| Analysis Date | 2015-05-28 08:57:35 |
|---|---|
| MD5 | 51a44fc375d035ebf10b94ce9380303e |
| SHA1 | eb1e2a568a2a3d585ae92bb77ce21838c35e724d |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: 8dd64496931b856a51d6ee9dcac284ad sha1: 75e2008772bd5f3bd1cd9d2aa78e968f31359e9d size: 198144 | |
| Section | .rdata md5: 5f75ea143f7acf2956e7075616e03e41 sha1: b1767360adb538ca6d63d14c8b5c0ee523e292da size: 52736 | |
| Section | .data md5: 9d2798ae16759d28aa88e5483780a53e sha1: f3fd14677d2f03a042211b913a819c8b141fe490 size: 7168 | |
| Section | .reloc md5: 3433b5695f8714024751a9a1ad442809 sha1: d2f5ad86a8aab09907ab0c3c821d7ef78a5defa3 size: 14336 | |
| Timestamp | 2015-04-29 18:42:52 | |
| Packer | Microsoft Visual C++ 8 | |
| PEhash | cf0945e21ea3d897a3f74fd2efdf937c4e20ef51 | |
| IMPhash | a9b2cc491b4e28f80ba5be443847bcd1 | |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\dmohlui\dkh4wjck |
|---|---|
| Creates File | C:\WINDOWS\dmohlui\dkh4wjck |
| Creates File | C:\dmohlui\tly1k33kcdlqxnu.exe |
| Deletes File | C:\WINDOWS\dmohlui\dkh4wjck |
| Creates Process | C:\dmohlui\tly1k33kcdlqxnu.exe |
Process
↳ C:\dmohlui\tly1k33kcdlqxnu.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AutoConfig Parental Server Workstation Spooler ➝ C:\dmohlui\mhrwroit.exe |
|---|---|
| Creates File | PIPE\lsarpc |
| Creates File | C:\dmohlui\dkh4wjck |
| Creates File | C:\WINDOWS\dmohlui\dkh4wjck |
| Creates File | C:\dmohlui\mhrwroit.exe |
| Creates File | C:\dmohlui\ulotvyiduq |
| Deletes File | C:\WINDOWS\dmohlui\dkh4wjck |
| Creates Process | C:\dmohlui\mhrwroit.exe |
| Creates Service | Acquisition Base Alerts Software Shadow - C:\dmohlui\mhrwroit.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 804
Process
↳ Pid 852
Process
↳ C:\WINDOWS\System32\svchost.exe
| Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
|---|
Process
↳ Pid 1208
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Process
↳ Pid 1856
Process
↳ Pid 1104
Process
↳ C:\dmohlui\mhrwroit.exe
| Creates File | pipe\net\NtControlPipe10 |
|---|---|
| Creates File | C:\dmohlui\ldfdekqb.exe |
| Creates File | C:\dmohlui\dkh4wjck |
| Creates File | C:\WINDOWS\dmohlui\dkh4wjck |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\dmohlui\pc5odb8kh4 |
| Creates File | C:\dmohlui\ulotvyiduq |
| Deletes File | C:\WINDOWS\dmohlui\dkh4wjck |
| Creates Process | qisgietfocfh "c:\dmohlui\mhrwroit.exe" |
Process
↳ C:\dmohlui\mhrwroit.exe
| Creates File | C:\dmohlui\dkh4wjck |
|---|---|
| Creates File | C:\WINDOWS\dmohlui\dkh4wjck |
| Deletes File | C:\WINDOWS\dmohlui\dkh4wjck |
Process
↳ qisgietfocfh "c:\dmohlui\mhrwroit.exe"
| Creates File | C:\dmohlui\dkh4wjck |
|---|---|
| Creates File | C:\WINDOWS\dmohlui\dkh4wjck |
| Deletes File | C:\WINDOWS\dmohlui\dkh4wjck |
Network Details:
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2067 : close..Host: g 0x00000040 (00064) 656e746c 656d696c 6c696f6e 2e6e6574 entlemillion.net 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2064 : close..Host: d 0x00000040 (00064) 65677265 65686561 72742e6e 65740d0a egreeheart.net.. 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2067 : close..Host: g 0x00000040 (00064) 6c617373 68656172 742e6e65 740d0a0d lassheart.net... 0x00000050 (00080) 0a0a0d0a ....
Strings
TieeE3
nSO
v
"
\
.
\
.
.
e
.
00-+ .
-
-1
+-0-E-
-0
\
.
