Analysis Date2015-02-15 00:58:28
MD544a7c768c2811c72537f0e7fe845db71
SHA139da5d14c6efec91bf1fbe882025a5ef433b03b5

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 7a5bef0f523274660295188058e253d6 sha1: faa3d58d73bd9a35167e4c06ed431369254c7a2f size: 723968
Section.rdata md5: 9912d2cffc74e40be26444c3d5b31d20 sha1: 27147ab03419d16b2276ac0466b8a92f543be719 size: 32256
Section.data md5: c75cc8d99e159fd3f676cb749ec755e4 sha1: e4b8c97590a3c9a7668c6fcc9a74a1dc661b39b1 size: 123392
Timestamp2014-01-22 06:00:32
PackerMicrosoft Visual C++ ?.?
PEhash8d10ca687a3da2d2102d5868ca417f9437f41032
IMPhash84973b00690d466dba5fe7bd2213c965
AV360 Safeno_virus
AVAd-AwareGen:Variant.Symmi.22722
AVAlwil (avast)Kryptik-OCE [Trj]
AVArcabit (arcavir)Gen:Variant.Symmi.22722
AVAuthentiumW32/Symmi.AH.gen!Eldorado
AVAvira (antivir)BDS/Zegost.Gen4
AVBullGuardGen:Variant.Symmi.22722
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.Generic.r3
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Symmi.22722
AVEset (nod32)Win32/Kryptik.BQWI
AVFortinetW32/Kryptik.BCFJ!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Symmi.22722
AVGrisoft (avg)Win32/Cryptor
AVIkarusTrojan.Win32.Spy
AVK7Trojan ( 0049137f1 )
AVKasperskyTrojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.175154:Trojan.Win32.PEF.pf.silent.181830:Trojan.Win32.PEF.pf.silent.375904:Trojan.Win32.PEF.pf.silent.376942:Trojan.Win32.PEF.pf.silent.377697:Trojan.Win32.PEF.pf.silent.378515:Trojan.Win32.PEF.pf.silent.379237:Trojan.Win32.PEF.pf.silent.380145:Trojan.Win32.PEF.pf.silent.380997:Trojan.Win32.PEF.pf.silent.416452:Trojan.Win32.PEF.pf.silent.432810:Trojan.Win32.PEF.pf.silent.445825:Trojan.Win32.PEF.pf.silent.454569:Trojan.Win32.PEF.pf.silent.456542:Trojan.Win32.PEF.pf.silent.479305:Trojan.Win32.PEF.pf.silent.481926:Trojan.Win32.PEF.pf.silent.483728:Trojan.Win32.PEF.pf.silent.484661:Trojan.Win32.PEF.pf.silent.23214164:Trojan.Win32.PEF.pf.silent.23712702:Trojan.Win32.VHO.silent.23584149:Trojan.Win32.VHO.silent.23486822
AVMalwareBytesno_virus
AVMcafeeRDN/Generic PWS.y!bcn
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.AE
AVMicroWorld (escan)Gen:Variant.Symmi.22722
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend MicroTSPY_NIVDORT.SM
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\xztlahpq1lvchrpacfczntgp.exe
Creates FileC:\WINDOWS\system32\nleelslpowj\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\xztlahpq1lvchrpacfczntgp.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\xztlahpq1lvchrpacfczntgp.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Secondary Auto PC Identity Block Connect ➝
C:\WINDOWS\system32\mgdntbm.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\mgdntbm.exe
Creates FileC:\WINDOWS\system32\nleelslpowj\lck
Creates FileC:\WINDOWS\system32\nleelslpowj\etc
Creates FileC:\WINDOWS\system32\nleelslpowj\tst
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\mgdntbm.exe
Creates ServicePort Control Sharing Adapter - C:\WINDOWS\system32\mgdntbm.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1204

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates FileWMIDataDevice

Process
↳ Pid 1088

Process
↳ C:\WINDOWS\system32\mgdntbm.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\nleelslpowj\cfg
Creates FileC:\WINDOWS\system32\nleelslpowj\run
Creates FileC:\WINDOWS\system32\nleelslpowj\lck
Creates FileC:\WINDOWS\system32\ernfwhhr.exe
Creates FileC:\WINDOWS\system32\nleelslpowj\tst
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\TEMP\xztlahpq1s6bhrpa.exe
Creates FileC:\WINDOWS\system32\nleelslpowj\rng
Creates File\Device\Afd\Endpoint
Creates ProcessWATCHDOGPROC "c:\windows\system32\mgdntbm.exe"
Creates ProcessC:\WINDOWS\TEMP\xztlahpq1s6bhrpa.exe -r 43692 tcp

Process
↳ C:\WINDOWS\system32\mgdntbm.exe

Creates FileC:\WINDOWS\system32\nleelslpowj\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\mgdntbm.exe"

