Analysis Date2015-11-05 19:58:38
MD573c358635f41878d3241e2b64368a014
SHA1094d803a9ab76bb8c8a5ae2790b0f7e6b51276be

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c7ab859f096d37fd7d976bfceb88f54f sha1: ff5fbf441402b22928dea16e682714060d69ad67 size: 62976
Section.rdata md5: 5c0f35f1f6b768507b17af0a0b9ffb05 sha1: b9b2f2721dbfc034017a3070d559822eb14088d1 size: 5632
Section.data md5: 4a6aee6debc2dd15e3425736a1926d74 sha1: ed62e1d89df7a9e06eade01ee469b852607f1d76 size: 14336
Section.rsrc md5: 1efd536efce5215c5a34829ed90077b7 sha1: d846c3509509694a0eeb1a49b1da867d1bfcc8dc size: 2048
Timestamp2001-02-05 11:02:39
PackerMicrosoft Visual C++ 5.0
PEhashe1c9c6fef116990dc2fd22d1ac388b4123332852
IMPhash4e66537e573d3a8eea3c527242281ebc
AVRisingNo Virus
AVMcafeeDownloader-FSH!73C358635F41
AVAvira (antivir)TR/Crypt.ZPACK.87688
AVTwisterTrojan.Cap147283.myku
AVAd-AwareGen:Variant.Dyreza.4
AVAlwil (avast)Agent-AUID [Trj]
AVEset (nod32)Win32/Kryptik.CHGQ
AVGrisoft (avg)SHeur4.BYTL
AVSymantecDownloader.Upatre!gen5
AVFortinetW32/CPacker.D!tr
AVBitDefenderGen:Variant.Dyreza.4
AVK7No Virus
AVMicrosoft Security EssentialsTrojan:Win32/Bagsu!rfn
AVMicroWorld (escan)Gen:Variant.Dyreza.4
AVMalwareBytesBackdoor.Papras
AVAuthentiumNo Virus
AVFrisk (f-prot)No Virus
AVIkarusTrojan-Spy.Agent
AVEmsisoftGen:Variant.Dyreza.4
AVZillya!No Virus
AVKasperskyTrojan.Win32.Generic
AVTrend MicroTROJ_CROWTI.SMN2
AVCAT (quickheal)TrojanPWS.Kegotip.WR4
AVVirusBlokAda (vba32)No Virus
AVPadvishNo Virus
AVBullGuardGen:Variant.Dyreza.4
AVArcabit (arcavir)Gen:Variant.Dyreza.4
AVClamAVNo Virus
AVDr. WebTrojan.DownLoad.64914
AVF-SecureGen:Variant.Dyreza.4
AVCA (E-Trust Ino)No Virus
AVRisingNo Virus
AVMcafeeDownloader-FSH!73C358635F41
AVAvira (antivir)TR/Crypt.ZPACK.87688
AVTwisterTrojan.Cap147283.myku
AVAd-AwareGen:Variant.Dyreza.4
AVAlwil (avast)Agent-AUID [Trj]
AVEset (nod32)Win32/Kryptik.CHGQ
AVGrisoft (avg)SHeur4.BYTL
AVSymantecDownloader.Upatre!gen5
AVFortinetW32/CPacker.D!tr
AVBitDefenderGen:Variant.Dyreza.4
AVK7No Virus
AVMicrosoft Security EssentialsTrojan:Win32/Bagsu!rfn
AVMicroWorld (escan)Gen:Variant.Dyreza.4
AVMalwareBytesBackdoor.Papras
AVAuthentiumNo Virus
AVFrisk (f-prot)No Virus
AVIkarusTrojan-Spy.Agent

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\pacjotbofipa ➝
C:\Documents and Settings\Administrator\pacjotbofipa.exe
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mavlet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\lgwpc[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\betapak[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\aengus[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\t-cmfg[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\abril35[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\wijeya[1].htm
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\abril35[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\hosieree[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\deszr[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\wijeya[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\apbuck[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\bamalba[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\apbuck[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\rapas[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\scbcn[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\minkasha[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\nelipak[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\kombfm[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\markwane[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\nwhn[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\gpp-co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\bcmetals[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\nyplaw[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\deszr[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kumaden[1].htm
Creates FileC:\Documents and Settings\Administrator\pacjotbofipa.exe
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\harwig[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\lgwpc[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\cccfcpa[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\horizoe[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ireg[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\kurozu.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\horizoe[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\srand[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\kwerk[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\jewster[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tenmanya[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\absoft[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\nwhn[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\bamalba[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\rupaul[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\hrinet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\safespan[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\curlisto[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kodapost[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\sisgate[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\dixi-car[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\tenmanya[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\clogwild[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\aicp.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\scbcn[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ysado[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\nobatel[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\lab80[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\plyny[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\pelicin[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\absoft[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\ealdoen[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\gocore[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\safespan[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\ptfe[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\harwig[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\plyny[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\kodapost[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\dixi-car[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\oxilog[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\markwane[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\kurozu.