| Analysis Date | 2014-10-13 22:40:34 |
|---|---|
| MD5 | d1e3644d23ff9e37a1f81414a1d7b229 |
| SHA1 | 0e67be9b0f4fd15057de3f9d5662790656395f96 |
Static Details:
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\istnkc1jt4ndug6aydf.exe |
|---|---|
| Creates File | C:\WINDOWS\system32\zebajflqkdygw\tst |
| Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\istnkc1jt4ndug6aydf.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\istnkc1jt4ndug6aydf.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Accounts Link-Layer Backup Plug TP ➝ C:\WINDOWS\system32\vykeyqsl.exe |
|---|---|
| Creates File | C:\WINDOWS\system32\vykeyqsl.exe |
| Creates File | C:\WINDOWS\system32\drivers\etc\hosts |
| Creates File | C:\WINDOWS\system32\zebajflqkdygw\lck |
| Creates File | C:\WINDOWS\system32\zebajflqkdygw\etc |
| Creates File | C:\WINDOWS\system32\zebajflqkdygw\tst |
| Deletes File | C:\WINDOWS\system32\\drivers\etc\hosts |
| Creates Process | C:\WINDOWS\system32\vykeyqsl.exe |
| Creates Service | Program Proxy Socket Routing Filtering - C:\WINDOWS\system32\vykeyqsl.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 804
Process
↳ Pid 848
Process
↳ C:\WINDOWS\System32\svchost.exe
| Creates File | \Device\Afd\Endpoint |
|---|---|
| Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
Process
↳ Pid 1204
Process
↳ C:\WINDOWS\system32\spoolsv.exe
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
|---|---|
| Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Process
↳ Pid 1120
Process
↳ C:\WINDOWS\system32\vykeyqsl.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1 |
|---|---|
| Creates File | C:\WINDOWS\system32\zluzfil.exe |
| Creates File | C:\WINDOWS\system32\zebajflqkdygw\lck |
| Creates File | C:\WINDOWS\system32\zebajflqkdygw\cfg |
| Creates File | C:\WINDOWS\system32\zebajflqkdygw\rng |
| Creates File | pipe\net\NtControlPipe10 |
| Creates File | C:\WINDOWS\system32\zebajflqkdygw\run |
| Creates File | C:\WINDOWS\TEMP\istnkc1q1ind.exe |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\WINDOWS\system32\zebajflqkdygw\tst |
| Creates Process | WATCHDOGPROC "c:\windows\system32\vykeyqsl.exe" |
| Creates Process | C:\WINDOWS\TEMP\istnkc1q1ind.exe -r 50429 tcp |
Process
↳ C:\WINDOWS\system32\vykeyqsl.exe
| Creates File | C:\WINDOWS\system32\zebajflqkdygw\tst |
|---|
Process
↳ WATCHDOGPROC "c:\windows\system32\vykeyqsl.exe"
| Creates File | C:\WINDOWS\system32\zebajflqkdygw\tst |
|---|
Process
↳ C:\WINDOWS\TEMP\istnkc1q1ind.exe -r 50429 tcp
| Creates File | \Device\Afd\Endpoint |
|---|---|
| Winsock DNS | 239.255.255.250 |
Network Details:
| DNS | donaven4guia.com Type: A 216.239.138.217 |
|---|---|
| DNS | laloponea.com Type: A 216.239.138.68 |
| DNS | davedekilai.com Type: A 66.147.244.161 |
| DNS | tablefruit.net Type: A 69.195.129.70 |
| DNS | stickmarch.net Type: A 69.195.129.70 |
| DNS | wishdish.net Type: A 173.201.246.204 |
| DNS | madepure.net Type: A 192.185.17.103 |
| DNS | hairhour.net Type: A 184.168.221.45 |
| DNS | musichour.net Type: A 202.172.28.105 |
| DNS | hanghour.net Type: A 184.168.221.60 |
| DNS | fredesecas.com Type: A |
| DNS | wentpure.net Type: A |
| DNS | spendpure.net Type: A |
| DNS | wentmarch.net Type: A |
| DNS | spendmarch.net Type: A |
| DNS | wentdish.net Type: A |
| DNS | spenddish.net Type: A |
| DNS | wentjuly.net Type: A |
| DNS | spendjuly.net Type: A |
| DNS | frontpure.net Type: A |
| DNS | offerpure.net Type: A |
| DNS | frontmarch.net Type: A |
| DNS | offermarch.net Type: A |
| DNS | frontdish.net Type: A |
| DNS | offerdish.net Type: A |
| DNS | frontjuly.net Type: A |
| DNS | offerjuly.net Type: A |
| DNS | hangpure.net Type: A |
| DNS | septemberpure.net Type: A |
| DNS | hangmarch.net Type: A |
| DNS | septembermarch.net Type: A |