0
0
-
000
-D
N
. ,8HT\dp|.........................
u
2.exe
- abort() has been called
af-za
af-ZA
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
.bat
be-by
be-BY
bg-bg
bg-BG
bn-in
bn-IN
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
Cja-JP
.cmd
.com
CONOUT$
CR6002
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
Djjj
DOMAIN error
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
gl-es
gl-ES
gu-in
gu-IN
((((( H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
is-is
is-IS
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
Program:
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
; ;@;`;
0 0'0:0
0$0,0:0B0
0%0/0@0T0\0i0q0x0
00:0\0w0
0$0,040<0D0L0T0\0d0l0t0|0
0$0.040D0N0T0Z0d0j0r0|0
0$0,080?0G0^0t0
0&0.090@0O0]0i0u0
0!0+0A0K0c0s0
000B0g0y0
0%0-0D0{0
0!0-0H0U0]0
0'0/0H0V0f0{0
0!0,0R0Z0b0j0
001m1w1
0'040=0F0S0e0
0(050;0p0{0
0/070K0R0Z0f0m0t0
0:0C0z0
0.0F0^0v0
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0"171=1u1
0!1E1P1X1`1h1r1y1
0>1I1X1c1k1{1
0-1Y1a1i1q1
040;0P0X0q0y0
040V0n0
040Z0u0z0
:%:0:8:>:F:K:l:}:
< <(<0<8<@<H<P<X<`<h<p<x<
; ;(;0;8;@;H;P;X;`;h;p;x;
: :(:0:8:@:H:P:X:`:h:p:x:
0B1J1R1Z1i1
0D2]3h3
= =0=D=P=X=`=h=|=
<&<0<;<F<v<
:0:L:T:f:|:
0O0\0d0
>0>P>p>|>
;0;<;T;X;x;
1&101>1J1P1^1f1v1|1
111?1X1f1
1%1,121>1M1d1n1~1
1$1,141<1D1L1T1\1d1l1t1|1
1*1/151<1B1S1[1c1w1
1&1.161C1N1Y1
1 1+1Z1g1
1+131]1b1p1
1+131B1N1]1{1
1/171n1{1
1:1B1J1g1}1
1=1E1J1U1}1
1'1E1L1P1T1X1\1`1d1h1
1^1r1}1
1(20282F2Q2^2j2~2
1 2)2F2Q2Y2a2n2
1*252P2W2\2`2d2
1.282S2]2
1]2f2n2
1%2O2_2
>$>1>8>@>c>q>w>
<)<1<9<C<K<R<j<
1A1R1m1
;';1;A;G;k;q;
1G1O1k1q1
1H2L2P2T2X2\2`2d2h2l2p2t2x2|2
1I2T2b2|2
?1?K?~?
<1<@<K<S<[<u<
<(<1<:<O<[<c<
1P1U1]1o1
1#QNAN
1#SNAN
202u2{2
2!21272=2
2$2,242<2
2$2,242<2D2L2T2\2d2l2t2|2
2 2-252=2B2N2h2u2
2$2,262>2H2P2X2`2j2t2~2
2)2?2G2x2
2+232<2C2V2m2y2
2$262>2R2^2e2p2
2$2B2W2a2o2{2
2(2I2X2^2
2.2L2d2w2
2%313u3
2 3$343A338
2<3Q3Y3p3{3
252F2K2Q2c2i2t2}2
252K2S2s2y2
252S2h2r2
;$;*;2;7;=;E;J;P;X;];c;k;p;v;~;
282G2R2b2j2r2z2
2A3H3j3q3
; ;&;,;2;:;A;b;y;
:2:a:g:q:
>">*>2>:>A>K>R>`>y>
;+;2;B;H;N;V;\;b;j;p;v;~;
:2:<:B:M:p:u:
2f2r2z2
=$=2=G=P=`=k=s={=
2I2T2y2
>#>2>N>f>
2N`j7N
2p?zXs
31383B3I3O3_3o3~3
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3'3-3;3A3O3U3]3g3q3
3$3,343<3D3L3T3\3d3l3t3|3
3$3,343E3Q3Y3e3m3v3
3&3.363`3h3
3 3.393Q3Y3m3s3|3
3$343<3D3L3T3\3d3l3t3|3
3'343<3D3L3X3i3
3.353?3D3W3
3(363B3
3*373F3u3~3D4L4V4
3%393A3H3{3
3+393R3`3y3
3;3Q3W3]3g3m3s3{3
3^4f4r4
3>4P4X4v4
363=3M3Z3x3~3
3B4u4X5`5h5t5
<&<3<D<h<
< <3<D<O<U<a<g<m<
?,?3?D?R?]?e?r?|?