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\jewster[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\mmd-i[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\suidou[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\bcmetals[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\vsell.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\betapak[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\asta[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\gpp-co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\aicp.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\nyplaw[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\hrinet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\b-und-p[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\jroy[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ludomemo[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\oxilog[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ireg[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\mmd-i[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\oozkranj[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\ysado[1].htm
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\hojstrup[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\cosas.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\srand[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\curlisto[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\rapas[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\findbc[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tusende[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\lab80[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kombfm[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\hosieree[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\b-und-p[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\upaep.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\upaep.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\t-cmfg[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\cccfcpa[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\minkasha[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\asta[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\aengus[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\sisgate[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\findbc[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\cosas.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\gocore[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\vsell.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\rupaul[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\ludomemo[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kwerk[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\clogwild[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tusende[2].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ptfe[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\hojstrup[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\pelicin[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\xpal.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\kumaden[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\nelipak[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\jroy[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\mavlet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\oozkranj[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\nobatel[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ealdoen[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\suidou[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\jewster[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mavlet[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tenmanya[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\lgwpc[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\minkasha[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\betapak[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\asta[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\absoft[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\nwhn[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\mmd-i[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\aengus[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\t-cmfg[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\rupaul[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\abril35[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\safespan[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\suidou[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\wijeya[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\curlisto[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\sisgate[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kodapost[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\dixi-car[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\vsell.com[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\clogwild[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\bamalba[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\apbuck[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\rapas[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\scbcn[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\gpp-co[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\nyplaw[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\aicp.co[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kwerk[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\hrinet[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\kombfm[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ysado[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\hojstrup[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ludomemo[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\bcmetals[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\lab80[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\deszr[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\plyny[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kumaden[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\pelicin[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\harwig[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