Analysis Date | 2014-03-08 11:39:11 |
---|---|
MD5 | e25c5d1d54b2d4751a2b08685147598c |
SHA1 | 1c810e12c37794fed92837f1eb399aa7993c0707 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 237e024d3cd75d8b2cbb78450896f47a sha1: dde4abd8abe357c548a14f8cc92f4947b1ee31c8 size: 120832 | |
Section | .rdata md5: 43392ac9342564183aad5faf44c733e3 sha1: 118c6d36e8f49bcc1e9bf8cdec9225687e765e07 size: 16384 | |
Section | .data md5: aecbfe336d8e1d91a1499eb3c1df6749 sha1: c06c3e3825840de221de2885eb0823c37ea978e8 size: 17408 | |
Timestamp | 2014-01-22 06:40:45 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | 0104faf0c5ccbdf0710c0cc6336f518595fc321a | |
IMPhash | ed5c9312c66d355fd686c10b6952b803 | |
AV | avira | TR/Symmi.38727.215 |
AV | avg | Generic_r.DMC |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WLAN Awareness Installer NGEN ➝ C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe |
---|---|
Creates File | C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe |
Creates Process | C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe |
Process
↳ C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe
Creates File | \Device\Afd\Endpoint |
---|---|
Creates File | C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.sjdf |
Creates File | C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\rfedtuptaum.exe |
Creates Process | WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe" |
Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe"
Network Details:
DNS | tradestation.net Type: A 65.211.211.21 |
---|---|
DNS | streetchildhood.net Type: A 166.78.144.80 |
DNS | melbourneit.hotkeysparking.com Type: A 8.5.1.16 |
DNS | quietobject.net Type: A 98.139.135.198 |
DNS | nightspace.net Type: A 91.250.101.43 |
DNS | largespace.net Type: A 62.22.102.59 |
DNS | captainspace.net Type: A 82.165.104.95 |
DNS | captaintravel.net Type: A 184.168.221.96 |
DNS | electrictravel.net Type: A 89.31.99.149 |
DNS | tradespace.net Type: A 66.151.181.33 |
DNS | streettravel.net Type: A 50.63.202.65 |
DNS | gatherspace.net Type: A 216.157.91.112 |
DNS | bettertravel.net Type: A 66.151.181.33 |
DNS | streetthird.net Type: A |
DNS | tradethird.net Type: A |
DNS | streetobject.net Type: A |
DNS | tradeobject.net Type: A |
DNS | tradechildhood.net Type: A |
DNS | betterstation.net Type: A |
DNS | gatherstation.net Type: A |
DNS | betterthird.net Type: A |
DNS | gatherthird.net Type: A |
DNS | betterobject.net Type: A |
DNS | gatherobject.net Type: A |
DNS | betterchildhood.net Type: A |
DNS | gatherchildhood.net Type: A |
DNS | flierstation.net Type: A |
DNS | breadstation.net Type: A |
DNS | flierthird.net Type: A |
DNS | breadthird.net Type: A |
DNS | flierobject.net Type: A |
DNS | breadobject.net Type: A |
DNS | flierchildhood.net Type: A |
DNS | breadchildhood.net Type: A |
DNS | quietstation.net Type: A |
DNS | seasonstation.net Type: A |
DNS | quietthird.net Type: A |
DNS | seasonthird.net Type: A |
DNS | seasonobject.net Type: A |
DNS | quietchildhood.net Type: A |
DNS | seasonchildhood.net Type: A |
DNS | againstspace.net Type: A |
DNS | doubtspace.net Type: A |
DNS | againsttravel.net Type: A |
DNS | doubttravel.net Type: A |
DNS | againstyellow.net Type: A |
DNS | doubtyellow.net Type: A |
DNS | againstclose.net Type: A |
DNS | doubtclose.net Type: A |
DNS | decidespace.net Type: A |
DNS | nighttravel.net Type: A |
DNS | decidetravel.net Type: A |
DNS | nightyellow.net Type: A |