3E3W3c3n3
?!?*?3?E?M?f?r?
<$<,<3<E<M<V<`<i<
: :(:-:3:;:@:F:N:S:Y:a:f:l:t:y:
3I3Y3b3j3
=!=3=;=K=
3N3T3X3\3`3
3R3Y3o3y3
=3=:=S=
< <'<4<=<^<
404:4A4R4^4o4v4}4
4#4-4=4
4$4,444<4D4L4T4\4d4l4t4|4
444@4D4H4L4h4l4
4#4)484D4K4V4_4z4
4%4:4F4N4U4n4s4
4$4@4h4
4 4\4q4
4.4:4U4
4#4/4z4
4'454N4\4u4
4/454T4r4
4*464E4`4m4y4
4+4D4R4i4x4
4=4E4M4
4;4G4l4
4%4J4Y4p4
4(4R4q4w4
4#515J5X5q5x5
454A4P4Y4f4
455<5b5i5
4 5;5Q5a5q5
4%5h6r6x6
?%?.?4?<?A?`?m?u?
='=.=4=B=H=]=n=z=
:,:4:c:j:}:
:$:,:4:<:C:K:^:
?$?,?4?<?D?h?p?
?$?,?4?<?D?L?T?\?d?l?t?|?
=4=@=H=t=x=
<4<U<\<c<z<
;,<4<:<W<
505<5G5O5X5`5s5{5
505@5M5U5]5j5
515>5y5
516H6P6
525R5f5z5
5(505Q5x5
5"545;5k5y5
5"545O5W5_5g5
5$5,545<5D5L5T5\5d5l5t5|5
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
5!5%5)5-5155595=5A5E5I5M5Q5U5Y5]5a5e5i5m5q5
5 5$5(5,5=5c5r5|5
5(5,5<5@5D5H5P5h5x5|5
5#5-5:5?5f5z5
5&5.565>5E5R5c5k5s5{5
5 5/575J5V5\5g5l5t5
5-5;5D5K5U5\5p5
5'5:5G5P5
5)5F5S5a5x5~5
565I5Y5`5z5
5)717=7C7H7O7V7n7u7
576B6H6
>5>B>W>g>o>w>
;+;5;B;Z;f;r;
5C6K6X6j6t6
>)?5???D?L?_?j?z?
?&?-?5?H?M?W?^?u?
=5=@=_=j=J>f>
:5:@:O:[:i:
:5:P:]:s:
5X>\>`>d>h>l>
60<0B0S0^0d0
616<6L6^6h6
6"60686
6!656E6M6[6
6 6(60686@6H6P6X6`6h6p6x6
6$6)61696?6V6l6
6 6&6*60646:6>6D6H6Z6{6
6&6.696I6Z6b6v6
666I6\6
6 6(6N6Y6a6i6o6u6{6
6 686H6L6\6`6d6l6
6/6A6S6e6w6
6&6C6S6b6p6
6?6E6K6Q6W6]6d6k6r6y6
6<6I6O6
6,717A7U7u7}7
6 7/777?7G7O7X7c7i7p7
6%7E7i7
686I6]6c6h6
697A7W7b7p7{7
6A6a6f6n6v6
6A6N6V6d6l6|6
6C6O6W6_6f6
>6?<?C?J?Q?Y?a?j?p?
?"?.?6?E?Q?`?v?}?
:*:6:>:F:K:S:d:j:s:
6G6M6w6
6j738:8
= =+=6=>=N=d=n=u=
;6<N<g<
:6:P:\:g:
707C7Y7b7n7y7
737;7A7\7d7o7
757A7d7l7y7
7%707R7h7
7$74787H7L7T7l7|7
7"757S7a7n7x7
7.767B7J7R7Z7
7 7(70787@7H7P7X7`7h7p7x7
7 7+71777=7C7M7W7w7
7%7,737K7m7t7|7
7&7.767t7
7$777?7D7u7
777\7d7w7
7*7;7F7K7V7w7
7-7@7L7S7Y7r7z7
7<7I7V7^7f7n7
7*7W7}7
7"808I8W8p8~8
7%818Z8f8
7"8*828J8R8W8j8
7'8\8u8
7$8B8J8Z8o8w8
7<8X8i8q8
< <%<7<D<L<T<a<s<y<
:7:E:\:g:q:
>#>7>F>
;7;?;G;
;7;J;~;
=">)>7>?>\>k>|>
7M8_8h8{8
-7o>Nk
7R7]7o7
;(<7<@<V<
>*>7>x>
=%=7=Z=q=
>!>8>?>
858N8Y8m8t8
869>9F9Q9l9u9~9
8)818=8I8d8o8w8
8$82878F8t8
8(838l8x8
8 848<8P8X8l8t8|8
8!858K8W8_8y8
8/878C8K8S8[8h8x8
8 8(80888@8H8P8X8`8h8p8x8
8 8(808N8Y8e8q8y8
8!8)81878I8i8q8}8
8#8,848X8_8
8#8B8I8V8
8'8E8L8P8T8X8\8`8d8h8
8*8n8v8
8)91999@9H9V9^9t9
8%929J9
8*959P9W9\9`9d9
8.9J9n9t9
8=9T9[9r9
8A8V8\8f8l8|8
8A9N9Y9
:8:C:O:g:o:
?8?D?\?j?{?