\nelipak[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\cccfcpa[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\gocore[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\jroy[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\ptfe[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\srand[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\oozkranj[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\cosas.com[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\nobatel[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ireg[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tusende[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\findbc[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\oxilog[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ealdoen[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\markwane[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\kurozu.co[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\horizoe[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\hosieree[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\b-und-p[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\upaep.com[1].htm
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutexpacjotbofipa
Winsock DNSysado.com
Winsock DNScosas.com.ec
Winsock DNSharwig.nl
Winsock DNSminkasha.com
Winsock DNStusende.de
Winsock DNSptfe.ch
Winsock DNSbamalba.com
Winsock DNSplyny.com
Winsock DNSatb-lit.com
Winsock DNSsafespan.com
Winsock DNSaengus.at
Winsock DNSbcmetals.com
Winsock DNS3anet.com.tw
Winsock DNSsuidou.org
Winsock DNScurlisto.com
Winsock DNSmavlet.com
Winsock DNSrupaul.com
Winsock DNSwijeya.lk
Winsock DNSclogwild.com
Winsock DNSludomemo.com
Winsock DNSealdoen.com
Winsock DNShostment.com
Winsock DNSjroy.net
Winsock DNSmarkwane.com
Winsock DNSrapas.net
Winsock DNSb-und-p.com
Winsock DNSjewster.com
Winsock DNSapbuck.com
Winsock DNSbetapak.com
Winsock DNSkodapost.ru
Winsock DNSireg.fr
Winsock DNSlab80.it
Winsock DNSsrand.jp
Winsock DNSt-cmfg.com
Winsock DNSkurozu.co.jp
Winsock DNSnelipak.nl
Winsock DNScccfcpa.com
Winsock DNSupaep.com.uy
Winsock DNS2crsi.com
Winsock DNShorizoe.com
Winsock DNSxpal.com.mx
Winsock DNSscbcn.com
Winsock DNSnwhn.org
Winsock DNSnobatel.com
Winsock DNSsompirt.com
Winsock DNSsisgate.com
Winsock DNSaicp.co.jp
Winsock DNSmmd-i.com
Winsock DNSbizzly.ru
Winsock DNShojstrup.dk
Winsock DNSdixi-car.pl
Winsock DNSkombfm.com
Winsock DNSvsell.com.tw
Winsock DNSnyplaw.com
Winsock DNSasta.pl
Winsock DNSlgwpc.com
Winsock DNSpelicin.com
Winsock DNSfindbc.com
Winsock DNSkwerk.ca
Winsock DNSgocore.com
Winsock DNShosieree.com
Winsock DNSabril35.com
Winsock DNSoxilog.com
Winsock DNShrinet.org
Winsock DNSoozkranj.com
Winsock DNStenmanya.net
Winsock DNSabsoft.com
Winsock DNSdeszr.com
Winsock DNSkumaden.com
Winsock DNSgpp-co.com

Network Details:

DNSscbcn.com
Type: A
5.57.226.41
DNSabsoft.com
Type: A
204.197.245.74
DNScccfcpa.com
Type: A
192.254.210.123
DNSkumaden.com
Type: A
49.212.180.178
DNSealdoen.com
Type: A
178.255.225.231
DNSoxilog.com
Type: A
212.83.182.50
DNSaicp.co.jp
Type: A
124.40.7.147
DNSkodapost.ru
Type: A
94.79.54.163
DNSmavlet.com
Type: A
84.95.248.125
DNSdixi-car.pl
Type: A
87.98.234.101
DNShorizoe.com
Type: A
124.146.218.231
DNSireg.fr
Type: A
95.142.170.145
DNSb-und-p.com
Type: A
80.190.243.150
DNShosieree.com
Type: A
216.73.117.26
DNSgpp-co.com
Type: A
98.129.90.58
DNSvsell.com.tw
Type: A
220.130.220.65
DNSysado.com
Type: A
67.222.143.75
DNSharwig.nl
Type: A
213.171.65.103
DNSplyny.com
Type: A
62.109.134.56
DNSgocore.com
Type: A
209.151.241.76
DNSmarkwane.com
Type: A
109.169.46.54
DNSsisgate.com
Type: A
112.78.112.60
DNSt-cmfg.com
Type: A
174.136.65.131
DNSjewster.com
Type: A
69.163.226.151
DNSsuidou.org
Type: A
157.112.144.16
DNSaengus.at
Type: A
80.237.133.19
DNSlab80.it
Type: A
95.110.208.215
DNSupaep.com.uy
Type: A
190.64.74.37
DNSjroy.net
Type: A
69.163.152.182
DNShrinet.org
Type: A
72.251.217.35
DNSptfe.ch
Type: A
213.180.183.82
DNSmmd-i.com
Type: A
188.121.41.53
DNSrapas.net
Type: A
217.174.156.7
DNScosas.com.ec
Type: A
216.227.214.177
DNSbetapak.com
Type: A
213.142.136.98
DNSnyplaw.com
Type: A
50.28.49.43
DNShostment.com
Type: A
114.108.129.200
DNS2crsi.com
Type: A
198.100.152.1
DNSpelicin.com
Type: A
141.8.224.169
DNSfindbc.com
Type: A
199.167.17.149
DNScurlisto.com
Type: A
184.154.55.66
DNSminkasha.com
Type: A
202.181.99.38
DNSbcmetals.com
Type: A
185.35.248.241
DNSrupaul.com
Type: A
209.161.20.68
DNSapbuck.com
Type: A
24.73.155.34
DNSapbuck.com
Type: A
104.183.199.129
DNStusende.de
Type: A
85.13.139.105
DNSasta.pl
Type: A
79.96.91.146
DNSoozkranj.com
Type: A
104.28.16.50
DNSoozkranj.com
Type: A
104.28.17.50
DNSsafespan.com
Type: A
173.205.127.22
DNSkombfm.com
Type: A
173.254.120.56
DNSnobatel.com
Type: A
200.93.248.104
DNShojstrup.dk
Type: A
176.9.33.165
DNSbamalba.com
Type: A
121.254.171.174
DNSlgwpc.com
Type: A
208.94.239.126
DNSnwhn.org
Type: A
64.207.183.100
DNSkurozu.co.jp
Type: A
202.208.172.129
DNSclogwild.com
Type: A
66.84.0.137
DNSwijeya.lk
Type: A
203.143.20.8
DNSkwerk.ca
Type: A
69.163.152.70
DNSnelipak.nl
Type: A
82.201.61.230
DNSabril35.com
Type: A
82.98.160.142
DNSsrand.jp
Type: A
219.109.38.59
DNStenmanya.net
Type: A
182.48.14.145
DNSludomemo.com
Type: A
81.88.48.71
DNSdeszr.com
Type: A
162.210.98.151
DNSbizzly.ru
Type: A
DNS3anet.com.tw
Type: A
DNSatb-lit.com
Type: A
DNSsompirt.com
Type: A
HTTP POSThttp://kumaden.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ealdoen.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cccfcpa.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://absoft.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://scbcn.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://oxilog.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://aicp.co.jp/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://kodapost.ru/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://mavlet.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cccfcpa.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://kumaden.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://oxilog.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://absoft.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://kodapost.ru/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://aicp.co.jp/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ealdoen.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://scbcn.