Analysis | #totalhash

Analysis Date	2014-08-16 16:33:59
MD5	0cdca7b80291b8ee65e3ee7f5aba5432
SHA1	2fda2ba4d704aef2bf8e60db0d83362869fc3fac

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 11e2cbda92607c6acf1b55ba25f32c90 sha1: b5214cd28eb74f2c5ec5ae9058f2348da63252e6 size: 726528
Section	.rdata md5: 340bdd9a1132ea0249f38aa6ee86d120 sha1: 94a1f3440e07c784159426d1ef14372bbef905ac size: 33792
Section	.data md5: 30f2ee643ef784b46430f1dd15181a21 sha1: 29103e7495f1f70b17bf64754368d53be0b4fcd2 size: 123392
Timestamp	2013-06-11 10:35:58
Packer	Microsoft Visual C++ ?.?
PEhash	96f951d4a11d03e1cbc6161b61d56cf42a53913b
IMPhash	c0e0cf98aa59d6d06f304f41a409671d
AV	360 Safe	Gen:Variant.Symmi.25089
AV	Ad-Aware	Gen:Variant.Symmi.25089
AV	Alwil (avast)	Malware-gen:Win32:Malware-gen
AV	Arcabit (arcavir)	no_virus
AV	Authentium	no_virus
AV	Avira (antivir)	TR/Crypt.ZPACK.93266
AV	CA (E-Trust Ino)	no_virus
AV	CAT (quickheal)	no_virus
AV	ClamAV	no_virus
AV	Dr. Web	Trojan.DownLoader11.8213
AV	Emsisoft	Gen:Variant.Symmi.25089
AV	Eset (nod32)	Win32/Kryptik.BQWI
AV	Fortinet	W32/Kryptik.BCFJ!tr
AV	Frisk (f-prot)	no_virus
AV	F-Secure	Gen:Variant.Symmi.25089
AV	Grisoft (avg)	Win32/Cryptor
AV	Ikarus	Trojan.Win32.Spy
AV	K7	Backdoor ( 04c540d41 )
AV	Kaspersky	Trojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.175154:Trojan.Win32.PEF.pf.silent.181830:Trojan.Win32.PEF.pf.silent.375904:Trojan.Win32.PEF.pf.silent.376942:Trojan.Win32.PEF.pf.silent.377697:Trojan.Win32.PEF.pf.silent.378515:Trojan.Win32.PEF.pf.silent.379237:Trojan.Win32.PEF.pf.silent.380145:Trojan.Win32.PEF.pf.silent.380997:Trojan.Win32.PEF.pf.silent.416452
AV	MalwareBytes	no_virus
AV	Mcafee	RDN/Generic.bfr!hd
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort.Y
AV	MicroWorld (escan)	Gen:Variant.Symmi.25089
AV	Norman	winpe/Troj_Generic.VGLEF
AV	Rising	no_virus
AV	Sophos	no_virus
AV	Symantec	no_virus
AV	Trend Micro	TSPY_NIVDORT.SMA
AV	VirusBlokAda (vba32)	no_virus
AV	Yara APT	no_virus
AV	Zillya!	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE452.tmp
Creates File	C:\WINDOWS\system32\fqgavnetxkw\tst
Creates File	PIPE\lsarpc
Creates File	\Device\Afd\Endpoint
Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\frbgbxah1l03xekkfcdhjizz.exe
Creates Process	C:\Documents and Settings\Administrator\Local Settings\Temp\frbgbxah1l03xekkfcdhjizz.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\frbgbxah1l03xekkfcdhjizz.exe

Registry	HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝ NULL
Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Receiver Interactive Filtering Update ➝ C:\WINDOWS\system32\blyecgkvm.exe
Creates File	C:\WINDOWS\system32\fqgavnetxkw\tst
Creates File	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates File	C:\WINDOWS\system32\fqgavnetxkw\lck
Creates File	C:\Documents and Settings\Administrator\Cookies\index.dat
Creates File	PIPE\lsarpc
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\blyecgkvm.exe
Creates Process	C:\WINDOWS\system32\blyecgkvm.exe
Creates Mutex	c:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex	WininetConnectionMutex
Creates Mutex	c:!documents and settings!administrator!cookies!
Creates Mutex	c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Service	IP Notification Cache Builder - C:\WINDOWS\system32\blyecgkvm.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates File	C:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1204

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL
Registry	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7
Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL
Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1876

