Analysis | #totalhash

Analysis Date	2014-03-08 11:39:11
MD5	e25c5d1d54b2d4751a2b08685147598c
SHA1	1c810e12c37794fed92837f1eb399aa7993c0707

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 237e024d3cd75d8b2cbb78450896f47a sha1: dde4abd8abe357c548a14f8cc92f4947b1ee31c8 size: 120832
Section	.rdata md5: 43392ac9342564183aad5faf44c733e3 sha1: 118c6d36e8f49bcc1e9bf8cdec9225687e765e07 size: 16384
Section	.data md5: aecbfe336d8e1d91a1499eb3c1df6749 sha1: c06c3e3825840de221de2885eb0823c37ea978e8 size: 17408
Timestamp	2014-01-22 06:40:45
Packer	Microsoft Visual C++ ?.?
PEhash	0104faf0c5ccbdf0710c0cc6336f518595fc321a
IMPhash	ed5c9312c66d355fd686c10b6952b803
AV	avira	TR/Symmi.38727.215
AV	avg	Generic_r.DMC

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Registry	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WLAN Awareness Installer NGEN ➝ C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe
Creates File	C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe
Creates Process	C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe

Creates File	\Device\Afd\Endpoint
Creates File	C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.sjdf
Creates File	C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\rfedtuptaum.exe
Creates Process	WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe"

Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\ykvmngwjxdpax\gdutozdo.exe"

Network Details:

DNS	tradestation.net Type: A 65.211.211.21
DNS	streetchildhood.net Type: A 166.78.144.80
DNS	melbourneit.hotkeysparking.com Type: A 8.5.1.16
DNS	quietobject.net Type: A 98.139.135.198
DNS	nightspace.net Type: A 91.250.101.43
DNS	largespace.net Type: A 62.22.102.59
DNS	captainspace.net Type: A 82.165.104.95
DNS	captaintravel.net Type: A 184.168.221.96
DNS	electrictravel.net Type: A 89.31.99.149
DNS	tradespace.net Type: A 66.151.181.33
DNS	streettravel.net Type: A 50.63.202.65
DNS	gatherspace.net Type: A 216.157.91.112
DNS	bettertravel.net Type: A 66.151.181.33
DNS	streetthird.net Type: A
DNS	tradethird.net Type: A
DNS	streetobject.net Type: A
DNS	tradeobject.net Type: A
DNS	tradechildhood.net Type: A
DNS	betterstation.net Type: A
DNS	gatherstation.net Type: A
DNS	betterthird.net Type: A
DNS	gatherthird.net Type: A
DNS	betterobject.net Type: A
DNS	gatherobject.net Type: A
DNS	betterchildhood.net Type: A
DNS	gatherchildhood.net Type: A
DNS	flierstation.net Type: A
DNS	breadstation.net Type: A
DNS	flierthird.net Type: A
DNS	breadthird.net Type: A
DNS	flierobject.net Type: A
DNS	breadobject.net Type: A
DNS	flierchildhood.net Type: A
DNS	breadchildhood.net Type: A
DNS	quietstation.net Type: A
DNS	seasonstation.net Type: A
DNS	quietthird.net Type: A
DNS	seasonthird.net Type: A
DNS	seasonobject.net Type: A
DNS	quietchildhood.net Type: A
DNS	seasonchildhood.net Type: A
DNS	againstspace.net Type: A
DNS	doubtspace.net Type: A
DNS	againsttravel.net Type: A
DNS	doubttravel.net Type: A
DNS	againstyellow.net Type: A
DNS	doubtyellow.net Type: A
DNS	againstclose.net Type: A
DNS	doubtclose.net Type: A
DNS	decidespace.net Type: A
DNS	nighttravel.net Type: A
DNS	decidetravel.net Type: A
DNS	nightyellow.net Type: A
DNS	decideyellow.net Type: A
DNS	nightclose.net Type: A
DNS	decideclose.net Type: A
DNS	largetravel.net Type: A
DNS	largeyellow.net Type: A
DNS	captainyellow.net Type: A
DNS	largeclose.net Type: A
DNS	captainclose.net Type: A
DNS	recordspace.net Type: A
DNS	electricspace.net Type: A
DNS	recordtravel.net Type: A
DNS	recordyellow.net Type: A
DNS	electricyellow.net Type: A
DNS	recordclose.net Type: A
DNS	electricclose.net Type: A
DNS	streetspace.net Type: A
DNS	tradetravel.net Type: A
DNS	streetyellow.net Type: A
DNS	tradeyellow.net Type: A
DNS	streetclose.net Type: A
DNS	tradeclose.net Type: A
DNS	betterspace.net Type: A
DNS	gathertravel.net Type: A
DNS	betteryellow.net Type: A
DNS	gatheryellow.net Type: A
DNS	betterclose.net Type: A
DNS	gatherclose.net Type: A
DNS	flierspace.net Type: A
DNS	breadspace.net Type: A
DNS	fliertravel.net Type: A
DNS	breadtravel.net Type: A
DNS	flieryellow.net Type: A
DNS	breadyellow.net Type: A
HTTP GET	http://tradestation.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://streetchildhood.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://quietstation.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://quietobject.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://nightspace.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://largespace.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://captainspace.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://captaintravel.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://electrictravel.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://tradespace.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://streettravel.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://gatherspace.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
HTTP GET	http://bettertravel.net/forum/search.php?email=tepalex@yahoo.com&method=post User-Agent:
Flows TCP	192.168.1.1:1031 ➝ 65.211.211.21:80
Flows TCP	192.168.1.1:1032 ➝ 166.78.144.80:80
Flows TCP	192.168.1.1:1033 ➝ 8.5.1.16:80
Flows TCP	192.168.1.1:1034 ➝ 98.139.135.198:80
Flows TCP	192.168.1.1:1035 ➝ 91.250.101.43:80
Flows TCP	192.168.1.1:1036 ➝ 62.22.102.59:80
Flows TCP	192.168.1.1:1037 ➝ 82.165.104.95:80
Flows TCP	192.168.1.1:1038 ➝ 184.168.221.96:80
Flows TCP	192.168.1.1:1039 ➝ 89.31.99.149:80
Flows TCP	192.168.1.1:1040 ➝ 66.151.181.33:80
Flows TCP	192.168.1.1:1041 ➝ 50.63.202.65:80
Flows TCP	192.168.1.1:1042 ➝ 216.157.91.112:80
Flows TCP	192.168.1.1:1043 ➝ 66.151.181.33:80