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://mavlet.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://dixi-car.pl/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://horizoe.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://dixi-car.pl/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ireg.fr/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://horizoe.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://b-und-p.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://hosieree.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://gpp-co.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ireg.fr/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vsell.com.tw/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ysado.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://b-und-p.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://hosieree.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://harwig.nl/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://gpp-co.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://vsell.com.tw/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ysado.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://harwig.nl/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://plyny.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://gocore.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://plyny.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://gocore.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://markwane.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://sisgate.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://t-cmfg.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://markwane.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://jewster.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://suidou.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://aengus.at/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://sisgate.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://lab80.it/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://t-cmfg.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://jewster.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://suidou.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://lab80.it/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://aengus.at/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://upaep.com.uy/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://jroy.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://upaep.com.uy/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://jroy.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://hrinet.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://hrinet.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ptfe.ch/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://mmd-i.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://rapas.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ptfe.ch/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cosas.com.ec/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://betapak.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://rapas.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://mmd-i.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nyplaw.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://cosas.com.ec/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nyplaw.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://betapak.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://hostment.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://2crsi.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://pelicin.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://findbc.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://pelicin.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://findbc.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://curlisto.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://curlisto.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://minkasha.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://bcmetals.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://rupaul.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://apbuck.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://minkasha.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://bcmetals.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://rupaul.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://apbuck.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tusende.de/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://asta.pl/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tusende.de/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://asta.pl/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://oozkranj.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://safespan.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://oozkranj.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://safespan.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://kombfm.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nobatel.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://kombfm.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nobatel.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://hojstrup.dk/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://bamalba.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://lgwpc.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nwhn.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://hojstrup.dk/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://bamalba.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://lgwpc.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nwhn.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://kurozu.co.jp/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://kurozu.co.jp/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://clogwild.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://wijeya.lk/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://clogwild.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://kwerk.ca/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://wijeya.lk/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nelipak.nl/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://kwerk.ca/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nelipak.nl/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://abril35.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://srand.jp/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tenmanya.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ludomemo.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://abril35.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://srand.jp/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tenmanya.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://ludomemo.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://deszr.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1040 ➝ 49.212.180.178:80