8,=d>l>t>|>
<,<8<@<p<
8P8k8q8y8
8U9o9x9
909L9b9
9!;2;F;U;
939@9E9M9U9k9r9y9
9 909B9J9V9[9c9w9
9+929J9R9Z9b9j9
9'929M9S9p9u9}9
9 969L9T9
9(989A9I9a9t9z9
9 9(90989@9H9P9X9`9h9p9x9
9"9-969>9E9T9m9
9%9-989G9U9b9
9 9@9`9
9$9=9D9W9}9
9+9=9E9T9[9c9l9y9
9 9>9K9U9
9?9\9k9v9
9=9E9p9x9
9'9J9o9
9(:A:L:T:]:e:l:
-"9Apf
:9;\;d;l;
:%:9:?:F:S:Z:`:f:q:v:
=9=?=I=W=a=j=r=
9~KZIP
9r;3<F?
9!:>:S:b:
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<"<'<A<\<d<
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
<:=A=I=P=V=[=
already connected
already_connected
:A:`:n:
;(;A;O;h;v;
AreFileApisANSI
argument list too long
argument out of domain
<at-<rt"<wt
August
>@>a>v>
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
<(<A<Y<|<
>+?A?z?
bad address
bad_address
bad allocation
bad exception
bad file descriptor
bad_file_descriptor
bad message
Base Class Array'
Base Class Descriptor at (
__based(
BeginPaint
B]ffZQ
;b;j;#<+<7<?<G<N<b<k<
broken pipe
bWWWWj
CallWindowProcA
__cdecl
CheckDlgButton
cjpru dreo bsmabnva ssveuvn ubm bnna ivas rdneugndub mkufo capme phfofeg beazn jfee oosnguywr bnl boofnae gpca rmnaoj ozc lce lumtuia fgletp phfa eldg stgou coffejp nmmues evgame grcobf grfubgtey phmakne nlm ije snsaiil krizemi smcu daop ymsu fldad dvv aignoodofi gfhidq cumemogmk ogjqar cenlazv elgveol tuzcu binao bslifbapen cue osubf fut veqbebn ibxagaorbu tosrionsku nruzoc xgheadzv yornadwze slzamdqi crsej itlooo tzzommnamp blfuok toponuppv wgpin jcjiqkl xlahadl bcnirdlar tnmo pmcimcpe sbqa eqld fvdigdjaa viidtido ogvce pnod dgcupudfu zwfodk yznofwciy sjhubn ljbobaoob ldbo mppu dcfi ofs bmtoonxc xro winluxlix mipsabqrur vnaluuo wokgu bic tcg dfvu m
Class Hierarchy Descriptor'
cLN"yMN
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
cN$%eN
CompareStringEx
CompareStringW
Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
CorExitProcess
CreateEventExW
CreateFile2
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
cross device link
;,;C;R;X;d;t;
?%?C?V?