Raw Pcap

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a207472 61646573   se..Host: trades
0x00000070 (00112)   74617469 6f6e2e6e 65740d0a 0d0a       tation.net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a207374 72656574   se..Host: street
0x00000070 (00112)   6368696c 64686f6f 642e6e65 740d0a0d   childhood.net...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a207175 69657473   se..Host: quiets
0x00000070 (00112)   74617469 6f6e2e6e 65740d0a 0d0a2047   tation.net.... G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a207175 6965746f   se..Host: quieto
0x00000070 (00112)   626a6563 742e6e65 740d0a0d 0a352047   bject.net....5 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a206e69 67687473   se..Host: nights
0x00000070 (00112)   70616365 2e6e6574 0d0a0d0a 0a352047   pace.net.....5 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a206c61 72676573   se..Host: larges
0x00000070 (00112)   70616365 2e6e6574 0d0a0d0a 0a352047   pace.net.....5 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a206361 70746169   se..Host: captai
0x00000070 (00112)   6e737061 63652e6e 65740d0a 0d0a2047   nspace.net.... G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a206361 70746169   se..Host: captai
0x00000070 (00112)   6e747261 76656c2e 6e65740d 0a0d0a47   ntravel.net....G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a20656c 65637472   se..Host: electr
0x00000070 (00112)   69637472 6176656c 2e6e6574 0d0a0d0a   ictravel.net....
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a207472 61646573   se..Host: trades
0x00000070 (00112)   70616365 2e6e6574 0d0a0d0a 0d0a0d0a   pace.net........
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a207374 72656574   se..Host: street
0x00000070 (00112)   74726176 656c2e6e 65740d0a 0d0a0d0a   travel.net......
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a206761 74686572   se..Host: gather
0x00000070 (00112)   73706163 652e6e65 740d0a0d 0a0a0d0a   space.net.......
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 74657061   h.php?email=tepa
0x00000020 (00032)   6c657840 7961686f 6f2e636f 6d266d65   lex@yahoo.com&me
0x00000030 (00048)   74686f64 3d706f73 74204854 54502f31   thod=post HTTP/1
0x00000040 (00064)   2e300d0a 41636365 70743a20 2a2f2a0d   .0..Accept: */*.
0x00000050 (00080)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000060 (00096)   73650d0a 486f7374 3a206265 74746572   se..Host: better
0x00000070 (00112)   74726176 656c2e6e 65740d0a 0d0a0d0a   travel.net......
0x00000080 (00128)