| DNS | hangdish.net Type: A |
| DNS | septemberdish.net Type: A |
| DNS | hangjuly.net Type: A |
| DNS | septemberjuly.net Type: A |
| DNS | joinpure.net Type: A |
| DNS | wishpure.net Type: A |
| DNS | joinmarch.net Type: A |
| DNS | wishmarch.net Type: A |
| DNS | joindish.net Type: A |
| DNS | joinjuly.net Type: A |
| DNS | wishjuly.net Type: A |
| DNS | deadpure.net Type: A |
| DNS | rockpure.net Type: A |
| DNS | deadmarch.net Type: A |
| DNS | rockmarch.net Type: A |
| DNS | deaddish.net Type: A |
| DNS | rockdish.net Type: A |
| DNS | deadjuly.net Type: A |
| DNS | rockjuly.net Type: A |
| DNS | wrongpure.net Type: A |
| DNS | wrongmarch.net Type: A |
| DNS | mademarch.net Type: A |
| DNS | wrongdish.net Type: A |
| DNS | madedish.net Type: A |
| DNS | wrongjuly.net Type: A |
| DNS | madejuly.net Type: A |
| DNS | humancompe.net Type: A |
| DNS | haircompe.net Type: A |
| DNS | humanhour.net Type: A |
| DNS | humanfell.net Type: A |
| DNS | hairfell.net Type: A |
| DNS | humancount.net Type: A |
| DNS | haircount.net Type: A |
| DNS | yardcompe.net Type: A |
| DNS | musiccompe.net Type: A |
| DNS | yardhour.net Type: A |
| DNS | yardfell.net Type: A |
| DNS | musicfell.net Type: A |
| DNS | yardcount.net Type: A |
| DNS | musiccount.net Type: A |
| DNS | wentcompe.net Type: A |
| DNS | spendcompe.net Type: A |
| DNS | wenthour.net Type: A |
| DNS | spendhour.net Type: A |
| DNS | wentfell.net Type: A |
| DNS | spendfell.net Type: A |
| DNS | wentcount.net Type: A |
| DNS | spendcount.net Type: A |
| DNS | frontcompe.net Type: A |
| DNS | offercompe.net Type: A |
| DNS | fronthour.net Type: A |
| DNS | offerhour.net Type: A |
| DNS | frontfell.net Type: A |
| DNS | offerfell.net Type: A |
| DNS | frontcount.net Type: A |
| DNS | offercount.net Type: A |
| DNS | hangcompe.net Type: A |
| DNS | septembercompe.net Type: A |
| DNS | septemberhour.net Type: A |
| DNS | hangfell.net Type: A |
| HTTP GET | http://donaven4guia.com/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://laloponea.com/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://davedekilai.com/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://tablefruit.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://stickmarch.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://wishdish.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://madepure.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://hairhour.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://musichour.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://hanghour.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://donaven4guia.com/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://laloponea.com/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://davedekilai.com/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://tablefruit.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://stickmarch.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://wishdish.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://madepure.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://hairhour.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://musichour.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| HTTP GET | http://hanghour.net/forum/search.php?method=validate&mode=sox&v=021&sox=2b555c01 User-Agent: |
| Flows TCP | 192.168.1.1:1036 ➝ 216.239.138.217:80 |
| Flows TCP | 192.168.1.1:1037 ➝ 216.239.138.68:80 |
| Flows TCP | 192.168.1.1:1038 ➝ 66.147.244.161:80 |
| Flows TCP | 192.168.1.1:1039 ➝ 69.195.129.70:80 |
| Flows TCP | 192.168.1.1:1040 ➝ 69.195.129.70:80 |
| Flows TCP | 192.168.1.1:1042 ➝ 173.201.246.204:80 |
| Flows TCP | 192.168.1.1:1043 ➝ 192.185.17.103:80 |
| Flows TCP | 192.168.1.1:1044 ➝ 184.168.221.45:80 |