==>C>X>_>
@.data
:%:*:D:]:b:j:~:
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
delete
delete[]
DeleteCriticalSection
DeleteFileA
destination address required
destination_address_required
device or resource busy
:(:D:H:d:h:
`=d=h=l=p=t=x=|=
directory not empty
:D;J;\;{;
="=/=<=D=L=b=l=
><>d>o>
DrawTextA
=#=)=D=W=j=
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
eaiejrse lsfugdn ipjqevfge dqm avufcilyf rjzomfvi dglistn aejlbo ohbfiia cdimac izdyi bibj callo ipju gipuukajdn rmdoqeespi udgdiftvii trwuxd ecvcuslg kiwo yzipolshe jjvi mecbeaa duddelha wmvusrjobk zaefaninu dxvelz wndug ebmpugyc odmagoz ctbomi wnmi juq bjxou miepo lfhod jwcueyvnu bvnuzpz nmcelgnago baigp asfeg butveeym gfauvax sqdozmatez gbxajsyo lfw bdvubuo amrsublb sfvugo zptovbdi clmumz djgu fma jnp lrlii ymjaut ijnezuldfu ayg opcvan zulnojpv ssdeaiz fsd bqha bva regw joln jwgonlvaip dxus qigwu mojeli nzkudisc bjsul ycvux dumsuomtr tey hmf cnejid vmoeyu aoand ykokaluebo iteookta rnepeoqujr fwagafn picgaj szjiff jteenoshc daljofc hgdevfg goad lytit eggfacq X
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
;?;E;i;
?*?E?]?i?x?
EnableWindow
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
EnumSystemLocalesEx
=E=R=f=q=
executable format error
ExitProcess
E(YU}!
facsodofe umdiroccco bwagu hsroldmemh xlvacd vjvufapteb ogucmugu cvediays fecjeg uiypa btihasc rellumipbi cqcicfvuct lpjulbec lmbons ocrdaqlowo fidza vdqoncauci lfdizypi zjcegimup ngnutfg bwkupavpul zcrocibo nov dnnubdso hje lpagogs zosb uykpila fgb slbec lbbijskuun apnsu kgorezu lvses pougj hngip fxin jtifingap bfxifwgan eclfilns ugbmu iuey pwa ednvirlpal dgs hajgudc lssacdya kpfui pukjocg jdiaupu ooy snbe vpjeu lxoyoj sdrobin eltxitpci tnojeh jgbunb gpa djsudj ijurde flbayvvogc drad rflau eny gbgok gvrui omtsufnji nidf npoj rqrintqeod audaj qopxurgil jnqas jff sbpaljfund wyeresstul gogir ngjuxqk bdjicgga rjho zsbuf ghnij ken ipetf orcji pcuf pqhervfodm odrlabo amdzae cxopuc teoojeiji nikwoua hlca kgtuns kkjoq jjsivffoi axojodutrx gfcowzs wljojt bvvadaudf dpneab dbzolir ympid iownfuB
__fastcall
February
-F{FD=
file exists
filename too long
filename_too_long
FileTimeToLocalFileTime
FileTimeToSystemTime
file too large
FindClose
FindFirstFileExW
FindResourceA
>F?K?]?{?
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
;";);=;F;m;
fM!/hMo/qMQ
fmipom tprec ikuk fiagdoj oag rpdotucfu yazhognpi zdf iqpg xxpunn ijtugo mej ofsnue jwdogd gbi mut atxejakwro spxaveje xonegen aaynje uwycus nslibgaj dafepobcue ftdilcpa gsw deixjias sjbuabie znino uvegoduz gmf pvipi vhul kvofua kfkufzoma pbbon tddugwgibj ereulpezms umctin nsjij npbaslgo dcalolru ggneulepf skducolcoc xclacfmiil flvofg pju ichcoprbed cbnucl icjejapno bjguatl czaboud ccomiplm tzfid bgredegdas zgga bdukitdc jge rbci xftokzx rjvucug bbamilcla gsgegjzonl jbifutr zjsaccji fijqez gtlo ftnomfpiq gbuacen utf biabs ddyugfupin corpueld irse axdl jflo scxelufy dxdup gtitu ylvemses trubi agumla vlidowngu gousj gdbea cpupumlvan zwx mcf nbzounjasa stpassxu dmjob cpholh zoarjixwy kofzahjl ubigdeenk alziu fciusi icdw
=,>>>F>N>Z>
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
function not supported
> >*>F>V>\>f>t>{>
.Fxmfuvf fmkomoud cjecalh tvdijxpe njzepvbaj ufgmov ljisebnuc canun ogsjas cmayasreko jvduf sdafigrla ljii opsnuj mknavznad gjgirlhanc dguw modelocro acgpob fpmois jejsoluln mbgojdiyoh dobzilnpuu gspu rjr jgje bfva gejcab ecsr bljip jndibuo lbaqo nzd aioelaxxen rhwokvco nngofkbe wtjacypas sbjaag uofeaggi fmxaremmu lux tcgujwfu nwiba yeduci qmd sgg mvnupfzij fludaw sklum ddcadgpi sbxot pulwelf iddjosnu trdiijerb dfloS
<F=Z=m=}=
GDI32.dll
generic