Creates FileC:\WINDOWS\system32\nleelslpowj\tst

Process
↳ C:\WINDOWS\TEMP\xztlahpq1s6bhrpa.exe -r 43692 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSstickmarch.net
Type: A
69.195.129.70
DNStablefruit.net
Type: A
69.195.129.70
DNSleaddaily.net
Type: A
58.64.158.234
DNSleadfull.net
Type: A
192.185.91.40
DNScalldaily.net
Type: A
192.241.149.33
DNSpointfull.net
Type: A
94.23.74.103
DNSwestocean.net
Type: A
188.40.39.214
DNSpointocean.net
Type: A
184.168.221.59
DNSwestocean.net
Type: A
188.40.39.214
DNSkaselindertu.com
Type: A
DNSdavedekilai.com
Type: A
DNSlaloponea.com
Type: A
DNSfredesecas.com
Type: A
DNSdonaven4guia.com
Type: A
DNSwestfull.net
Type: A
DNStableblood.net
Type: A
DNSleadblood.net
Type: A
DNStabledaily.net
Type: A
DNStablelose.net
Type: A
DNSleadlose.net
Type: A
DNStablefull.net
Type: A
DNSpointblood.net
Type: A
DNScallblood.net
Type: A
DNSpointdaily.net
Type: A
DNSpointlose.net
Type: A
DNScalllose.net
Type: A
DNScallfull.net
Type: A
DNSnoneblood.net
Type: A
DNSliarblood.net
Type: A
DNSnonedaily.net
Type: A
DNSliardaily.net
Type: A
DNSnonelose.net
Type: A
DNSliarlose.net
Type: A
DNSnonefull.net
Type: A
DNSliarfull.net
Type: A
DNSwellblood.net
Type: A
DNSnoseblood.net
Type: A
DNSwelldaily.net
Type: A
DNSnosedaily.net
Type: A
DNSwelllose.net
Type: A
DNSnoselose.net
Type: A
DNSwellfull.net
Type: A
DNSnosefull.net
Type: A
DNSringblood.net
Type: A
DNSfavorblood.net
Type: A
DNSringdaily.net
Type: A
DNSfavordaily.net
Type: A
DNSringlose.net
Type: A
DNSfavorlose.net
Type: A
DNSringfull.net
Type: A
DNSfavorfull.net
Type: A
DNSsorryhold.net
Type: A
DNSfiftyhold.net
Type: A
DNSsorrysecond.net
Type: A
DNSfiftysecond.net
Type: A
DNSsorryocean.net
Type: A
DNSfiftyocean.net
Type: A
DNSsorryhave.net
Type: A
DNSfiftyhave.net
Type: A
DNStheirhold.net
Type: A
DNSlikrhold.net
Type: A
DNStheirsecond.net
Type: A
DNSlikrsecond.net
Type: A
DNStheirocean.net
Type: A
DNSlikrocean.net
Type: A
DNStheirhave.net
Type: A
DNSlikrhave.net
Type: A
DNSfearhold.net
Type: A
DNSwesthold.net
Type: A
DNSfearsecond.net
Type: A
DNSwestsecond.net
Type: A
DNSfearocean.net
Type: A
DNSfearhave.net
Type: A
DNSwesthave.net
Type: A
DNStablehold.net
Type: A
DNSleadhold.net
Type: A
DNStablesecond.net
Type: A
DNSleadsecond.net
Type: A
DNStableocean.net
Type: A
DNSleadocean.net
Type: A
DNStablehave.net
Type: A
DNSleadhave.net
Type: A
DNSpointhold.net
Type: A
DNScallhold.net
Type: A
DNSpointsecond.net
Type: A
DNScallsecond.net
Type: A
DNScallocean.net
Type: A
DNSpointhave.net
Type: A
DNScallhave.net
Type: A
DNSnonehold.net
Type: A
DNSliarhold.net
Type: A
DNSnonesecond.net
Type: A
DNSliarsecond.net
Type: A
HTTP GEThttp://stickmarch.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://tablefruit.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://leaddaily.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://leadfull.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://calldaily.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://pointfull.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://westocean.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://pointocean.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://stickmarch.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://tablefruit.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://leaddaily.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://leadfull.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://calldaily.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://pointfull.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://westocean.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
HTTP GEThttp://pointocean.net/forum/search.php?method=validate&mode=sox&v=020&sox=2e23ee00
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1037 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1039 ➝ 58.64.158.234:80
Flows TCP192.168.1.1:1040 ➝ 192.185.91.40:80
Flows TCP192.168.1.1:1041 ➝ 192.241.149.33:80
Flows TCP192.168.1.1:1042 ➝ 94.23.74.103:80
Flows TCP192.168.1.1:1043 ➝ 188.40.39.214:80
Flows TCP192.168.1.1:1044 ➝ 184.168.221.59:80
Flows TCP192.168.1.1:1045 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1046 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1047 ➝ 58.64.158.234:80
Flows TCP192.168.1.1:1048 ➝ 192.185.91.40:80
Flows TCP192.168.1.1:1049 ➝ 192.241.149.33:80
Flows TCP192.168.1.1:1050 ➝ 94.23.74.103:80
Flows TCP192.168.1.1:1051 ➝ 188.40.39.214:80
Flows TCP192.168.1.1:1052 ➝ 184.168.221.59:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c65 61646461 696c792e 6e65740d   : leaddaily.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c65 61646675 6c6c2e6e 65740d0a   : leadfull.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206361 6c6c6461 696c792e 6e65740d   : calldaily.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20706f 696e7466 756c6c2e 6e65740d   : pointfull.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207765 73746f63 65616e2e 6e65740d   : westocean.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20706f 696e746f 6365616e 2e6e6574   : pointocean.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c65 61646461 696c792e 6e65740d   : leaddaily.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c65 61646675 6c6c2e6e 65740d0a   : leadfull.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206361 6c6c6461 696c792e 6e65740d   : calldaily.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20706f 696e7466 756c6c2e 6e65740d   : pointfull.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207765 73746f63 65616e2e 6e65740d   : westocean.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303230 26736f78 3d326532 33656530   =020&sox=2e23ee0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20706f 696e746f 6365616e 2e6e6574   : pointocean.net
0x00000080 (00128)   0d0a0d0a                              ....