| Flows TCP | 192.168.1.1:1045 ➝ 202.172.28.105:80 |
| Flows TCP | 192.168.1.1:1046 ➝ 184.168.221.60:80 |
| Flows TCP | 192.168.1.1:1047 ➝ 216.239.138.217:80 |
| Flows TCP | 192.168.1.1:1048 ➝ 216.239.138.68:80 |
| Flows TCP | 192.168.1.1:1049 ➝ 66.147.244.161:80 |
| Flows TCP | 192.168.1.1:1050 ➝ 69.195.129.70:80 |
| Flows TCP | 192.168.1.1:1051 ➝ 69.195.129.70:80 |
| Flows TCP | 192.168.1.1:1052 ➝ 173.201.246.204:80 |
| Flows TCP | 192.168.1.1:1053 ➝ 192.185.17.103:80 |
| Flows TCP | 192.168.1.1:1054 ➝ 184.168.221.45:80 |
| Flows TCP | 192.168.1.1:1055 ➝ 202.172.28.105:80 |
| Flows TCP | 192.168.1.1:1056 ➝ 184.168.221.60:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20646f 6e617665 6e346775 69612e63 : donaven4guia.c 0x00000080 (00128) 6f6d0d0a 0d0a om.... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c61 6c6f706f 6e65612e 636f6d0d : laloponea.com. 0x00000080 (00128) 0a0d0a0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206461 76656465 6b696c61 692e636f : davedekilai.co 0x00000080 (00128) 6d0d0a0d 0a0a m..... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 626c6566 72756974 2e6e6574 : tablefruit.net 0x00000080 (00128) 0d0a0d0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207374 69636b6d 61726368 2e6e6574 : stickmarch.net 0x00000080 (00128) 0d0a0d0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207769 73686469 73682e6e 65740d0a : wishdish.net.. 0x00000080 (00128) 0d0a0d0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d61 64657075 72652e6e 65740d0a : madepure.net.. 0x00000080 (00128) 0d0a0d0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206861 6972686f 75722e6e 65740d0a : hairhour.net.. 0x00000080 (00128) 0d0a0d0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d75 73696368 6f75722e 6e65740d : musichour.net. 0x00000080 (00128) 0a0d0a0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206861 6e67686f 75722e6e 65740d0a : hanghour.net.. 0x00000080 (00128) 0d0a0a0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20646f 6e617665 6e346775 69612e63 : donaven4guia.c 0x00000080 (00128) 6f6d0d0a 0d0a om.... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c61 6c6f706f 6e65612e 636f6d0d : laloponea.com. 0x00000080 (00128) 0a0d0a0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206461 76656465 6b696c61 692e636f : davedekilai.co 0x00000080 (00128) 6d0d0a0d 0a0a m..... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 626c6566 72756974 2e6e6574 : tablefruit.net 0x00000080 (00128) 0d0a0d0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207374 69636b6d 61726368 2e6e6574 : stickmarch.net 0x00000080 (00128) 0d0a0d0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207769 73686469 73682e6e 65740d0a : wishdish.net.. 0x00000080 (00128) 0d0a0d0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d61 64657075 72652e6e 65740d0a : madepure.net.. 0x00000080 (00128) 0d0a0d0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206861 6972686f 75722e6e 65740d0a : hairhour.net.. 0x00000080 (00128) 0d0a0d0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d75 73696368 6f75722e 6e65740d : musichour.net. 0x00000080 (00128) 0a0d0a0a 0a0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d326235 35356330 =021&sox=2b555c0 0x00000040 (00064) 31204854 54502f31 2e300d0a 41636365 1 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206861 6e67686f 75722e6e 65740d0a : hanghour.net.. 0x00000080 (00128) 0d0a0a0a 0a0a ......
Strings
-_
"1"
2dll1exe
[
Z
[
Z
[
a
0
.
'
\
.
..
..
...
...
.......... .!"!#!.$%$0&$'$.
(
.
.
.
.
.
.
.
.
)*
)
+,+
-.-/01210/-3-
"
.
.
S
+%3D%3A%26A&
+
h1
21212
T
elnortbenttelenthlCpaeCSvnt.jetK2dHcasedSnlFr
lEeeAro
eliair
CreSa3eaEO
lteve
dgWee
dll2
h2
1
1
exe
:
:
---
ss
%+#.*fa
0e
%+#I64o
.,
-CC00-+
.