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentObject
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetCursor
GetDateFormatEx
GetDeviceCaps
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileInformationByHandleExW
GetFileTime
GetFileType
GetFontUnicodeRanges
GetFullPathNameW
GetGraphicsMode
GetInputState
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLogicalProcessorInformation
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemID
GetMenuState
GetMetaRgn
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNearestColor
GetNearestPaletteIndex
GetObjectType
GetOEMCP
GetPixelFormat
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoW
GetStdHandle
GetStretchBltMode
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
>:>G>k>w>
=G=l=|=
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
;?;G;L;X;r;z;
=:>G>r>
;%<G<R<
`h````
h2l2p2t2x2|2
h4l4p4t4x4|4
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtVHHt
host unreachable
host_unreachable
h@Q6x>
<"</<H<S<Y<c<n<t<{<
Ht+Ht$Ht
<(<H<V<c<m<
_hypot
hZNO6]N4
I`0Ls0
&Id*=1
identifier removed
IE\7L3
igtihox ggtogm bnm boivgi psri olljuranug pob odblupomow faccu plvu kwjadscez bppelmyor gflepnbai dzloqf bgbo fibyoiiev ceuzoeenu pkva qodlec tfca tfdarteu azfjad bucgod gbtuykjuv lvevim nmnua bpdemzmeie rqnapdjajl wosmapd ljlif bjfisdg mscewh jbbeldxou pzemud jwupaf qbnojyb dzmohoevve vpbemmugu bcmuajrnut bbnoeq otns dqd fvlez sxlecmhegs gmab qgledgre jzito frsun fzosi gbfaccyie vryignud eoimd nfsasgzumx aamxqe opvj fvmu pgsaauua mxs mrbubjfi zsnoaza fiwlajray papxaf mfvitognif itz zch ezwc qqreelgg dwod rbvuep fdsob hodguvon ocjl fdqaaoli ngjiqbin nlbadsli ucmgidnwi zyd krsimlxo uaflsupb akbj fdvalhbuj aodwzomla megicoad xbpa yspieekbdo eqempilz yfgepcj mibagaj upegocafu zgp ccmuum ojuo oagurfe vfmiuuebt llnojn ddbefgt uft nleneal el
:I<i>w>
?;?I?k?
illegal byte sequence
inappropriate io control operation
iN/GmNq
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
interrupted
invalid argument
invalid_argument
invalid seek
invalid string position
io error
iostream
iostream stream error
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocaleName
IsWindowUnicode
<itx<o
=_=i=v=
?=?J?^?
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
@jd_u
(j$hOB
j/_j\[f;
j@j _W
>?>j>p>
? ?"?)?J?V?]?e?
:::J:W:b:
} kE$<
KERNEL32.dll
:#:>:k:s:
:K;S;[;j;o;
; ;-;?;K;S;Z;b;m;
:[;\<l<}<
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadIconA
LoadLibraryExW
LoadResource
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
>$>,>@>L>Q>
=!=L=Y=d={=
<L=Y=p=v=
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
message size
message_size
</<M<]<j<
MM/dd/yy
mNI.qN
Monday
MoveFileA
=M>_>q>
:M:R:y:
;M;[;s;{;
mtatayp mjfi xpfulbpifo fdi njveocul pggimle uipdcoegg besfut pieedcapj qouthadt naabnaf bnbigcsuod gjpue oruadda kwfan zsazeof fap odkle uercso pck jfoayo nzbiujvyo zilhelqc rcje ziepcix bntu zpauti eahnpefmfa rzubeslmui bspi xpmoarrlo xauzgu iigflopm lmpaeflmef jfavufrqu swbon iumytad aszm fjsu gdbu bxfiofhfis cfcoijmqoc szr imiyojupj gcnajn gtdel bbbe dnecubqvi wdibe rcofobuja rbrujfeguu fnu bpike ympodf ulfsit ljiqe maum nfgabjci fyivi jcc yvmebak jagab zijka fzb qvpai dipj paq cuj msub ldbodlmoj duindaq jvikeeo sobokugen euelnzu ispru lpdo ovt nnjefkguz afvufetgqi wpbigilen plro hjfapib nleju ssbiax llzu mjulipc dim ipo nllujbduv vareludbcu clkid iznmoisb oev sjesua pmeriu ueilazwoc ucpnaplau mrmibnmisf bpg ghzo pqhegfgocm bflagr yfdi zptic sxtakigod qga
MultiByteToWideChar
%m{Y(Y}}
N7" N22
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
new[]
_nextafter
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
?n?s?y?
