Analysis Date2015-01-16 22:51:55
MD5d080f15eb2d4df1a86f03a103b3c7f95
SHA1e38b2e5e8ea3b299d0d964b640a820ade8bc5e8e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 6137fab4d24368e71d27641cfd8f506d sha1: 44b5ee62db5af7beedbc9adbf292a40f92f9a341 size: 120320
Section.rdata md5: 7ae0603c9021c45fe3007556ae045568 sha1: 41531cc5d4c904c308e0404acee570b194e71362 size: 15872
Section.data md5: 491df56201d2a885164d2cb945a75003 sha1: 63008e3aa66e686adb13558f80943f8e30c6e702 size: 17408
Timestamp2014-01-22 06:32:58
PackerMicrosoft Visual C++ ?.?
PEhash868f8c753ff72f05d946953fe843ba0a60e12d1f
IMPhash6116bc9ed9a4080479cbdbcecb64520c
AV360 Safeno_virus
AVAd-AwareGen:Variant.Zusy.82682
AVAlwil (avast)Downloader-UVI [Trj]
AVArcabit (arcavir)Gen:Variant.Zusy.82682
AVAuthentiumW32/Agent.NK2.gen!Eldorado
AVAvira (antivir)TR/Crypt.ZPACK.Gen8
AVBullGuardGen:Variant.Zusy.82682
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.DownLoader11.7026
AVEmsisoftGen:Variant.Zusy.82682
AVEset (nod32)Win32/Agent.VNC
AVFortinetW32/Agent.VNC!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Zusy.82682
AVGrisoft (avg)Generic_r.DMA
AVIkarusTrojan.FBLock
AVK7no_virus
AVKasperskyTrojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.347637:Trojan.Win32.PEF.pf.silent.348577:Trojan.Win32.PEF.pf.silent.349247:Trojan.Win32.PEF.pf.silent.349979:Trojan.Win32.PEF.pf.silent.376163:Trojan.Win32.PEF.pf.silent.377057:Trojan.Win32.PEF.pf.silent.377789:Trojan.Win32.PEF.pf.silent.378627:Trojan.Win32.PEF.pf.silent.379268:Trojan.Win32.PEF.pf.silent.380179:Trojan.Win32.PEF.pf.silent.380996:Trojan.Win32.PEF.pf.silent.433356:Trojan.Win32.PEF.pf.silent.453058:Trojan.Win32.PEF.pf.silent.467723:Trojan.Win32.PEF.pf.silent.484872:Trojan.Win32.PEF.pf.silent.23219642:Trojan.Win32.PEF.pf.silent.23272206
AVMalwareBytesTrojan.Agent
AVMcafeeGeneric-FAOV!D080F15EB2D4
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Zusy.82682
AVRisingno_virus
AVSophosTroj/Bckdr-RRM
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Networking AuthIP Files ➝
C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe
Creates ProcessC:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe

Creates FileC:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\xysrdyvxaavi.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.rhaui
Creates ProcessWATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe"

Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\hkiptxixelslzc\ugojmow.exe"

Network Details:

DNSsmokeinside.net
Type: A
50.63.202.34
DNSpartybright.net
Type: A
184.168.221.24
DNSfreshpeople.net
Type: A
91.206.201.140
DNSsummerready.net
Type: A
72.167.191.69
DNSsummerpeople.net
Type: A
65.254.248.141
DNSwaterready.net
Type: A
64.74.223.38
DNSwaterpeople.net
Type: A
66.151.181.49
DNSpartyready.net
Type: A
8.5.1.51
DNSpartypeople.net
Type: A
217.138.13.211
DNSthoughtexplain.net
Type: A
DNSwaterexplain.net
Type: A
DNSthoughtbright.net
Type: A
DNSwaterbright.net
Type: A
DNSthoughtinside.net
Type: A
DNSwaterinside.net
Type: A
DNSwomaninstead.net
Type: A
DNSsmokeinstead.net
Type: A
DNSwomanexplain.net
Type: A
DNSsmokeexplain.net
Type: A
DNSwomanbright.net
Type: A
DNSsmokebright.net
Type: A
DNSwomaninside.net
Type: A
DNSpartyinstead.net
Type: A
DNSfightinstead.net
Type: A
DNSpartyexplain.net
Type: A
DNSfightexplain.net
Type: A
DNSfightbright.net
Type: A
DNSpartyinside.net
Type: A
DNSfightinside.net
Type: A
DNSfreshready.net
Type: A
DNSexperienceready.net
Type: A
DNSfreshbrown.net
Type: A
DNSexperiencebrown.net
Type: A
DNSexperiencepeople.net
Type: A
DNSfreshdaughter.net
Type: A
DNSexperiencedaughter.net
Type: A
DNSgentlemanready.net
Type: A
DNSalreadyready.net
Type: A
DNSgentlemanbrown.net
Type: A
DNSalreadybrown.net
Type: A
DNSgentlemanpeople.net
Type: A
DNSalreadypeople.net
Type: A
DNSgentlemandaughter.net
Type: A
DNSalreadydaughter.net
Type: A
DNSfollowready.net
Type: A
DNSmemberready.net
Type: A
DNSfollowbrown.net
Type: A
DNSmemberbrown.net
Type: A
DNSfollowpeople.net
Type: A
DNSmemberpeople.net
Type: A
DNSfollowdaughter.net
Type: A
DNSmemberdaughter.net
Type: A
DNSbeginready.net
Type: A
DNSknownready.net
Type: A
DNSbeginbrown.net
Type: A
DNSknownbrown.net
Type: A
DNSbeginpeople.net
Type: A
DNSknownpeople.net
Type: A
DNSbegindaughter.net
Type: A
DNSknowndaughter.net
Type: A
DNScrowdready.net
Type: A
DNSsummerbrown.net
Type: A
DNScrowdbrown.net
Type: A
DNScrowdpeople.net
Type: A
DNSsummerdaughter.net
Type: A
DNScrowddaughter.net
Type: A
DNSthoughtready.net
Type: A
DNSthoughtbrown.net
Type: A
DNSwaterbrown.net
Type: A
DNSthoughtpeople.net
Type: A
DNSthoughtdaughter.net
Type: A
DNSwaterdaughter.net
Type: A
DNSwomanready.net
Type: A
DNSsmokeready.net
Type: A
DNSwomanbrown.net
Type: A
DNSsmokebrown.net
Type: A
DNSwomanpeople.net
Type: A
DNSsmokepeople.net
Type: A
DNSwomandaughter.net
Type: A
DNSsmokedaughter.net
Type: A
DNSfightready.net
Type: A
DNSpartybrown.net
Type: A
DNSfightbrown.net
Type: A
DNSfightpeople.net
Type: A
DNSpartydaughter.net
Type: A
HTTP GEThttp://smokeinside.net/forum/search.php?email=rburchfield@las-cruces.org&method=post
User-Agent:
HTTP GEThttp://partybright.net/forum/search.php?email=rburchfield@las-cruces.org&method=post
User-Agent:
HTTP GEThttp://freshpeople.net/forum/search.php?email=rburchfield@las-cruces.org&method=post
User-Agent:
HTTP GEThttp://summerready.net/forum/search.php?email=rburchfield@las-cruces.org&method=post
User-Agent:
HTTP GEThttp://summerpeople.net/forum/search.php?email=rburchfield@las-cruces.org&method=post
User-Agent:
HTTP GEThttp://waterready.net/forum/search.php?email=rburchfield@las-cruces.org&method=post
User-Agent:
HTTP GEThttp://waterpeople.net/forum/search.php?email=rburchfield@las-cruces.org&method=post
User-Agent:
HTTP GEThttp://partyready.net/forum/search.php?email=rburchfield@las-cruces.org&method=post
User-Agent:
HTTP GEThttp://partypeople.net/forum/search.php?email=rburchfield@las-cruces.org&method=post
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 50.63.202.34:80
Flows TCP192.168.1.1:1032 ➝ 184.168.221.24:80
Flows TCP192.168.1.1:1033 ➝ 91.206.201.140:80
Flows TCP192.168.1.1:1034 ➝ 72.167.191.69:80
Flows TCP192.168.1.1:1035 ➝ 65.254.248.141:80
Flows TCP192.168.1.1:1036 ➝ 64.74.223.38:80
Flows TCP192.168.1.1:1037 ➝ 66.151.181.49:80
Flows TCP192.168.1.1:1038 ➝ 8.5.1.51:80
Flows TCP192.168.1.1:1039 ➝ 217.138.13.211:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2073 6d6f6b65 696e7369 64652e6e   t: smokeinside.n
0x00000080 (00128)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2070 61727479 62726967 68742e6e   t: partybright.n
0x00000080 (00128)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2066 72657368 70656f70 6c652e6e   t: freshpeople.n
0x00000080 (00128)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2073 756d6d65 72726561 64792e6e   t: summerready.n
0x00000080 (00128)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2073 756d6d65 7270656f 706c652e   t: summerpeople.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2077 61746572 72656164 792e6e65   t: waterready.ne
0x00000080 (00128)   740d0a0d 0a0d0a                       t......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2077 61746572 70656f70 6c652e6e   t: waterpeople.n
0x00000080 (00128)   65740d0a 0d0a0a                       et.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2070 61727479 72656164 792e6e65   t: partyready.ne
0x00000080 (00128)   740d0a0d 0a0a0a                       t......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 72627572   h.php?email=rbur
0x00000020 (00032)   63686669 656c6440 6c61732d 63727563   chfield@las-cruc
0x00000030 (00048)   65732e6f 7267266d 6574686f 643d706f   es.org&method=po
0x00000040 (00064)   73742048 5454502f 312e300d 0a416363   st HTTP/1.0..Acc
0x00000050 (00080)   6570743a 202a2f2a 0d0a436f 6e6e6563   ept: */*..Connec
0x00000060 (00096)   74696f6e 3a20636c 6f73650d 0a486f73   tion: close..Hos
0x00000070 (00112)   743a2070 61727479 70656f70 6c652e6e   t: partypeople.n
0x00000080 (00128)   65740d0a 0d0a0a                       et.....