.
-e-
.
00-+ -E-
-0
-0010+-0
0
-0
\
:\
:..
.
00...........?-
0
0
0
0
-
GIF=a
....
.
H
((((( H
h(((( H
jjjh
jjjj
jjjjh
jjjjjj
KERNEL32.DLL
Kjjj
Ljjj
Mjjj
Mjjjj
Mjjjjj
mscoree.dll
Njjj
(null)
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
~`09m1
0A@@Ju
0hU<)R
0mF`a6
0SSSSS
0WWWWW
16(7HEr
,1l"Cr
1\-p/F
1#QNAN
1#SNAN
2:FEO6
.=3ay^
>3Dl[M_
-3^sdF
*4h{qN`-
4jp^ze>%:
%4=q_P
( ^4q-Q/a
<4.r2=
630zVK
72DC +
75'8ZEk
7e>xd9
/8&<lRw
*8NOF1
]8+Tk[
8VVVVV
9Fq'!E
#9*iaM
}= ,#\A
a^*7Ry
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
a*C-l0
[A[|CV
AJ55Mx
`aK&12w
america
american
american english
american-english
An application has made an attempt to load the C runtime library incorrectly.
aoew2(
@Aq?%
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUctype_base@std@@
August
australian
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$ctype@D@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
b<@3[n
bad allocation
bad cast
bad exception
Base Class Array'
Base Class Descriptor at (
__based(
BeginPaint
belgian
bGnw02
bjs$;4
bOciOm
britain
B-]'S+
bTF#1*
b uKB#
`c58=rVE
=c$6+1
c6`;W8?K
CallWindowProcA
canadian
__cdecl
# .CG2w
CheckDlgButton
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
@CId4K
c#:k*5
Class Hierarchy Descriptor'
CloseHandle
__clrcall
cmd.exe
CompareStringA
CompareStringW
Complete Object Locator'
COMSPEC
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CreateFileA
CreateProcessA
CreateThread
- CRT not initialized
c Vsod+s:
]D8c~P
da*M=oh#
@.data
];D#bE
D_bHy,^
&?DD,CP
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
delete
delete[]
Delete
DeleteCriticalSection
DeleteFileA
deque<T> too long
di4vuj4
-djC0}
D`JOy!iG
DOMAIN error
DrawTextA
$D<R g@
dutch-belgian
D=Yj:L
`dynamic atexit destructor for '
`dynamic initializer for '
E"(_0e'
e9QDLP-
e/,9<~*V
EcU<N`
>ef#JX
eHOM1S}
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
e;;iAA
}eiDSO
eIYeVRL
eJW]cj
EnableWindow
EncodePointer
]eNd#1^[l
EndDialog
EndPaint
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
\en]I_SA
EnterCriticalSection
EnumSystemLocalesA
$%"ePU
eqDC{I
ExitProcess
__fastcall
_fD#ja
February
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindResourceA
{"F|l8
`fLD!%5
flJ2&?7
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FNvJ"=<
ForceRemove
FPYc#( ]
&f%QWj
f%r:*^9
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
F,rUaj
^F<-uB
fx</}U
GAIsProcessorFeaturePresent
G+)'BTEF
GDI32.dll
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentObject
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCursor
GetDCBrushColor
GetDCPenColor
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileTime
GetFileType
GetFontLanguageInfo
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameA
GetGraphicsMode
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMetaRgn
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNearestColor
GetNearestPaletteIndex
GetObjectType
GetOEMCP
GetPixelFormat
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessWindowStation
GetPropA
GetScrollPos
GetStartupInfoA
GetStdHandle
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTextColor
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationA
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
]>g_fyspl
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
,gq r(
great britain
GRTU>t}
gSs=,e
(gT>mucjp
Gy@-h< `J
`h````
@h-" ~
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
"h>'EP
hE+=Pe
`h`hhh
HH:mm:ss
HHtXHHt
HHtYHHt
~h$>hv_
holland
ho]N27WU|
hong-kong
~{#h P
I@@1m$
icI6F<m
>If90t
ife&qxe
]iG/?a\o
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
Inpy0
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
irish-english
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWindowEnabled
IsWindowUnicode
italian-swiss
J!]0]C
JanFebMarAprMayJunJulAugSepOctNovDec
January
j h0,M
j"hd$M
j$hD%M
j'hH'M
j"h$&M
j%h$.M
j h<"M
j hptM
j/hT"M
)jj#lYduh
j@j ^V
jo !0G
js0 i,
j"^SSSSS
?!j>vD
.:j@xW
KERNEL32
KERNEL32.dll
KGoti!