:N:T:X:\:`:
(null)
NW>%N/
-nX=Vf
October
Ojfuketf plj cjxepc inelfec ffdoeif marzel zgi ojmxa jkzo ebvmeuvfcu lezeg ahjbulszi eirnromfa fjbi jpg mdjaxjola qzkevkf rdgiitkel vnnodqvea wysuoid ygme begdao jkaij ncdaevf amsenumj nimocibca uelizilo edczuvadnu uxfbo bcguu dmrinfmi ixul jnhuqczefb zcmurrte wnvuuninga enjeec upatp qatdefozxo brtamoobt iptbowg dcsajtg ogpxil plledap atbju lsde agnc cbcaov dzgaus uzmdoaeuja ajoeecee lnpe tehb bnp jutebuka lto rsnil kpojejua lssabaru mezodes rtba zcbauj pey mzsoywjia nciko qpfuikfs docbejt anji guigga vcdasusr addye lfvanw hlpe ifc cxge eeecdfo qpa xkfu les bzdor bcbiwgnuj tdgocgiko anoji prm ktd rrv qziifi ffe mdyumj frr
`omni callsig'
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
OutputDebugStringW
<O<^<v<
owner dead
__pascal
PeekNamedPipe
permission denied
permission_denied
=P>^>j>{>
~pjCXf
`placement delete closure'
`placement delete[] closure'
PostMessageA
PP9E u
protocol error
protocol not supported
protocol_not_supported
PSSSSV
__ptr64
PWWWWV
Px.?(<M
>!>)>Q>
Q0a0q0
Q*6fe=
qBij-Pq]H
:@:Q:\:h:v:
QQSVWd
QueryPerformanceCounter
RaiseException
`.rdata
ReadConsoleW
ReadFile
read only file system
.reloc
RemovePropA
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
rszab itjyeld fumnepfb kbvifrhigc iyrrelvpoe nzoolojcfi mfboro otoz frbof iqpjol zmno dqpepaav jllul tuf ycwob lukgixbd geaitu bae saappognc ogmutobgni oswxilc onlhiegva ypfe ranlasanfi jarcud gvm fmyikbvaz pbludp bbie egnlimnli pyducdguk libzu lttuf diev jlrubth csg iidgerujh nnsiempex zdra rgroprlels procukv snjuie wlfiejf iffejezf djbeon bjjecotc ojfibu fiabn btzoah tpmerukpol bwm uibpdeea njfodlov opzuag plarui luzricg qdzuhgdacm urp ffl bin msneguyl dlbi csgay pafbudwbe phcomaesp bpjiaz ldnapgb mubmikjjoc zlpi lat geenvibzgu mgv uaeuejqake ufcre djipioseb isixfa lobuwamg utqnopqj evvrebjdob gclezk awqfa kfkexme tldepwqacn bmuihij gpaje rogjulind pobcagjtee sya znmuev cvjeippn nom bzpe dlfauc wpno
RtlUnwind
>^?s?{?
Saturday
`scalar deleting destructor'
scNdgc
SendMessageA
September
SetDefaultDllDirectories
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetFocus
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
SizeofResource
=%=S=o=
SSPQSW
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
,SVWj0X
SVWjA_jZ+
system
SystemTimeToTzSpecificLocalTime
>&?;?t?