Strings
.
.
-E-
-0
-0010+-0
0
-0
CC
.00-+ 
.
-e-
. 
\
 
00
.
:\
:..
...........?- 
0
0
0
0
-
.
u
E(null)
                                 H
         (((((                  H
         h((((                  H
jjjjh
KERNEL32.DLL
mscoree.dll
TBDB
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0SSSSS
0WWWWW
1_JXx/
1#QNAN
1#SNAN
5f>}hc
8D$:tC
8VVVVV
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ADVAPI32.dll
An application has made an attempt to load the C runtime library incorrectly.
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
__cdecl
 Class Hierarchy Descriptor'
CloseClipboard
CloseHandle
__clrcall
CompareStringA
CompareStringW
 Complete Object Locator'
CONOUT$
`copy constructor closure'
CopyFileA
CorExitProcess
CreateDirectoryA
CreateEventA
CreateFileA
CreateIconFromResourceEx
CreateProcessA
CreateStreamOnHGlobal
CreateThread
CreateToolhelp32Snapshot
CreateWindowExA
- CRT not initialized
D$,_^][
D$$_^][
D$0_^][3
D$4UV3
@.data
dddd, MMMM dd, yyyy
D$\+D$TQ+
D$`+D$X+
December
DecodePointer
`default constructor closure'
DefWindowProcA
 delete
 delete[]
Delete
DeleteCriticalSection
DispatchMessageA
D$LPQW
D$LPSW
D$LPSWQ
DOMAIN error
DPtoLP
D$`UVW
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EncodePointer
EndPaint
EndPath
EnterCriticalSection
ExitProcess
__fastcall
February
FF<+FF
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
*_F'Qn$A
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
^F<-uB
GAIsProcessorFeaturePresent
GDI32.dll
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDesktopWindow
GetDeviceCaps
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileSize
GetFileType
GetFullPathNameA
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMapMode
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetSecurityDescriptorControl
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetTitleBarInfo
GetUserNameA
GetUserObjectInformationA
GetWindowDC
GetWindowRect
GetWindowThreadProcessId
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
`h````
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtXHHt
>If90t
InitializeAcl
InitializeCriticalSectionAndSpinCount
InsertMenuA
InterlockedDecrement
InterlockedIncrement
InvalidateRect
invalid string position
IsDebuggerPresent
IsValidCodePage
JanFebMarAprMayJunJulAugSepOctNovDec
January
j@j ^V
j"^SSSSS
KERNEL32
KERNEL32.dll
/KU=Mu<?`
L$0QPj
LCMapStringA
LCMapStringW
LeaveCriticalSection
L$l_^]3
L$LQRWPP
L$LQRWS
L$LQRWVV
LoadCursorA
LoadLibraryA
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LPtoDP
L$@QRP
L$ QUV
L	t8rR
L$ VSj
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
M,\	b<
mC0^0!
MessageBoxA
-M<Fx=
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
MoveWindow
MulDiv
MultiByteToWideChar
 new[]
njYV75
NoRemove
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
October
ole32.dll
OLEAUT32.dll
`omni callsig'
OpenProcess
operator
OWB'g+!
+@P1:B
__pascal
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PostQuitMessage
PPPPPPPP
Process32First
Process32Next
Program: 
<program name unknown>
__ptr64
- pure virtual function call
QQSVWd
QueryPerformanceCounter
RaiseException
`.rdata
ReadFile
RegCloseKey
RegisterClassExA
RegOpenKeyA
RegSetValueExA
__restrict
RK%m<f
RtlUnwind
runtime error 
Runtime Error!
Saturday
`scalar deleting destructor'
ScaleViewportExtEx
September
SetDoubleClickTime
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetMapMode
SetStdHandle
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
SING error
SPSSSh
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
T$0jXW
t$4WPQ
T$8RPW
t$$9-X_B
TerminateProcess
tGHt.Ht&
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
\)T"Hk
T$hQPR
Thursday
< tK<	tG
TLOSS error
T$LRPW
T$LRSWVV
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
T$PPQRS
tR99u2
TranslateMessage
T$ RQQj
T$\RVPW
t"SS9]
<+t(<-t$:
t$<"u	3
Tuesday
;t$,v-
t+WWVPV
 Type Descriptor'
`typeof'
>:u8FV
`udt returning'
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
Unknown exception
UpdateWindow
UQPXY]Y[
URPQQh,
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
v$;5,oB
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
v	N+D$
#VVv\t
_VVVVV
VVVVVQRSSj
WaitForSingleObject
Wednesday
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
XB,@XMv
xppwpp
xpxxxx
<xtX<XtT
>=Yt1j
|ZJ,i{[h