msixebspa ciba ncguguppeb sgijah jcnoaz ncpevndoy krmet fdvimz udflaybc fevd bwwuelp gell fllufsfacp dfabadd finagegk cduconqnov dvyozfpo ior grjiafh foomobucux wwnen embf sploqcsifl gajulidwi lrdidyp chnu bbd giiomfuegb offbuuiasf jcdeajn vdbatncu jsgeacj jdj bsamu gqnojd ouytea gfe uou dbic brliglpece zbomesl djhel unzpo eezbraujvs krnogzcueg fgd jsakalegz oclsezwobo mqlub fcditajl dcime fjfofpegia btbobzuju jfsukqbuy fjjosi vdjopci djocu monv ijcguevzz gxci sbme mfeide dcdonlgel tmo htbab nii ljubownvu vpvuzjokim zgneafy dzcozg ebsiato lbpog mcc gldam wuutj p
inappropriate io control operation
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
interrupted
invalid argument
invalid_argument
invalid seek
invalid string position
io error
iostream
iostream stream error
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocaleName
IsWindowUnicode
<itx<o
<;=I=T=Z=a=u=
;=<I<_<v<
\+)i\Y
;';I;Y;o;
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
@jd_u	
j/_j\[f;
j@j _W
;J;^;z;
} kE$<
=K>e>r>
KERNEL32.dll
>KjW[K
;#>K>Y>
<#<+<K<Y<d<q<y<
<%<k<z<
=;=l=~=
LCMapStringEx
LCMapStringW
:$:@:L:d:h:
LeaveCriticalSection
^=LN{<}1
LoadIconA
LoadLibraryExW
LoadResource
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
>L>S>[>w>
=.=L=T=\=u=
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
message size
message_size
MM/dd/yy
Monday
MoveFileA
MultiByteToWideChar
-m|yL=+-
:$:_:m:z:
=#=-=[=n=
> >=>N>
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
 new[]
_nextafter
nidsaiujf edajt annnoni ndga irzd iamdm qgjaj ptmopmmo keiocbe kjsoemvjat gwmau nxcehan zpumaak kjpedbti rkcul pcabufir gkf rtbecajola atw ffesevd dfcac cgleligx uzrlomd lyfops iibgrunbmu icsou dzzu gggombamae tlsi tmd vppam chsep djroblj vbcibsp jfrojq upupdijw xsbajr fchi lpv biyifia amjkur pdlipbvegy tov tvro zoub impolept vqfa jebdael dge ejr qccuscica lbjaght abp nsubimj ebcjob ecsis vhca mfmefldiv ajce clzegldil gdv nceooix lbiv sajopilvj urunco bgja wejmagzpa zwgojysesc zfjamgt cxualeu fgecuaco mwp mvnocvga lmt cujcani qgfa tmjueadjd bvjitd nxduvwmaj afecgu efffu pubhizlba rngaudx nsyefavno ddsicjyen fllidmg fdnu ilatlovru nlpe kugc
<!N!N&N
nN~ZqN
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
(null)
nvrop zaisceomrf pdlazt cjtip pufkacubmi ijdnoseie vcrol mcjiv ydkoljp jabcebusla vobhicdlo pcgi nasposlmio kxuli unspa acuzmivaa acp nvpupjjip nlyeljei mebijoatby gboejeli bangidepna dgdafu vob phj gdladnbo kgjod inucpog usedorij adcelougt jpaqu pus srmu erbu rsod puitojee rtajeipio oudgnu mffogdi zatguc fvwi tul aai ndse uslzuhndim jjefozf mheyad lwhijnlay odicas gceetujvr rlo azvnoia lcjal lauopyiuy pbs zcteaq dgtuheukre dgmiblb kmzu jiinesafj svmoqpc vognoiddqi dzibeebm nnokestu nopladud vpfa ochibinmf gqpazuuvgo ixljap tnm rbbu jcgav oqpxaba ejyfi elbhobncuu uaplbeo akic ddfulf bpu duza sudvafyomo zhr ofjgi srge hxenesi vlajuj
;`;n;x;
o6N-b7N
October
`omni callsig'
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
OutputDebugStringW
owner dead
__pascal
>">/>P>e>
PeekNamedPipe
permission denied
permission_denied
~pjCXf
`placement delete closure'
`placement delete[] closure'
=P>^>n>{>
PostMessageA
PP9E u
PPPhPmA
?;?P?q?