Process
↳ Pid 1164

Process
↳ C:\WINDOWS\system32\blyecgkvm.exe

Creates File	pipe\net\NtControlPipe10
Creates File	C:\WINDOWS\system32\fqgavnetxkw\tst
Creates File	C:\WINDOWS\system32\fqgavnetxkw\run
Creates File	C:\WINDOWS\system32\fqgavnetxkw\rng
Creates File	C:\WINDOWS\system32\ccfhvcgpgyc.exe
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\fqgavnetxkw\cfg
Creates File	C:\WINDOWS\system32\fqgavnetxkw\lck
Creates Process	WATCHDOGPROC "c:\windows\system32\blyecgkvm.exe"

Process
↳ C:\WINDOWS\system32\blyecgkvm.exe

Creates File	C:\WINDOWS\system32\fqgavnetxkw\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\blyecgkvm.exe"

Creates File	C:\WINDOWS\system32\fqgavnetxkw\tst

Network Details:

DNS	elementarimagine.com Type: A 141.8.225.80
DNS	mojoguia.com Type: A 204.11.56.26
DNS	veryfree.net Type: A 208.73.211.70
DNS	waitfree.net Type: A 68.178.232.100
DNS	takefree.net Type: A 69.172.201.208
DNS	takeforty.net Type: A 173.204.164.227
DNS	lifedaily.net Type: A 142.4.15.95
DNS	lifefull.net Type: A 50.63.202.63
DNS	mouthfull.net Type: A 69.172.201.208
DNS	decemberdaily.net Type: A 50.63.202.36
DNS	pengthecon.com Type: A
DNS	themorrefk.com Type: A
DNS	tablewash.net Type: A
DNS	salthave.net Type: A
DNS	yourenjoy.net Type: A
DNS	lookloss.net Type: A
DNS	southabout.net Type: A
DNS	liarshot.net Type: A
DNS	ableeach.net Type: A
DNS	jumpgray.net Type: A
DNS	movegray.net Type: A
DNS	fallwall.net Type: A
DNS	weekfree.net Type: A
DNS	weekforty.net Type: A
DNS	veryforty.net Type: A
DNS	weekother.net Type: A
DNS	veryother.net Type: A
DNS	weekwall.net Type: A
DNS	verywall.net Type: A
DNS	piecefree.net Type: A
DNS	muchfree.net Type: A
DNS	pieceforty.net Type: A
DNS	muchforty.net Type: A
DNS	pieceother.net Type: A
DNS	muchother.net Type: A
DNS	piecewall.net Type: A
DNS	muchwall.net Type: A
DNS	waitforty.net Type: A
DNS	waitother.net Type: A
DNS	takeother.net Type: A
DNS	waitwall.net Type: A
DNS	takewall.net Type: A
DNS	longblood.net Type: A
DNS	soilblood.net Type: A
DNS	longdaily.net Type: A
DNS	soildaily.net Type: A
DNS	longlose.net Type: A
DNS	soillose.net Type: A
DNS	longfull.net Type: A
DNS	soilfull.net Type: A
DNS	wheelblood.net Type: A
DNS	saidblood.net Type: A
DNS	wheeldaily.net Type: A
DNS	saiddaily.net Type: A
DNS	wheellose.net Type: A
DNS	saidlose.net Type: A
DNS	wheelfull.net Type: A
DNS	saidfull.net Type: A
DNS	stickblood.net Type: A
DNS	ballblood.net Type: A
DNS	stickdaily.net Type: A
DNS	balldaily.net Type: A
DNS	sticklose.net Type: A
DNS	balllose.net Type: A
DNS	stickfull.net Type: A
DNS	ballfull.net Type: A
DNS	enemyblood.net Type: A
DNS	lifeblood.net Type: A