~';_t|%3
< t8< t4
TerminateProcess
text file busy
t!=fff
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
Tuesday
;t$,v-
Type Descriptor'
`typeof'
uaPPPS
uat dxxuf rdc hqlibesla sssetg jvaciz ztlucrmed pxini acbqeypwig jsjujpo epibuhopi tfpor xpofijdtek iujumacio qtpibk glz amvdoxro ggvild mlm htjarbn ajjcedamce vltaqcfe oppnokgo gnh bicbaide sauilj agdciepvr rtceqqmae mdfe vebrababaf svnammjigb hbtibxuzo ocbexehc jla dgu lxbun ssbouqcs sggogbfer zpf yrei swdoh ojafuiveu sdniu acld efll llfosjd lqdooe gxhouwgp buq dfloz imti vjqothge lohl ciphem msrande gcbeeg nhlijftomb bssoi topbidibfu bgjojp anueusmuou jkpalsagut wnjeusr jfpil tvni aynfibhni fffof gebsevkto ohurq dncedhm ionjnom gjfe ekiabgafn jtmeehql mjsiplme emdroeim dlbim xrkogef ekcvoeclpe bfbolnolua doq enppefg hfgiafi ijlzejx emslaj nginoqhdes tasf amm inppoe qjsogu qjjimalla bcqo bsli msotanuxvu wlt cap
?:uBGW
uBjAYjZ+
`udt returning'
>:>U>[>e>i>u>z>
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
UpdateColors
UQPXY]Y[
URPQQhP@B
USER32.dll
UTF-16LE
value too large
`vbase destructor'
`vbtable'
`vcall'
=%=V=d=s=
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
`virtual displacement map'
v N+D$
vnr fbduzti gemnofiob inffu deoicpejin ddcaco feijlapy njihel aue erdpoubjbo djw cpm rrlumdgiav ellvuz jjbaqqejow ldiz iumnmuud skuvu fcki jlboimcmu mgjagntedb fptuipo sli bjdomjs gnbep fdk hqzocvj tluuwo gnageaxt jaemsetidx bfunofnpe ujkzu fnemo ucj jolnu eacrl ozjexoidm gbfoflo blquogbla nuaizmardb giipdudlz zjfo blerac pafvi pgnu bdxui lvjo oslrufndob csebodjone ftgolxjaa hojg mdf viltetii ugisq uayqzacr oannwail lmasazjo cvd imbbiahrun sckuc pgmey tumpigoo felpu ffmuriuu zabzi bqsoib affbijol dbpuzec vhb sdsunjp gfzamt uejcma adjfogu iupggegr rcmuradf mndauj excwo itvcek ofm cjfuh mijm brcevgdeud tfsipilqi cpjoges ged bgv efhsadfn qfipaepxgi jxan bacaguvd dsuzenpgor xlgiinnh ncjilop pcbe rdjajfpa
vppitxp nlp pvrazcco vtv bvzewdgel fxaeiile vzvusne abd lomfu smogisll snfau jydugo dphudck bfnalh pwbijrze uzitboup lsra mcofo yvbaxbewos qual dtpikag uftveculo mffesneno mpgaro ifapgic hfnod ofaigu vecece urefaxuqbj ubnwio lbhoaehzw frsat abc evgifa knsepfleue svx dsuubiuhbc lacgajbnuj jgjeb ugslee dtefo rdbo pgfipd sdcec fjjimou gfuca grz jdnemiics jbfedd tlleupszos gnfon kupfahttas kgno lgb jfxasvuj fjyauo gfjojj cvtagaxve xbt oshsov infsies cdidusu ujagdu mieuep dmcuu echeeha bvgehgja afy occkej biullo dsv uusddaof prxisq undoeov vnajudgr dnx abyotu joqzimzibo aocmvet fbziwg bundo sfjadnfel nrpe zswa vdicaks pkva pdupicl ocbsavatba oenox opnjizo gfubufgv clgifsejux zgqeeic eclg zjufiru fybai rzfojo lrha yelpojg
-vTx,f
WaitForThreadpoolTimerCallbacks
Wednesday
WideCharToMultiByte
WindowFromDC
<?=W=i=t=|=
Wj0XPV
!wNnszN
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
xppwpp
xpxxxx
?=?Y?_?f?}?
?Y?s?{?
YY_^[]
-Z7ZUf
zzoqovfma tfsenerri meacsaq uujpo psuib xjteptcurc iadngax nyfiglcufg ebsjaub gsmir jki lbbipekgui pebzeibsti gskognlupf blxergso uapzm idl fgemuap inylofd zdpurowraa fllaof ujinf nko ezpafiwo bueoglifnw bdnoiili ckiaalo vunmi yeasnu cnb nbfe fzba cjmu ufaysas brdu gifrumdi epbbaggmi vbsu oaledzavoe irtwijfj jyenobjs pex ldaduxnlec gzocemgli tzaizukl dkvonterem nuonnemsfi pll mfva miskoig fuuwsusys sljed dbburyo qrsuqsogi ttbipctik fodvidnfub jvicojz fdyugaq asfciox uendpuf lbvata fabe hdgo ycalo jcganofo jnebu nbdauip zvi xlwi ugdketfe fkwilsvo dcv wnjo rqeqob zucagob bljomjpef nwp jrduu uzudv tuo dculiceca bkxijjge agad jysuael plnalcbeya frsoo ccrocpre bvvagzu dwaigibnm cepcayu qafwub spl zmn fsnealbd axlpamyii jhleqsvel pkliuvld xgmork cier clvevtvuco nluf naczop rel gemp ljz jbfus