Strings

x
.
-E-
-0
-0010+-0
0
-0
CC
00-+ 
.
.
-e-
. 
\
 
00
.
:\
:..
...........?- 
0
0
0
0
-
hu
Ajjj
E(null)
                                 H
         (((((                  H
         h((((                  H
jjjjh
KERNEL32.DLL
mscoree.dll
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
]0#9:2
0A@@Ju
0SSSSS
0WWWWW
1#QNAN
1#SNAN
4QEtKp
8\$2tX
#:8u<[|
8VVVVV
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
#aDsyf
ADVAPI32.dll
An application has made an attempt to load the C runtime library incorrectly.
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
__cdecl
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
CompareStringA
CompareStringW
 Complete Object Locator'
CONOUT$
`copy constructor closure'
CopyFileA
CorExitProcess
CreateDIBitmap
CreateDirectoryA
CreateEventA
CreateFileA
CreateIconFromResourceEx
CreateProcessA
CreateStreamOnHGlobal
CreateThread
CreateToolhelp32Snapshot
CreateWindowExA
- CRT not initialized
D$ [_^]
D$$_^[
D$$_^][
D$4WPf
@.data
D$\;D$
dddd, MMMM dd, yyyy
D$\+D$T
D$`+D$X+
December
DecodePointer
`default constructor closure'
DefWindowProcA
 delete
 delete[]
Delete
DeleteCriticalSection
D$h_^[3
D$hSUVW
DispatchMessageA
D$LPQW
D$LPQWSS
D$LQVRPS
DOMAIN error
DPtoLP
D$,PVVj
D$PWPf
	D'SkK?w
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EncodePointer
EndPaint
EnterCriticalSection
ExitProcess
__fastcall
February
Fh=`fB
{FiJUFi
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
^F<-uB
GAIsProcessorFeaturePresent
GDI32.dll
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDesktopWindow
GetDeviceCaps
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileSize
GetFileType
GetFullPathNameA
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMapMode
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetTitleBarInfo
GetUserObjectInformationA
GetWindowDC
GetWindowRect
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
`h````
HeapAlloc
HeapCompact
HeapCreate
HeapFree
HeapReAlloc
HeapSize
hF3j4_
HHerjq6
`h`hhh
HH:mm:ss
HHtXHHt
|Hvf[=
#i)0,T
>If90t
ikr,d*S+
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
InvalidateRect
invalid string position
IsDebuggerPresent
IsValidCodePage
JanFebMarAprMayJunJulAugSepOctNovDec
January
j$h\1B
j(h4FB
j h@6B
JH9"s 
j,h@!B
j~hPDB
j@j ^V
j"^SSSSS
KERNEL32
KERNEL32.dll
L$4QRP
LCMapStringA
LCMapStringW
LeaveCriticalSection
L},hqS
L$LQRW
L$LQRWPP
L$LQRWUU
LoadCursorA
LoadLibraryA
LoadMenuA
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LPdItN
LPtoDP
L$(QSU
L$ QUV
L$,RPQ
L$ Vj 
L$ VSj
L$x_^][3
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MessageBoxA
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
MoveFileA
MoveWindow
MulDiv
MultiByteToWideChar
 new[]
NoRemove
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
?%:N_Ra$k,{
(null)
October
ole32.dll
OLEAUT32.dll
`omni callsig'
OpenProcess
operator
=P.|0<1
__pascal
PathToRegion
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PostQuitMessage
PPPPPPPP
Process32First
Process32Next
Program: 
<program name unknown>
__ptr64
- pure virtual function call
QQSVWd
QueryPerformanceCounter
RaiseException
`.rdata
ReadFile
RegCloseKey
RegisterClassExA
RegOpenKeyA
RegSetValueExA
RemovePropA
ResetDCA
__restrict
@`rk}l8
RtlUnwind
runtime error 
Runtime Error!
Saturday
`scalar deleting destructor'
September
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetMapMode
SetStdHandle
SetUnhandledExceptionFilter
SetWindowTextA
,SF3f 
ShowWindow
SING error
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
SVWj h@6B
T$0RPW
t$4WPR
TerminateProcess
TextOutA
tGHt.Ht&
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
T$HRUPW
Thursday
T$HVWf
< tK<	tG
TLOSS error
T$LRPWU
T$LRVWPP
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
tR99u2
TransactNamedPipe
TranslateMessage
t"SS9]
<+t(<-t$:
T$<+T$
t$<"u	3
Tuesday
;t$,v-
T$ WRP
t$,WSQ3
t+WWVPV
 Type Descriptor'
`typeof'
>:u8FV
uBh!IA
`udt returning'
uL9=8}B
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
Unknown exception
UpdateWindow
UQPXY]Y[
URPQQh
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
u!XW+`
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
v	N+D$
_VVVVV
VVVVVQRSSj
VWj4h<9B
WaitForDebugEvent
WaitForSingleObject
Wednesday
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
x5$LYK
x5vApD(
xppwpp
xpxxxx
<xtX<XtT
Y;=hlB
>=Yt1j
;yw)OP