DNS	enemydaily.net Type: A
DNS	enemylose.net Type: A
DNS	lifelose.net Type: A
DNS	enemyfull.net Type: A
DNS	mouthblood.net Type: A
DNS	tillblood.net Type: A
DNS	mouthdaily.net Type: A
DNS	tilldaily.net Type: A
DNS	mouthlose.net Type: A
DNS	tilllose.net Type: A
DNS	tillfull.net Type: A
DNS	shallblood.net Type: A
DNS	deepblood.net Type: A
DNS	shalldaily.net Type: A
DNS	deepdaily.net Type: A
DNS	shalllose.net Type: A
DNS	deeplose.net Type: A
DNS	shallfull.net Type: A
DNS	deepfull.net Type: A
DNS	pushblood.net Type: A
DNS	fridayblood.net Type: A
DNS	pushdaily.net Type: A
DNS	fridaydaily.net Type: A
DNS	pushlose.net Type: A
DNS	fridaylose.net Type: A
DNS	pushfull.net Type: A
DNS	fridayfull.net Type: A
DNS	alongblood.net Type: A
DNS	decemberblood.net Type: A
DNS	alongdaily.net Type: A
HTTP GET	http://elementarimagine.com/forum/search.php?method=validate&mode=my&email=hcusnir@yahoo.com&lici=auto_000060&ver=012 User-Agent:
HTTP GET	http://mojoguia.com/forum/search.php?method=validate&mode=my&email=hcusnir@yahoo.com&lici=auto_000060&ver=012 User-Agent:
HTTP GET	http://veryfree.net/forum/search.php?method=validate&mode=my&email=hcusnir@yahoo.com&lici=auto_000060&ver=012 User-Agent:
HTTP GET	http://waitfree.net/forum/search.php?method=validate&mode=my&email=hcusnir@yahoo.com&lici=auto_000060&ver=012 User-Agent:
HTTP GET	http://takefree.net/forum/search.php?method=validate&mode=my&email=hcusnir@yahoo.com&lici=auto_000060&ver=012 User-Agent:
HTTP GET	http://takeforty.net/forum/search.php?method=validate&mode=my&email=hcusnir@yahoo.com&lici=auto_000060&ver=012 User-Agent:
HTTP GET	http://lifedaily.net/forum/search.php?method=validate&mode=my&email=hcusnir@yahoo.com&lici=auto_000060&ver=012 User-Agent:
HTTP GET	http://lifefull.net/forum/search.php?method=validate&mode=my&email=hcusnir@yahoo.com&lici=auto_000060&ver=012 User-Agent:
HTTP GET	http://mouthfull.net/forum/search.php?method=validate&mode=my&email=hcusnir@yahoo.com&lici=auto_000060&ver=012 User-Agent:
HTTP GET	http://decemberdaily.net/forum/search.php?method=validate&mode=my&email=hcusnir@yahoo.com&lici=auto_000060&ver=012 User-Agent:
Flows TCP	192.168.1.1:1031 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1032 ➝ 204.11.56.26:80
Flows TCP	192.168.1.1:1033 ➝ 208.73.211.70:80
Flows TCP	192.168.1.1:1034 ➝ 68.178.232.100:80
Flows TCP	192.168.1.1:1035 ➝ 69.172.201.208:80
Flows TCP	192.168.1.1:1036 ➝ 173.204.164.227:80
Flows TCP	192.168.1.1:1037 ➝ 142.4.15.95:80
Flows TCP	192.168.1.1:1038 ➝ 50.63.202.63:80
Flows TCP	192.168.1.1:1039 ➝ 69.172.201.208:80
Flows TCP	192.168.1.1:1040 ➝ 50.63.202.36:80