Flows TCP192.168.1.1:1035 ➝ 178.255.225.231:80
Flows TCP192.168.1.1:1036 ➝ 192.254.210.123:80
Flows TCP192.168.1.1:1037 ➝ 204.197.245.74:80
Flows TCP192.168.1.1:1038 ➝ 5.57.226.41:80
Flows TCP192.168.1.1:1039 ➝ 212.83.182.50:80
Flows TCP192.168.1.1:1041 ➝ 124.40.7.147:80
Flows TCP192.168.1.1:1042 ➝ 94.79.54.163:80
Flows TCP192.168.1.1:1043 ➝ 84.95.248.125:80
Flows TCP192.168.1.1:1044 ➝ 192.254.210.123:80
Flows TCP192.168.1.1:1045 ➝ 49.212.180.178:80
Flows TCP192.168.1.1:1046 ➝ 212.83.182.50:80
Flows TCP192.168.1.1:1047 ➝ 204.197.245.74:80
Flows TCP192.168.1.1:1048 ➝ 94.79.54.163:80
Flows TCP192.168.1.1:1049 ➝ 124.40.7.147:80
Flows TCP192.168.1.1:1050 ➝ 178.255.225.231:80
Flows TCP192.168.1.1:1051 ➝ 5.57.226.41:80
Flows TCP192.168.1.1:1052 ➝ 84.95.248.125:80
Flows TCP192.168.1.1:1053 ➝ 87.98.234.101:80
Flows TCP192.168.1.1:1054 ➝ 124.146.218.231:80
Flows TCP192.168.1.1:1055 ➝ 87.98.234.101:80
Flows TCP192.168.1.1:1056 ➝ 95.142.170.145:80
Flows TCP192.168.1.1:1057 ➝ 124.146.218.231:80
Flows TCP192.168.1.1:1058 ➝ 80.190.243.150:80
Flows TCP192.168.1.1:1059 ➝ 216.73.117.26:80
Flows TCP192.168.1.1:1060 ➝ 98.129.90.58:80
Flows TCP192.168.1.1:1061 ➝ 95.142.170.145:80
Flows TCP192.168.1.1:1062 ➝ 220.130.220.65:80
Flows TCP192.168.1.1:1063 ➝ 67.222.143.75:80
Flows TCP192.168.1.1:1064 ➝ 80.190.243.150:80
Flows TCP192.168.1.1:1065 ➝ 216.73.117.26:80
Flows TCP192.168.1.1:1066 ➝ 213.171.65.103:80
Flows TCP192.168.1.1:1067 ➝ 98.129.90.58:80
Flows TCP192.168.1.1:1068 ➝ 220.130.220.65:80
Flows TCP192.168.1.1:1069 ➝ 67.222.143.75:80
Flows TCP192.168.1.1:1070 ➝ 213.171.65.103:80
Flows TCP192.168.1.1:1071 ➝ 62.109.134.56:80
Flows TCP192.168.1.1:1072 ➝ 209.151.241.76:80
Flows TCP192.168.1.1:1073 ➝ 62.109.134.56:80
Flows TCP192.168.1.1:1074 ➝ 209.151.241.76:80
Flows TCP192.168.1.1:1075 ➝ 109.169.46.54:80
Flows TCP192.168.1.1:1076 ➝ 112.78.112.60:80
Flows TCP192.168.1.1:1077 ➝ 174.136.65.131:80
Flows TCP192.168.1.1:1078 ➝ 109.169.46.54:80
Flows TCP192.168.1.1:1079 ➝ 69.163.226.151:80
Flows TCP192.168.1.1:1080 ➝ 157.112.144.16:80
Flows TCP192.168.1.1:1081 ➝ 80.237.133.19:80
Flows TCP192.168.1.1:1082 ➝ 112.78.112.60:80
Flows TCP192.168.1.1:1083 ➝ 95.110.208.215:80
Flows TCP192.168.1.1:1084 ➝ 174.136.65.131:80
Flows TCP192.168.1.1:1085 ➝ 69.163.226.151:80
Flows TCP192.168.1.1:1086 ➝ 157.112.144.16:80
Flows TCP192.168.1.1:1087 ➝ 95.110.208.215:80
Flows TCP192.168.1.1:1088 ➝ 80.237.133.19:80
Flows TCP192.168.1.1:1089 ➝ 190.64.74.37:80
Flows TCP192.168.1.1:1090 ➝ 69.163.152.182:80
Flows TCP192.168.1.1:1091 ➝ 190.64.74.37:80
Flows TCP192.168.1.1:1092 ➝ 69.163.152.182:80
Flows TCP192.168.1.1:1093 ➝ 72.251.217.35:80
Flows TCP192.168.1.1:1094 ➝ 72.251.217.35:80
Flows TCP192.168.1.1:1095 ➝ 213.180.183.82:80
Flows TCP192.168.1.1:1096 ➝ 188.121.41.53:80
Flows TCP192.168.1.1:1097 ➝ 217.174.156.7:80
Flows TCP192.168.1.1:1098 ➝ 213.180.183.82:80
Flows TCP192.168.1.1:1099 ➝ 216.227.214.177:80
Flows TCP192.168.1.1:1100 ➝ 213.142.136.98:80
Flows TCP192.168.1.1:1101 ➝ 217.174.156.7:80
Flows TCP192.168.1.1:1102 ➝ 188.121.41.53:80
Flows TCP192.168.1.1:1103 ➝ 50.28.49.43:80
Flows TCP192.168.1.1:1104 ➝ 216.227.214.177:80
Flows TCP192.168.1.1:1105 ➝ 50.28.49.43:80
Flows TCP192.168.1.1:1106 ➝ 213.142.136.98:80
Flows TCP192.168.1.1:1107 ➝ 114.108.129.200:80
Flows TCP192.168.1.1:1108 ➝ 198.100.152.1:80
Flows TCP192.168.1.1:1109 ➝ 141.8.224.169:80
Flows TCP192.168.1.1:1110 ➝ 199.167.17.149:80
Flows TCP192.168.1.1:1111 ➝ 141.8.224.169:80
Flows TCP192.168.1.1:1112 ➝ 199.167.17.149:80
Flows TCP192.168.1.1:1113 ➝ 184.154.55.66:80
Flows TCP192.168.1.1:1114 ➝ 184.154.55.66:80
Flows TCP192.168.1.1:1115 ➝ 202.181.99.38:80
Flows TCP192.168.1.1:1116 ➝ 185.35.248.241:80
Flows TCP192.168.1.1:1117 ➝ 209.161.20.68:80
Flows TCP192.168.1.1:1118 ➝ 24.73.155.34:80
Flows TCP192.168.1.1:1119 ➝ 202.181.99.38:80
Flows TCP192.168.1.1:1120 ➝ 185.35.248.241:80
Flows TCP192.168.1.1:1121 ➝ 209.161.20.68:80
Flows TCP192.168.1.1:1122 ➝ 24.73.155.34:80
Flows TCP192.168.1.1:1123 ➝ 85.13.139.105:80
Flows TCP192.168.1.1:1124 ➝ 79.96.91.146:80
Flows TCP192.168.1.1:1125 ➝ 85.13.139.105:80
Flows TCP192.168.1.1:1126 ➝ 79.96.91.146:80
Flows TCP192.168.1.1:1127 ➝ 104.28.16.50:80
Flows TCP192.168.1.1:1128 ➝ 173.205.127.22:80
Flows TCP192.168.1.1:1129 ➝ 104.28.16.50:80
Flows TCP192.168.1.1:1130 ➝ 173.205.127.22:80
Flows TCP192.168.1.1:1131 ➝ 173.254.120.56:80
Flows TCP192.168.1.1:1132 ➝ 200.93.248.104:80
Flows TCP192.168.1.1:1133 ➝ 173.254.120.56:80
Flows TCP192.168.1.1:1134 ➝ 200.93.248.104:80
Flows TCP192.168.1.1:1135 ➝ 176.9.33.165:80
Flows TCP192.168.1.1:1136 ➝ 121.254.171.174:80
Flows TCP192.168.1.1:1137 ➝ 208.94.239.126:80
Flows TCP192.168.1.1:1138 ➝ 64.207.183.100:80
Flows TCP192.168.1.1:1139 ➝ 176.9.33.165:80
Flows TCP192.168.1.1:1140 ➝ 121.254.171.174:80
Flows TCP192.168.1.1:1141 ➝ 208.94.239.126:80
Flows TCP192.168.1.1:1142 ➝ 64.207.183.100:80
Flows TCP192.168.1.1:1143 ➝ 202.208.172.129:80
Flows TCP192.168.1.1:1144 ➝ 202.208.172.129:80
Flows TCP192.168.1.1:1145 ➝ 66.84.0.137:80
Flows TCP192.168.1.1:1146 ➝ 203.143.20.8:80
Flows TCP192.168.1.1:1147 ➝ 66.84.0.137:80
Flows TCP192.168.1.1:1148 ➝ 69.163.152.70:80
Flows TCP192.168.1.1:1149 ➝ 203.143.20.8:80
Flows TCP192.168.1.1:1150 ➝ 82.201.61.230:80
Flows TCP192.168.1.1:1151 ➝ 69.163.152.70:80
Flows TCP192.168.1.1:1152 ➝ 82.201.61.230:80
Flows TCP192.168.1.1:1153 ➝ 82.98.160.142:80
Flows TCP192.168.1.1:1154 ➝ 219.109.38.59:80
Flows TCP192.168.1.1:1155 ➝ 182.48.14.145:80
Flows TCP192.168.1.1:1156 ➝ 81.88.48.71:80
Flows TCP192.168.1.1:1157 ➝ 82.98.160.142:80
Flows TCP192.168.1.1:1158 ➝ 219.109.38.59:80
Flows TCP192.168.1.1:1159 ➝ 182.48.14.145:80
Flows TCP192.168.1.1:1160 ➝ 81.88.48.71:80
Flows TCP192.168.1.1:1161 ➝ 162.210.98.151:80

Raw Pcap

Strings
.