DNS | decideyellow.net Type: A |
DNS | nightclose.net Type: A |
DNS | decideclose.net Type: A |
DNS | largetravel.net Type: A |
DNS | largeyellow.net Type: A |
DNS | captainyellow.net Type: A |
DNS | largeclose.net Type: A |
DNS | captainclose.net Type: A |
DNS | recordspace.net Type: A |
DNS | electricspace.net Type: A |
DNS | recordtravel.net Type: A |
DNS | recordyellow.net Type: A |
DNS | electricyellow.net Type: A |
DNS | recordclose.net Type: A |
DNS | electricclose.net Type: A |
DNS | streetspace.net Type: A |
DNS | tradetravel.net Type: A |
DNS | streetyellow.net Type: A |
DNS | tradeyellow.net Type: A |
DNS | streetclose.net Type: A |
DNS | tradeclose.net Type: A |
DNS | betterspace.net Type: A |
DNS | gathertravel.net Type: A |
DNS | betteryellow.net Type: A |
DNS | gatheryellow.net Type: A |
DNS | betterclose.net Type: A |
DNS | gatherclose.net Type: A |
DNS | flierspace.net Type: A |
DNS | breadspace.net Type: A |
DNS | fliertravel.net Type: A |
DNS | breadtravel.net Type: A |
DNS | flieryellow.net Type: A |
DNS | breadyellow.net Type: A |
HTTP GET | http://tradestation.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://streetchildhood.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://quietstation.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://quietobject.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://nightspace.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://largespace.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://captainspace.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://captaintravel.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://electrictravel.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://tradespace.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://streettravel.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://gatherspace.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
HTTP GET | http://bettertravel.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent: |
Flows TCP | 192.168.1.1:1031 ➝ 65.211.211.21:80 |
Flows TCP | 192.168.1.1:1032 ➝ 166.78.144.80:80 |
Flows TCP | 192.168.1.1:1033 ➝ 8.5.1.16:80 |
Flows TCP | 192.168.1.1:1034 ➝ 98.139.135.198:80 |
Flows TCP | 192.168.1.1:1035 ➝ 91.250.101.43:80 |
Flows TCP | 192.168.1.1:1036 ➝ 62.22.102.59:80 |
Flows TCP | 192.168.1.1:1037 ➝ 82.165.104.95:80 |
Flows TCP | 192.168.1.1:1038 ➝ 184.168.221.96:80 |
Flows TCP | 192.168.1.1:1039 ➝ 89.31.99.149:80 |
Flows TCP | 192.168.1.1:1040 ➝ 66.151.181.33:80 |
Flows TCP | 192.168.1.1:1041 ➝ 50.63.202.65:80 |
Flows TCP | 192.168.1.1:1042 ➝ 216.157.91.112:80 |
Flows TCP | 192.168.1.1:1043 ➝ 66.151.181.33:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a207472 61646573 se..Host: trades 0x00000070 (00112) 74617469 6f6e2e6e 65740d0a 0d0a tation.net.... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a207374 72656574 se..Host: street 0x00000070 (00112) 6368696c 64686f6f 642e6e65 740d0a0d childhood.net... 0x00000080 (00128) 0a . 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a207175 69657473 se..Host: quiets 0x00000070 (00112) 74617469 6f6e2e6e 65740d0a 0d0a2047 tation.net.... G 0x00000080 (00128) 4d540d0a 0d0a3c68 746d6c3e 0a20203c MT....<html>. < 0x00000090 (00144) 68656164 3e0a2020 20203c74 69746c65 head>. <title 0x000000a0 (00160) 3e343034 204e6f74 20466f75 6e643c2f >404 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a207175 6965746f se..Host: quieto 0x00000070 (00112) 626a6563 742e6e65 740d0a0d 0a352047 bject.net....5 G 0x00000080 (00128) 4d540d0a 0d0a3c68 746d6c3e 0a20203c MT....