Raw Pcap

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 68637573 6e697240 7961686f   ail=hcusnir@yaho
0x00000040 (00064)   6f2e636f 6d266c69 63693d61 75746f5f   o.com&lici=auto_
0x00000050 (00080)   30303030 36302676 65723d30 31322048   000060&ver=012 H
0x00000060 (00096)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000070 (00112)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000080 (00128)   3a20636c 6f73650d 0a486f73 743a2065   : close..Host: e
0x00000090 (00144)   6c656d65 6e746172 696d6167 696e652e   lementarimagine.
0x000000a0 (00160)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 68637573 6e697240 7961686f   ail=hcusnir@yaho
0x00000040 (00064)   6f2e636f 6d266c69 63693d61 75746f5f   o.com&lici=auto_
0x00000050 (00080)   30303030 36302676 65723d30 31322048   000060&ver=012 H
0x00000060 (00096)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000070 (00112)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000080 (00128)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000090 (00144)   6f6a6f67 7569612e 636f6d0d 0a0d0a2e   ojoguia.com.....
0x000000a0 (00160)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 68637573 6e697240 7961686f   ail=hcusnir@yaho
0x00000040 (00064)   6f2e636f 6d266c69 63693d61 75746f5f   o.com&lici=auto_
0x00000050 (00080)   30303030 36302676 65723d30 31322048   000060&ver=012 H
0x00000060 (00096)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000070 (00112)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000080 (00128)   3a20636c 6f73650d 0a486f73 743a2076   : close..Host: v
0x00000090 (00144)   65727966 7265652e 6e65740d 0a0d0a2e   eryfree.net.....
0x000000a0 (00160)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 68637573 6e697240 7961686f   ail=hcusnir@yaho
0x00000040 (00064)   6f2e636f 6d266c69 63693d61 75746f5f   o.com&lici=auto_
0x00000050 (00080)   30303030 36302676 65723d30 31322048   000060&ver=012 H
0x00000060 (00096)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000070 (00112)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000080 (00128)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000090 (00144)   61697466 7265652e 6e65740d 0a0d0a2e   aitfree.net.....
0x000000a0 (00160)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 68637573 6e697240 7961686f   ail=hcusnir@yaho
0x00000040 (00064)   6f2e636f 6d266c69 63693d61 75746f5f   o.com&lici=auto_
0x00000050 (00080)   30303030 36302676 65723d30 31322048   000060&ver=012 H
0x00000060 (00096)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000070 (00112)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000080 (00128)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000090 (00144)   616b6566 7265652e 6e65740d 0a0d0a2e   akefree.net.....
0x000000a0 (00160)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 68637573 6e697240 7961686f   ail=hcusnir@yaho
0x00000040 (00064)   6f2e636f 6d266c69 63693d61 75746f5f   o.com&lici=auto_
0x00000050 (00080)   30303030 36302676 65723d30 31322048   000060&ver=012 H
0x00000060 (00096)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000070 (00112)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000080 (00128)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000090 (00144)   616b6566 6f727479 2e6e6574 0d0a0d0a   akeforty.net....
0x000000a0 (00160)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 68637573 6e697240 7961686f   ail=hcusnir@yaho
0x00000040 (00064)   6f2e636f 6d266c69 63693d61 75746f5f   o.com&lici=auto_
0x00000050 (00080)   30303030 36302676 65723d30 31322048   000060&ver=012 H
0x00000060 (00096)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000070 (00112)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000080 (00128)   3a20636c 6f73650d 0a486f73 743a206c   : close..Host: l
0x00000090 (00144)   69666564 61696c79 2e6e6574 0d0a0d0a   ifedaily.net....
0x000000a0 (00160)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 68637573 6e697240 7961686f   ail=hcusnir@yaho
0x00000040 (00064)   6f2e636f 6d266c69 63693d61 75746f5f   o.com&lici=auto_
0x00000050 (00080)   30303030 36302676 65723d30 31322048   000060&ver=012 H
0x00000060 (00096)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000070 (00112)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000080 (00128)   3a20636c 6f73650d 0a486f73 743a206c   : close..Host: l
0x00000090 (00144)   69666566 756c6c2e 6e65740d 0a0d0a0a   ifefull.net.....
0x000000a0 (00160)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 68637573 6e697240 7961686f   ail=hcusnir@yaho
0x00000040 (00064)   6f2e636f 6d266c69 63693d61 75746f5f   o.com&lici=auto_
0x00000050 (00080)   30303030 36302676 65723d30 31322048   000060&ver=012 H
0x00000060 (00096)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000070 (00112)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000080 (00128)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000090 (00144)   6f757468 66756c6c 2e6e6574 0d0a0d0a   outhfull.net....
0x000000a0 (00160)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 68637573 6e697240 7961686f   ail=hcusnir@yaho
0x00000040 (00064)   6f2e636f 6d266c69 63693d61 75746f5f   o.com&lici=auto_
0x00000050 (00080)   30303030 36302676 65723d30 31322048   000060&ver=012 H
0x00000060 (00096)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000070 (00112)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000080 (00128)   3a20636c 6f73650d 0a486f73 743a2064   : close..Host: d
0x00000090 (00144)   6563656d 62657264 61696c79 2e6e6574   ecemberdaily.net
0x000000a0 (00160)   0d0a0d0a 0a0d0a                       .......

Strings

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
 
!
"
#
$
%
&
'
(
)
*
+
,
-
.
/
0
1
 
+
.
"1"
2dll1exe
 
+%3D%3A%26A&
"
 
eegetlTnetecsretaHonE
OCprttlldtdSFev3v2eer
Keiael
CElCnoerneb
d.SaeeSrt
jAialh
aenWl:
 ' 
\
..
...
...
............... ..!"!0#!$%!.
&
.
').
.
*+*
,-,./010/.,2,
  ---
ss
.
.
 0
-_
h1
21212
:
:
S
dll2
h2
1
1
exe
a
 