..D
\
.
.A
Generate
         (((((                  H
MS Sans Serif
Quit
update.exe
`$@@@@@@
"""""""
@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@@
@@@@@@@@@@
@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@
@@@@@@@%@
&@)@@@
	@@@@@@
@0/=:|
00@0@0
00@0@0,
00@0@0@
00@0@0AU
00@0@0G!
00@0@0GMA
00@0@0H
000b@4@
000b@4@@
000b@4@4?A(
000b@4@/`En@
000zs4X
0@2H@%
0=3ck{5
@<0@4D
0A/k8CJu
0c@@.A
0c@@@@@X
0Dq2(@L
0*|LA(])
#0O@Bk
0Uk@Opk/@
1ABvcD@B
{1@H48
@1P(Tb
!=1RJdL
@25@@@@@h@h@
2A@q6,g}
2bb8`B
2DP%G{4=0,
@2{hNA
@)!2PVA
2Qe`4c*%4D
*$2q@K
@2@@@@@X
#33""""
34mHDv
 3$5Cb
3bbRA(
3HH@4@blA
=|3pO<
3!@WH @@@@@@
3wJ```
@@@@@4
@4@/```
4@@\#%
4{0/B9i$
44"Y!f@0
4[,7=GBb
4%ARiPCn0
4AT@}8
/4@@b0
,4BIj'
4c4@@b0
4Ce@@g
@4DbHL.`
*@4!E8?
4@@@FA
4$gkpAApD@
4%HAVb
-4@JsC/
|4@LbNq{
4@@n@A
@4S@@@@@h@h@
4@SNtHEc
4X.L`w:]zC
!51 @@
5bOnzy
@5Fbibw&I2<
5g !q@VsA
5H}{r%
5j-b&XH
5M/A?&@@@@@h@h@
6|@@@@
@@@@|6a
6sD@@:cC\c$@
@@@@@6xC
@@73B_c@ld
<78]ykd
7@@@@@h@h@
8@@@@@@
8_$0<M
|.83AX
*88{{t@L
8A-c8R
8B@A`@
8D H9/
@{8nbhu
8r~mY@
!A@@@@
@@@@@A
A@``@\
@@@A2t%E6`DC
A42@2t
@@A4cU260
A,4N2.@
A@`4np
}AAp )
_@AA]}!Z
 @`AB@
abnormal program termination
A@&c|A
AC@A`@
A@c gA$
A cr4+
@AGH|X@@@
@A@@@h
A@`\H$
%@@Ai6qCI
AIC4@@@@@h@h@
@@Aj@%
A@`K)B{@A@
ALR@C@
ALx@nH6
	:@A($O
AOb5P@
AODs%j
Ap%4,@@8
 AP4[)I(x
@@@@@APA
ApEO8bP
=%ARB|@
</assembly>
<assemblyIdentity
		<assemblyIdentity
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
{AUEC&
Av@Bs@`
AvmR@f
AVWAf9
)b@@@@@@
@@@@b^
b@@@@@@
@@B@``
B0@@@@@X
B1@@@h
b1)\tC
.b2cF~E
B`@4@O
@b@4s@=n
@b58}@
bA@@$2k
bA$(Br
BAH8=/GKA=&
BA(SV|T
bA^xAv
/Bb5BH
@bbb	E
BBbF|s2
$.BbdU?
b@BMb}c(
@@@B`bP
BBW$sz
bB=!z4
@@@bc^
BCGEr@@@
[\B%,cj
@#bd0q
bd5V>JHRX
bDAOClP8C
B~d)g?