kP1 W:!G
`kR"2c~_r|
' KR/H
Kspo,w@
ks*T;`
l%1VX8
@&^.l8
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
LeaveCriticalSection
LHV@3$+Y
l+'`KI
L[~N_kr
LoadIconA
LoadLibraryA
LocalAlloc
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
Ls46k%
/m_0LHlK
m4$f$iJ\`
m)9)7#i
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
m!&cP'
MessageBoxA
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
MoveFileA
MoveWindow
MultiByteToWideChar
)[mU"n
n49[s$
n@7s39
Nb~*'1
;^n;DI
new[]
new-zealand
nF.j#?E
nM&k`#
NoRemove
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
NR-YH{n.
(null)
NyM<n}y
o1:g[a
o1 `sa
O<3eH!P
o!4#X,
October
oDdB$
]oe@7*
OHW_D1
OLEAUT32.dll
`omni callsig'
operator
oruk7+
=OTe]L
-o&tFi
__pascal
Pf95p N
pG&B)9c
P<J$a6tN
PJt4.%
PKZw}%
`placement delete closure'
`placement delete[] closure'
p~"LB?
Please contact the application's support team for more information.
PLh5x\
portuguese-brazilian
PostMessageA
PPPPPPPP
pQn9JW
!pqs]4
pr china
pr-china
Program:
<program name unknown>
./PTa
__ptr64
puerto-rico
- pure virtual function call
pV,=wf[O
QhA2\p
+Qp$qCE<
QQSVWd
Qs2r'J'
Q|SO?cTMz
QueryPerformanceCounter
r3w!74
RaiseException
`.rdata
ReadFile
RemovePropA
__restrict
Rh^\)4
rp%UGi`
RtlUnwind
runtime error
Runtime Error!
RX7PZS
R^>Xl}
>S}4`$3
Saturday
`scalar deleting destructor'
-sDd}9""p
"?]Semv
SendMessageA
September
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetUnhandledExceptionFilter
SetWindowTextA
sFWp9#
ShowWindow
SING error
SizeofResource
slovak
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
" >svW
swedish-finland
SystemRoot
*t4gdO
]"TByi
tdhhTK
TerminateProcess
t=FA9]
tGHt.Ht&
(</t$h
t=h8rK
tHhhUK
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
tIj"[:
tjh8TK
t}j$hL
< tK< tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
tNh<rK
tR99u2
trinidad & tobago
t"SS9]
<+t(<-t$:
t=tG^uU
*)TtTA
t$<"u 3
tUbLC@
Tuesday
;t$,v-
t VV9u
t+WWVPV
;TXTdG,
Type Descriptor'
`typeof'
>:u8FV
U8SpCxk
U.a{4c
uBhg$J
U,BQC>
`udt returning'
~ue$[hm{Df
uEjLh0
u&hhgK
u%h@rK
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
united-kingdom
united-states
Unknown exception
UpdateColors
Up*eF U
UQPXY]Y[
uqSSSSS
URPQQh|WJ
URYO$6
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
u!U;_`
u,VVWV
_uW8Eh
u(WA_q
UZskW/
{;=v -
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
Vj@h`oK
v N+D$
%+>v~QI
vU' `U
_VVVVV
VVVVVQRSSj
vWhEzN
vYvi"W|
/w7`09}
WaitForSingleObject
*(wau?
Wednesday
wHhHUK
WideCharToMultiByte
WindowFromDC
WLX?!~
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
Wx_-+<
x.3sOf
X!&BUh!{
XCrR,{Z)
}xIvPJ
'XMt:+=:
Xp(PGWC2
xppwpp
'x^pW(
xpxxxx
XSt1OjjM
x}<,ti
<xtX<XtT
`Xz2|$D
$y]**@
y5JfZM
Y}*_Iyr
YlL5zVN
>=Yt1j
Y<\u#j\V
`y=vX0
yy~yH+R
Z{1XED
z'd;u^
zfUC=}4
|z-LHe
Z|{O,!?D<
|{z[T)e
#<;ztY
Zt_"Yw
ZX>Nn,
Zyn#X;B