<html>. < 0x00000090 (00144) 68656164 3e0a2020 20203c74 69746c65 head>. <title 0x000000a0 (00160) 3e343034 204e6f74 20466f75 6e643c2f >404 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a206e69 67687473 se..Host: nights 0x00000070 (00112) 70616365 2e6e6574 0d0a0d0a 0a352047 pace.net.....5 G 0x00000080 (00128) 4d540d0a 0d0a3c68 746d6c3e 0a20203c MT....<html>. < 0x00000090 (00144) 68656164 3e0a2020 20203c74 69746c65 head>. <title 0x000000a0 (00160) 3e343034 204e6f74 20466f75 6e643c2f >404 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a206c61 72676573 se..Host: larges 0x00000070 (00112) 70616365 2e6e6574 0d0a0d0a 0a352047 pace.net.....5 G 0x00000080 (00128) 4d540d0a 0d0a3c68 746d6c3e 0a20203c MT....<html>. < 0x00000090 (00144) 68656164 3e0a2020 20203c74 69746c65 head>. <title 0x000000a0 (00160) 3e343034 204e6f74 20466f75 6e643c2f >404 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a206361 70746169 se..Host: captai 0x00000070 (00112) 6e737061 63652e6e 65740d0a 0d0a2047 nspace.net.... G 0x00000080 (00128) 4d540d0a 0d0a3c68 746d6c3e 0a20203c MT....<html>. < 0x00000090 (00144) 68656164 3e0a2020 20203c74 69746c65 head>. <title 0x000000a0 (00160) 3e343034 204e6f74 20466f75 6e643c2f >404 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a206361 70746169 se..Host: captai 0x00000070 (00112) 6e747261 76656c2e 6e65740d 0a0d0a47 ntravel.net....G 0x00000080 (00128) 4d540d0a 0d0a3c68 746d6c3e 0a20203c MT....<html>. < 0x00000090 (00144) 68656164 3e0a2020 20203c74 69746c65 head>. <title 0x000000a0 (00160) 3e343034 204e6f74 20466f75 6e643c2f >404 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a20656c 65637472 se..Host: electr 0x00000070 (00112) 69637472 6176656c 2e6e6574 0d0a0d0a ictravel.net.... 0x00000080 (00128) 4d540d0a 0d0a3c68 746d6c3e 0a20203c MT....<html>. < 0x00000090 (00144) 68656164 3e0a2020 20203c74 69746c65 head>. <title 0x000000a0 (00160) 3e343034 204e6f74 20466f75 6e643c2f >404 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a207472 61646573 se..Host: trades 0x00000070 (00112) 70616365 2e6e6574 0d0a0d0a 0d0a0d0a pace.net........ 0x00000080 (00128) 4d540d0a 0d0a3c68 746d6c3e 0a20203c MT....<html>. < 0x00000090 (00144) 68656164 3e0a2020 20203c74 69746c65 head>. <title 0x000000a0 (00160) 3e343034 204e6f74 20466f75 6e643c2f >404 Not Found</ 0x000000b0 (00176) 7469746c 653e0a20 203c2f68 6561643e title>. </head> 0x000000c0 (00192) 0a20203c 626f6479 3e0a2020 20203c68 . <body>. <h 0x000000d0 (00208) 313e4e6f 7420466f 756e643c 2f68313e 1>Not Found</h1> 0x000000e0 (00224) 0a202020 203c703e 596f7572 2062726f . <p>Your bro 0x000000f0 (00240) 77736572 2073656e 74206120 72657175 wser sent a requ 0x00000100 (00256) 65737420 74686174 20746869 73207365 est that this se 0x00000110 (00272) 72766572 20636f75 6c64206e 6f742075 rver could not u 0x00000120 (00288) 6e646572 7374616e 642e3c2f 703e0a20 nderstand.</p>. 0x00000130 (00304) 2020203c 703e4e6f 20737563 68206669 <p>No such fi 0x00000140 (00320) 6c65206f 72206469 72656374 6f72792e le or directory. 0x00000150 (00336) 3c2f703e 0a20203c 6872202f 3e0a2020 </p>. <hr />. 0x00000160 (00352) 3c616464 72657373 3e4d6963 726f736f <address>Microso 0x00000170 (00368) 66742d49 49532f37 2e303c2f 61646472 ft-IIS/7.0</addr 0x00000180 (00384) 6573733e 0a20203c 2f626f64 793e0a3c ess>. </body>.< 0x00000190 (00400) 2f68746d 6c3e0a /html>. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a207374 72656574 se..Host: street 0x00000070 (00112) 74726176 656c2e6e 65740d0a 0d0a0d0a travel.net...... 0x00000080 (00128) 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a206761 74686572 se..Host: gather 0x00000070 (00112) 73706163 652e6e65 740d0a0d 0a0a0d0a space.net....... 0x00000080 (00128) 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f656d 61696c3d 74657061 h.php?email=tepa 0x00000020 (00032) 6c657840 7961686f 6f2e636f 6d266d65 lex@yahoo.com&me 0x00000030 (00048) 74686f64 3d706f73 74204854 54502f31 thod=post HTTP/1 0x00000040 (00064) 2e300d0a 41636365 70743a20 2a2f2a0d .0..Accept: */*. 0x00000050 (00080) 0a436f6e 6e656374 696f6e3a 20636c6f .Connection: clo 0x00000060 (00096) 73650d0a 486f7374 3a206265 74746572 se..Host: better 0x00000070 (00112) 74726176 656c2e6e 65740d0a 0d0a0d0a travel.net...... 0x00000080 (00128)
Strings
x . -E- -0 -0010+-0 0 -0 CC 00-+ . . -e- . \ 00 . :\ :.. ...........?- 0 0 0 0 - hu Ajjj E(null) H ((((( H h(((( H jjjjh KERNEL32.DLL mscoree.dll !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ ]0#9:2 0A@@Ju 0SSSSS 0WWWWW 1#QNAN 1#SNAN 4QEtKp 8\$2tX #:8u<[| 8VVVVV abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ #aDsyf ADVAPI32.dll An application has made an attempt to load the C runtime library incorrectly. <at9<rt,<wt - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization August .?AVbad_alloc@std@@ .?AVbad_exception@std@@ .?AVexception@std@@ .?AVlength_error@std@@ .?AVlogic_error@std@@ .?AVout_of_range@std@@ .?AVtype_info@@ bad allocation bad exception Base Class Array' Base Class Descriptor at ( __based( BeginPaint __cdecl Class Hierarchy Descriptor' CloseHandle __clrcall CompareStringA CompareStringW Complete Object Locator' CONOUT$ `copy constructor closure' CopyFileA CorExitProcess CreateDIBitmap CreateDirectoryA CreateEventA CreateFileA CreateIconFromResourceEx CreateProcessA CreateStreamOnHGlobal CreateThread CreateToolhelp32Snapshot CreateWindowExA - CRT not initialized D$ [_^] D$$_^[ D$$_^][ D$4WPf @.data D$\;D$ dddd, MMMM dd, yyyy D$\+D$T D$`+D$X+ December DecodePointer `default constructor closure' DefWindowProcA delete delete[] Delete DeleteCriticalSection D$h_^[3 D$hSUVW DispatchMessageA D$LPQW D$LPQWSS D$LQVRPS DOMAIN error DPtoLP D$,PVVj D$PWPf D'SkK?w `dynamic atexit destructor for ' `dynamic initializer for ' `eh vector constructor iterator' `eh vector copy constructor iterator' `eh vector destructor iterator' `eh vector vbase constructor iterator' `eh vector vbase copy constructor iterator' EncodePointer EndPaint EnterCriticalSection ExitProcess __fastcall February Fh=`fB {FiJUFi FileTimeToLocalFileTime FileTimeToSystemTime FindClose FindFirstFileA - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue FlushFileBuffers ForceRemove FreeEnvironmentStringsA FreeEnvironmentStringsW Friday ^F<-uB GAIsProcessorFeaturePresent GDI32.dll GetACP GetActiveWindow GetCommandLineA GetConsoleCP GetConsoleMode GetConsoleOutputCP GetCPInfo GetCurrentDirectoryA GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetDesktopWindow GetDeviceCaps GetDriveTypeA GetEnvironmentStrings GetEnvironmentStringsW GetEnvironmentVariableA GetFileSize GetFileType GetFullPathNameA GetLastActivePopup GetLastError GetLocaleInfoA GetMapMode GetMessageA GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetOEMCP GetProcAddress GetProcessHeap GetProcessWindowStation