protocol error
protocol not supported
protocol_not_supported
PSSSSV
__ptr64
PWWWWV
qnqups gucodifyz aqupesa ctomifnkon tfnu acydamo icstez nafaw saz ufaddasdna ndsiocxfid uqamgimfsa pzsustj eltn pnf fzno zjzutf sasfujpba qgtaavp knjudi gbjefsfu msoceu tdjil cibpiffce auuz gojm umuayuyisl empu udzihia fjcozj vdegojao fpri sussadjlua hvm jfij icrgemtwu ppxupngo cusbuvszep pplizvobu nnod ohedbo pmjimmyeb fklodcagu cjbubcejoi eiwsd jcoliaaj rndivjsop fjne nffe oyglij jvocadfnej kuad cgpigrhok ddnidpgigg sij levlexgbu vecmagbs fnnix dnidugkgo cjuuj evod blrinfceg ulumcai fvuwev etsd migdaribi anouvcen tplec twpicsqon tmagatdjo aybiem bfpuujd pccuejtpie hxoven vlwegtilor xrv aejsbe bdonaxpfuo ozuocw vrmeg vbn bprY
QQSVWd
QueryPerformanceCounter
;&;;;R;_;|;
RaiseException
`.rdata
ReadConsoleW
ReadFile
read only file system
.reloc
RemovePropA
:):/:R:e:s:
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
;/;R;i;p;
RtlUnwind
>,?:?R?Y?m?z?
=@=S=(>
Saturday
<,<:<S<a<z<
`scalar deleting destructor'
SendMessageA
September
SetDefaultDllDirectories
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetFocus
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
>"?S?`?i?
sisne gxfo jlcebbumeg jnafe jzpofcka jgusudur ifbjusig aufwyugdp beqdiaa bgma fxrua lodqovfo ltciduyef embu ygpepfva axzguuvtm jzsoeawa rjvadebfi arxva nmipalbric baep zpibute egjebaoddw trjespga gfm zvdekufrii sgfabmpuaj cuu xlfonbrosn hef dclobjues ubcj bfd yihcel aittmug gzi gvbi uhfs btrecsace maknubl rpad ffdeabh uas dggabi bwju vilnalzf fdosup wdpung frce pgbixgfi bbwa nhenav gowecum caztaip cpsofb afreduogr szjunsf bgaoc nwdoi bgtioiae gpzitiufcu bdyi clnoudgami sbjifppibl wnnu damjibyyec engupusu ehmlaodgse jcqofrlaj lamegoau kzvoovomb defsuclcid tsge uirfvamco wvpeq vjgeusgs fjmavmj bhh cdjeacdr npdohjp jle jgvavkna nfdem enr lsjebb ibSP
;+;@;S;[;i;y;
SizeofResource
SSPQSW
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
SVh0uA
,SVWj0X
SVWjA_jZ+
system
SystemTimeToTzSpecificLocalTime
~';_t|%3
< t8<	t4
TerminateProcess
text file busy
t!=fff
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
=T[|NEEPu -l
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
Tuesday
;t$,v-
 Type Descriptor'
`typeof'
<*=<=U=
u4y4}4
uaPPPS
?:uBGW
uBjAYjZ+
`udt returning'
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
UpdateColors
UQPXY]Y[
URPQQh
USER32.dll
UTF-16LE
value too large
`vbase destructor'
vbgir gxococs pgnu odlsia nnm mpnueecii gpmal ohflofaf dehgovzebi saxa tmbeojdj cgp rgmuomps jpfevg mjwueglfea nadcago zfj bffii nzsudia ilqca rnwacg rppuftbeui sapnevhj ndsak sdgiolmzap yxpuhzg aebjgur epcgoqssui bnlu ysf nfj gdbavgl jfaanuxf nqoluhrlu amdbutdx zasoin nmbowbt kszusn dygo cigufemkna aztm ezntompnup ldnedkod osdgavfri jcjeubg tcpi lyle gkcajzl dagaojem gjv rjirio nlfezp afnralpo jfpi chpomqo ybbikvbo psfeautp aoawhgez nxgibekres lpv bnkovs sbcon xnre bxres dubgedmsub ftr dcaholwja ylgoiz aimcmajlba flafimo padno oyxped jeoi zjro zdumow jfgauj bpjidfde vsgaykb ppla vdfedabga fjmurjxo zgmudpfap cgut nrbembe
`vbtable'
`vcall'
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
vgagip ovdy juth awnpebau mfcicoajdu kjanaout jfgeupmra jpiy dzsirxga lnjikoaf zgzojj zfgibc zoxmoz uufjb rbneg foltu fus ada sbguvbgozb kspuo ttcoy bcgemdqu eefdzi ftsadcye aooull riiwlo dioajhaf mfegeba iul mjruceop siddeseeld fbp hfdi carlieadh dlvukru bnno lnsuses zfye svjocrnagu lxbeicisb mcpobghosg nojfem ppgicgh spnufavxie mexfet jfdiezqd igwisukboc geadpanfwu bjzahjelo zlr dzhapeim cfb gag wmbuz nrpivm zdjecdov vve aicbzoupp bmq pomc pvuxigcyau ufpf esssivd hwfichudib fglueffufu djwoqovp msdisv jydesplu w/
`virtual displacement map'
v	N+D$
:V;];o;
WaitForThreadpoolTimerCallbacks
Wednesday
WideCharToMultiByte
WindowFromDC
Wj0XPV
Wj.h]#
@%wm C
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
>->X>f>t>
X?=NZze~
xppwpp
xpxxxx
	yvm_h
YY_^[]
<%<Z<d<
Z\Q/dEu