[
Z
[
Z
[
%+#.*fa
0e
%+#I64o
.,
 -CC00-+ 
 
.
-e-
. 
.
-E-
-0
-0010+-0
0
-0
\
00-+ 
.
  :\
:..00...........?- 
0
0
0
0
-
I
i.]
.
f
*
.
.
.
.d<
.u
                                 H
         (((((                  H
         h((((                  H
jjjh
jjjjh
jjjjjj
KERNEL32.DLL
Ljjj
Mjjj
Mjjjj
mscoree.dll
N(null)
                          
																		
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
#0awoM
#0{C-KP
0o5rbnOG
0SSSSS
0WWWWW
16"TK3
{1p@/Zt
1qk'PL
1#QNAN
1#SNAN
1zkH;UUL
2] EjF
2<iq4gd
2I)`UU
2{K\1<z5xM
2Lh  W
!2vuQh
|3+(NKE
40-s8t
46v69A
4['xe&q
4yOB^+
5+|5(X
5(*,Q[
5[ZPYy
5zS+Ir@pi
66t7LT
6!LJsd
\75`(&i
$7L8tk(
7V*",Z
?7xLH%M
7(YP)$G
8Db|( 
8VVVVV
'9?..4y
9&5%OO
`9+cdm
9=i)Oi
}\ +A2j
%a9g]R
a9"wK/#~
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
$	a$cuD
Afu`rul
a#-{g .
<A*H:V
_-	a]i
ak>H|5
{Al<v[
america
american
american english
american-english
$A]$ %n`(
An application has made an attempt to load the C runtime library incorrectly.
aoAwx=
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUctype_base@std@@
August
australian
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$ctype@D@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
b2]l1`
bad allocation
bad cast
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
belgian
Bf"3r|]
BH1F!$
Bh;/AQv4
b)}j1f
|bKu2t
bl'WBqN
B'O@oS
!bR6}L
britain
'Bs[$Ua
CallWindowProcA
canadian
__cdecl
cf1O_G
CheckDlgButton
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
{C'mBICy
cmd.exe
CompareStringA
CompareStringW
 Complete Object Locator'
COMSPEC
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CreateFileA
CreateProcessA
- CRT not initialized
C%y%u@
d;:7pe&
d;aHG!T:[
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteFileA
deque<T> too long
?d:fkx
DKz<?2
?DO7Bt
DOMAIN error
dP|Jxb
dq'nN9ZU
DrawTextA
dutch-belgian
DwX.}l
DX7,rl
d>{	>y
`dynamic atexit destructor for '
`dynamic initializer for '
e.3Zf%
e;c+ZO
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EnableWindow
EncodePointer
EndDialog
EndPaint
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
!E{ONv
%Esay]
ExitProcess
'e~yY'w
:=F5suj
F^a(b,H
__fastcall
February
fE>C!l
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
fn_$uV
ForceRemove
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
^F<-uB
GAIsProcessorFeaturePresent
GDI32.dll
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCursor
GetDCBrushColor
GetDCPenColor
GetDeviceCaps
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileTime
GetFileType
GetFontLanguageInfo
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameA
GetGraphicsMode
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMetaRgn
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNearestColor
GetObjectType
GetOEMCP
GetPixelFormat
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoA
GetStdHandle
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTextColor
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationA
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
?G`;f4
"G%LD;
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
g~o}x:/"'
great britain
 G~~U:5
`h````
h$17iE
H7=Esd	
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
hg7Jrgf
`h`hhh
HH:mm:ss
HHtXHHt
HHtYHHt
:>,hj c_
$HL[*Y
|hMI>;
holland
hong-kong
_#_I|@]
	i-9g`
i^:d4/lO
>If90t
Ifc_z%
~iH#W7yY
/ILV6j
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
ios_base::badbit set
ios_base::failbit set
irish-english