be	gW@0mp
bEw|Gu#
bFA@s@
(Bfyp{@
BG@@$ 
@@BGi4
B@@@@@h@h@
bHhwy"b
B@,H-k
biO@g=
b<iqL%
bI@@@@X
bJs.\wsA
bK<Mw:
bK@&@O
Bl`b;B
$B{#ll
=:BN@@@h
bO<@%49c
b@OL5<HJ
BpA@E@O
@@@ b(Pb
bP* BA4
@BP@DV@MG
BR 4#A}w
((bR 6hzr
bRA8d%@byB|
%BTU8@0
bu3@}A
BUAs2gO
BUEgu@\
Button
Bwy\gKh,j
b'@@@@X
b@@@@X
byK:Dh
b-zcbI
<c@@@@
c@}@)%
(c4@@b0
c4@@b0
@C5It}P
cA1C`u
Cancel
CaPJ@g@d14a
CA]@@@@X
C@@AyX<
cB?7B,
@cbhO@@@@X
cbZt*B
C@c6@@@
,@cd0~
C@{>dD
cFQ%gP~
c@@@@@h@h@
/=^C>*IB#
c`IT,v
clH@"bXAb
cLJp&IpA
CloseHandle
^@cLXmt
COMCTL32.dll
CpbHDvn0eR
c)P@Cb*
C$PHF4
cPT2@A@h
CreateFileA
CreateWindowExA
+cRgD3.Hn
@ctyS@
cUADx@@@@
cUPOvU
=;Cx,!b
@cYQ,@{bA
@@@@@D
@@@D@<
D$ _^]
D4=FBU
`%*'dA
dA@@`E
@.data
db0FlE
DB[A2DQ'@$s
DCHkBG
@@@$dcKB(Bd
DDDDDDD
DDFfdDD
dE0@0@
DefWindowProcA
</dependency>
<dependency>
	</dependentAssembly>
	<dependentAssembly>
<description></description>
DestroyWindow
D%gA4C
"DhA5C3(@
]dIcdbr
DispatchMessageA
@@@DLJ
Dm@!E;
Do|Al/
do@@@@@h@h@
DOMAIN error
`Dpbx@
@DPO@@@@@@
DrawTextA
Ds3bo\|A
DsBp93
dsD]@TY
dsM%/@@@@@@
&DUA@y
`Dx@@@@
@;Dx, 
D"zshHJ
E\_24B
.@e4@@b0
E@&@5AD
@e5BD4}
e_b*@@@@@@
eB@@@@@X
EB*@@@@@X
=eb/XZ2x
EcLdHI
e@D B(
ED,@,@h
E@F@BDO
EhAx@@@@
E@@@@@h@h@
eHJT@@@
eLD74L
EO8DD$(
@ER@bp5
+E@@@@X
@@@@-e(:X{ 'A
ExitProcess
EZA/g`
+E@@@z@B8
-f6cR@<b{
F@ AA@@A
fA,s:Z
F&DDD%d
FdiLjO
f_)e@S?@
,fLO3p@
- floating point not loaded
Fo5s(.@
Fob,<c
FreeEnvironmentStringsA
FreeEnvironmentStringsW
F"RRR%d
	fs@@@@X
$FTREA
FVfffRd
|g@@@@
@@@@@G0
|G@04O$
@g4JF;
G<@4X{
g,@7i<1
g@`dbCo
GetACP
GetActiveWindow
GetCommandLineA
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileSize
GetFileType
GetLastActivePopup
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetVersion
@GH@64
GkAx@@@@
G&K+b	
|G|>m@A@
g@mXyeH,Aibc
gs3@@@@
GTU	(Adg
@@@<h=*<
@@@@@@h@
@@@@@h@@@@@@@@@
@@@h@%@@
@@h@@@
,H@@@@@@
-h1V]y
h2HuH+F/
@?H4c*P@%%Gv
?@h4@ E
-H4OAbE
%H4.u#CP
HBsM,B
%Hc^AO
$$HCjH
<HDLEe0
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
@)HeB@
@.HfeCOc
Hf~-@gC
@@@@@h@h@
&@@@@@h@h@
hH2@@7bO
@@%@@@@h@h@@@x
HJD@)!
hL{%!A
<\h<L@@@@@h@h@
h(m3p@
hm@#Q`$b
%h@q|@
HSUVWh
HTS:4c
hUv&!C
<HVr88@~@
@@@h@@X@h
=,$H}yAgAH@h
i4@@b0
I4*+t& Z,"b4K
I55@S3dBPz
 IAx3p@A5
iK0@0@
InitCommonControlsEx
iORBDA
Ios!(b
@iSkcN
Ivq3O@
J@@2RA
J4OrL@
j5@N@p
@@&#-JA
Jb@DI:
j/bO0@4
JD@%d@
@JJAA0z
@JKk@cU	@
JlL7@{
JPfAb@
JRT<@@@@@h@h@
j@@@@@X
@@%.k@
K* @@@
k3@EYT
KCO0@p
@@@@KCyxz
KERNEL32.dll
k@*GB,
KU$!8TD
kvi(D	D&
k@@@@@X
k-|@Y8
L@@@@@@
l0@@@@@X
@@@l4%
L4,jcf
			language="*"
)%lb *{
@@@-l$B
LB<2@@@
LbTm`t
@@@LC4x
l@hPIHy
l*@=#h(r:@@<
/L@IcbP
lL\A@CP
~l$LO2
LlRe:s
LoadAcceleratorsA
LoadCursorA
LoadIconA
LoadLibraryA
@%LP@A
LP<DBA9Uc@
lstrcatA
lstrcpynA
lstrlenA
Lt,F@*VObfg
L@UCKO=}vi:
$@@M2o
``@M4R
@m@A`@
mbDCsr
.m|BOj
MessageBoxA
Microsoft Visual C++ Runtime Library
MLcdy\YX
MO@;90
,m`ZGR
/n0XlH
N4@@b0
{N4@HKIh
NA3(3!XK
nABRA.