GetStartupInfoA GetStdHandle GetStockObject GetStringTypeA GetStringTypeW GetSystemTimeAsFileTime GetTempPathA GetTickCount GetTimeZoneInformation GetTitleBarInfo GetUserObjectInformationA GetWindowDC GetWindowRect GlobalAlloc GlobalFree GlobalLock GlobalUnlock `h```` HeapAlloc HeapCompact HeapCreate HeapFree HeapReAlloc HeapSize hF3j4_ HHerjq6 `h`hhh HH:mm:ss HHtXHHt |Hvf[= #i)0,T >If90t ikr,d*S+ InitializeCriticalSectionAndSpinCount InterlockedDecrement InterlockedIncrement InvalidateRect invalid string position IsDebuggerPresent IsValidCodePage JanFebMarAprMayJunJulAugSepOctNovDec January j$h\1B j(h4FB j h@6B JH9"s j,h@!B j~hPDB j@j ^V j"^SSSSS KERNEL32 KERNEL32.dll L$4QRP LCMapStringA LCMapStringW LeaveCriticalSection L},hqS L$LQRW L$LQRWPP L$LQRWUU LoadCursorA LoadLibraryA LoadMenuA `local static guard' `local static thread guard' `local vftable' `local vftable constructor closure' LPdItN LPtoDP L$(QSU L$ QUV L$,RPQ L$ Vj L$ VSj L$x_^][3 `managed vector constructor iterator' `managed vector copy constructor iterator' `managed vector destructor iterator' MessageBoxA Microsoft Visual C++ Runtime Library MM/dd/yy Monday MoveFileA MoveWindow MulDiv MultiByteToWideChar new[] NoRemove - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November ?%:N_Ra$k,{ (null) October ole32.dll OLEAUT32.dll `omni callsig' OpenProcess operator =P.|0<1 __pascal PathToRegion `placement delete closure' `placement delete[] closure' Please contact the application's support team for more information. PostQuitMessage PPPPPPPP Process32First Process32Next Program: <program name unknown> __ptr64 - pure virtual function call QQSVWd QueryPerformanceCounter RaiseException `.rdata ReadFile RegCloseKey RegisterClassExA RegOpenKeyA RegSetValueExA RemovePropA ResetDCA __restrict @`rk}l8 RtlUnwind runtime error Runtime Error! Saturday `scalar deleting destructor' September SetEndOfFile SetEnvironmentVariableA SetEvent SetFileAttributesA SetFilePointer SetFocus SetHandleCount SetLastError SetMapMode SetStdHandle SetUnhandledExceptionFilter SetWindowTextA ,SF3f ShowWindow SING error s[S;7|G;w ^SSSSS __stdcall `string' string too long Sunday SunMonTueWedThuFriSat SVWj h@6B T$0RPW t$4WPR TerminateProcess TextOutA tGHt.Ht& +t HHt This application has requested the Runtime to terminate it in an unusual way. __thiscall This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. T$HRUPW Thursday T$HVWf < tK< tG TLOSS error T$LRPWU T$LRVWPP TlsAlloc TlsFree TlsGetValue TlsSetValue <\tM</tI tR99u2 TransactNamedPipe TranslateMessage t"SS9] <+t(<-t$: T$<+T$ t$<"u 3 Tuesday ;t$,v- T$ WRP t$,WSQ3 t+WWVPV Type Descriptor' `typeof' >:u8FV uBh!IA `udt returning' uL9=8}B - unable to initialize heap - unable to open console device __unaligned - unexpected heap error - unexpected multithread lock error UnhandledExceptionFilter UNICODE Unknown exception UpdateWindow UQPXY]Y[ URPQQh USER32.dll USER32.DLL u[SSSP UTF-16LE u!XW+` `vbase destructor' `vbtable' `vcall' `vector constructor iterator' `vector copy constructor iterator' `vector deleting destructor' `vector destructor iterator' `vector vbase constructor iterator' `vector vbase copy constructor iterator' `vftable' VirtualAlloc `virtual displacement map' VirtualFree v N+D$ _VVVVV VVVVVQRSSj VWj4h<9B WaitForDebugEvent WaitForSingleObject Wednesday WideCharToMultiByte WriteConsoleA WriteConsoleW WriteFile WS2_32.dll ^WWWWW x5$LYK x5vApD( xppwpp xpxxxx <xtX<XtT Y;=hlB >=Yt1j ;yw)OP