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWindowEnabled
IsWindowUnicode
italian-swiss
`iuL)ib2
Ixh-	>dL
IXi )D
IYld&e
I{;,[zU[U!V
j1h4PM
`j3iHQiF#
j8h@eM
j8hhfM
jAhPmM
JanFebMarAprMayJunJulAugSepOctNovDec
January
jEh pM
j,h 3L
j<h@4L
j	h4vM
j	h$5L
j"h<6L
j	h8nM
j	h8OM
j%hh*L
j(hH+L
j.hHlM
j&h$hM
j	hHoM
j	h@%L
j	h\(L
j	h,lM
 j%hltM
#j%hltM
j	h@%M
j	h$oM
j^hppM
j	hT*L
j!h,tM
j?h(uM
j	hx&L
j;]'[J`
j@j ^V
jLhX#M
jPh(7L
JP(WrM
Jp_y%8
j"^SSSSS
JwL`Vc
>jwXQAv
&;k>aH
k&:Bvy
ke8>cVK`b
KERNEL32
KERNEL32.dll
KIK:N"
(]K~Nq
|ko.f}
kV9|5+
kx@O@HTzOP
.kZa*Zq 
^(L	&^
:l"+$6
l9) }=
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
LeaveCriticalSection
lh64aM{8C
lIxrEf
LoadIconA
LoadLibraryA
LoadResource
LocalAlloc
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
LU)^]!n
M,1sY@=>OT
+m[9xv
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxA
>mFssyR
Microsoft Visual C++ Runtime Library
m~}&<m
MM/dd/yy
(moC=;A
Monday
MoveFileA
MoveWindow
m=>qO_j
[%$m&r
M'^-|r
MultiByteToWideChar
"^ n+/"
n3CQ+#
n3LnI 
+?N!cbVe
Neagcjh
 new[]
new-zealand
nhHSE4
NhS>Am
NNY^0z
NoRemove
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
"^<NQ@
(null)
nyZ.KL
O1MDh`
O1@Pgy
October
OHtoH[
OLEAUT32.dll
oM@5v&
`omni callsig'
o|OZ#Qq,'
operator
otC-Fc
oVqt\paIXT
%>#p@1;
__pascal
P)db&"
	pe~\Fy[
?`PEnO
PFa:TnR[$
 p !gM<
PJYhpWs|D
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
Pnp_sg
portuguese-brazilian
PostMessageA
PPPPPPPP
PpVrwi
pr china
pr-china
Program: 
<program name unknown>
__ptr64
puerto-rico
- pure virtual function call
+$Px5c
@QGgs{5%
QQSVWd
QueryPerformanceCounter
QV(5f{a
<r7vLV]
RA48Mg>NB
RaiseException
`.rdata
ReadFile
RemovePropA
__restrict
rru\99"
RtlUnwind
runtime error 
Runtime Error!
 ryW59n
Saturday
`scalar deleting destructor'
SE=>}L
SendMessageA
September
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextColor
SetTextJustification
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
SING error
SizeofResource
slovak
SnCb)7
sol$Uc
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
SR`@YrD
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
swedish-finland
SX	.xF
SystemRoot
t3h$HK
tdhX4K
TerminateProcess
t=FA9]
tGHt.Ht&
(</t$h
+t HHt
tHhT5K
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
t hp7K
Thursday
tIj"[:
tjh(4K
t:j)ht-L
TK9gUs
tKj$hL
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
tR99u2
trinidad & tobago
T&~s8;K
t"SS9]
<+t(<-t$:
T tdhnus
t$<"u	3
Tuesday
;t$,v-
t VV9u
TVX7w:b
t+WWVPV
tY&aaId
 Type Descriptor'
`typeof'
 `^'u+^
U0nV_9
>:u8FV
<UCVO\
U,cy:N
`udt returning'
uFRzH@A
u&hPGK
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
united-kingdom
united-states
Unknown exception
!..~UO`
uOYmro
UpdateColors
UQPXY]Y[
uqSSSSS
URPQQh
USER32.dll
USER32.DLL
uSj	h<lM
u[SSSP
{uT%eV
UTF-16LE
utj	h@%L
u,VVWV
UX5m;I?
uX!v:,[K
*#=,[,{v
%V;2e)
V6nEm3
vA\4jRvH
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
_-VIb8
VirtualAlloc
`virtual displacement map'
VirtualFree
)[V{*M
v	N+D$
_VVVVV
VVVVVQRSSj
V:X|Kc
"w2x"k
_w8 qwI
WaitForSingleObject
Wednesday
&\Wg~7kS
wHh45K
WideCharToMultiByte
WindowFromDC
Wj(yQ3
{wq|)j8
wRBx{fv
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
WX->+,
@/x!{|!
/x:1B<
x61aTy
X;7_A3[
X7m{,-
*XGXG8V
x`.#hi
X|m_,2t/
xM4@*0,k
Xm5gXy
xppwpp
xPR^yM	
xpxxxx
!X.TL<
<xtX<XtT
Y1	BJ,
Y3ZTo3
* yGc-
y)i^'l
Y@ios_base::eofbit set
YJ4)Nm
^{Y+O6
>=Yt1j
Y<\u#j\V
@_Y&XT
y]\=zY
~y]Z\\Z
Z79/#X
,%{ZE1
$@>Zfx
Z-i(x*
`zjJ}R
z%P;5LM
z*z50C