	name="Company.Product.Name"
			name="Microsoft.Windows.Common-Controls"
(N:(%c
next.txt
@=)NGRRUED1
@=(N<M
- not enough space for arguments
- not enough space for environment
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
NWk4.b
>O242(
O`bHy0E
@\O@BO
@ObpJ[
`OHoUD
OPAQS5W
OPy58v=8
o\t#PD
O@X@``
OY4BOk
@@@{\]p
P@{5CS
@@p5@g
PBsF`VGZ
P@,"CA
@p@DdS=A@
PgG$~|,
p@@@@@h@h@
pLe)3cA
,|PMAp
p.O((#@C
PO_hSl
PostQuitMessage
'PO:wX
pqD?@@
PR5@@@
			processorArchitecture="*"
	processorArchitecture="*"
Program: 
<program name unknown>
P@s9=-r
			publicKeyToken="6595b64144ccf1df"
- pure virtual function call
px@@@@
 ,@#q/
@@@=Q"
q):1H}{U[
q@4dCKX
@@@Q<@5
q(/61kA
qAG*bB*phe*/
@/\qbAE0@
q:B@+dmB
q'.;b*E
Q_dCBP-
@qg9AIJv@
q@<lkA
qm@3hp
qNo@4L
Q=p(B"7MAr
@*qus@(@
QyIBTB
@@@@R`
r,ABR```
@(RADbG
@rA#@M
R-A-Y{
R,b@g@,$
@@@@@rc
@rcH5Y
`.rdata
r@DIPRIH-
ReadFile
RegisterClassExA
@r@@@@@h@h@
RI+zu^@0*9
rRbb::*r,
RtlUnwind
runtime error 
Runtime Error!
R@@@@X
\S@@@@
S5,B4A@
s)5_HQ44Z
S<"A i
sA$RPB
s,/@b0(H
/s=bXf
SC@cAiD
;SceD8a
Sc@v@h
SendMessageA
SetHandleCount
S{Fbd!
ShowWindow
@sICH+Pb
SING error
%+SLOE 
&s@O5U
sPaCEU)v
@sP]<B
stgO$5
*StPbDCQ8
Sx@@@@
S@@@@@X
@@@SyNHttB
SysListView32
@t}@@@@@@
t0rcgQUAv
@tAH@.
TbZbagb[~
tBzW,!
T`=)C;
tEAHPb
TerminateProcess
!This program cannot be run in DOS mode.
Titlist
tJ4h	"e
tJL{+AKB<Io
TJ>p@F
$tlN4)
TLOSS error
t%mI<oO
t@Ob{CB=
T_ODga<Ug@@@h
TranslateAcceleratorA
TranslateMessage
TrbJ$c
TSc@j,s{qyh@y
tSh@ A
t.;t$$t(
@@@@Tu
			type="win32"
	type="win32"
@@@@}U
@@@@@U
@@@u@4G4
u5Bc.t
UB0Opr
@.U@dO
@@@@@UjVB'L
^ulK=.2
` Um*@A`@
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UOD@PZXHc@4
UpdateWindow
U]@%P@@@h
user32.dll
USER32.dll
U@@@@@X
uyH$bA
v@6jF%w
VAgzN@#
vA@@@@@h@h@
V:b<@3@
VC20XC00U
v,*)DAO
	version="1.0.0.0"
			version="6.0.0.0"
)v(f'T\E
vi%L~I
VirtualAlloc
VirtualFree
=v@@O@@@@@@
vo2mDB4
V@@@@X
]w"_"}
[W ABbt:
%wH<PW
WideCharToMultiByte
@@@@@wP
wpc"A Ah-
WriteFile
WuBh\ A
Wv@@@@@@
w& V55gO
;x@@@@
(x@@@@
@@@@@x@@@@
@@@@@x%@
@@@@@x%@^
@@@@@x%@,
@@@@@x%@@
@@@@@x%@@=
<=@'@@@@@X
=@@@@X
 @@@@X
(@@@@X
[@@@@X
@@@@@X
@%@@@@@@@@@@@@@@X
@X@@@@@@@
@X@@@%@@
@X@@@%@@.
@X@@@%@@(
@X@@@%@@)@
@X@@@%@@@
@X@@@%@@*
@X@@@%@@%
@X@@@%@@48AC
@X@@@%@@7p
@@@@@x%@a
@X@@@%@@A
@X@@@%@@b
@X@@@%@@@b
@@@@@x%@c
@X@@@%@@C?TG
@X@@@%@@D
@@@@@x%@e,
@.XEAX
xFx@@@@
@X@@@%@@g
@@@@@x%@h
x@@h@@@@@
@@@@@x%@hBR 
@x,hPZ
@@@@@x%@Ik
@X@@@%@@LX@
(~xmk@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
@@@@@x%@N
@@@@XP?bB
@@@@@x%@^P*@qN
XSt/\4
@@@@@x%@T
@xU@@@@@h@h@
XUoj$:
@@@@@x%@@YSAV
y@@@@@@
|yb@C\LAb
@{yb@@@@X
YdN@@@
@~y^HD
<y`h,FFj@
y@@@@@h@h@
}yreC$
@@@@@z
zc5ws4b
@Z C Ax
@@@ zcyAZ
@zCZ(~@
z@@@@@X