Strings
dll2
h2
1
1
exe
"
 
+
"1"
2dll1exe
S
-_
 
a
[
Z
[
Z
[
 0
 
  ---
ss
+%3D%3A%26A&
ejTblee3o
iSAellr.danCtFtspdeHereeotgcatl
O
nnKvidhtleeertC2
errtnaS
aelEeSvn
l
ECeaWe
.
.
h1
21212
 ' 
\
.
..
..
...
...
.......... .!"!#!.$%$0&$'$.
(
.
.
.
.
.
.
)*
)
+,+
-.-/01210/-3-
 
:
:
.
%+#.*fa
0e
%+#I64o
.,
 -CC
00-+ 
.
.
-e-
. 
 
-E-
-0
-0010+-0
0
-000-+ 
\
:\
:...
  00...........?- 
0
0
0
0
-
'.
j
m
9.
.
.
.
.
O..
u
`Ejj
                                 H
         (((((                  H
         h((((                  H
jjjh
jjjj
jjjjjj
KERNEL32.DLL
Ljjj
Mjjj
M(null)
mscoree.dll
                          
].	~+}
																		
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
$0;7)%
0A@@Ju
0SSSSS
0V	WB@v
0[.vWp
0WWWWW
11<"AJ.
1N276?
=1nm&K
1#QNAN
1S BUj*<E
1#SNAN
!1ucD\
1U)+ZL
`27~0M
[_3>	|
-30p-	
3I"eqR,W3S
3R\ujd
3Vl]1.
4s.AqL
5) De5
&<5\FC
5H\QX>
5I/<)8
<5Z}OE2
(6HN#V
~7?&8_K
8._,?{
88\3cU
8[h	0=-
8LlE9U>^
8t)nr;/C
8VVVVV
90s,I^
\9CAH|
9Gnk/^
9*N(^9
&9X>gu
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
'AdJOi
<ae\S'r
af%I V
AI%MXgQk~
america
american
american english
american-english
Amfd\F
a@n7v&2
An application has made an attempt to load the C runtime library incorrectly.
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUctype_base@std@@
August
australian
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$ctype@D@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
A}xX|><
aX>yfz
aZC^3T
bad allocation
bad cast
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
B!CY^l
BeginPaint
belgian
B*k4J[
B\(KOph
BPKU[%
]-bqPC
B(R]B`
britain
#/B%vE
B+yaxlly
CallWindowProcA
canadian
__cdecl
CheckDlgButton
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
cmd.exe
CompareStringA
CompareStringW
 Complete Object Locator'
COMSPEC
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CreateFileA
CreateProcessA
CreateThread
cRPtwY
- CRT not initialized
cUkE}^P
$CX<j9
d_.2sX
)D31O0/
d4TS~L
@.data
DaZlU!
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteFileA
deque<T> too long
D	F]sv
dl	\	K
\dM#7~
DOMAIN error
DrawTextA
dtES,4r
dutch-belgian
.DWLi~n
`dynamic atexit destructor for '
`dynamic initializer for '
,}E^<8&D
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
eKxZ32Tb
',e#lQl7
EnableWindow
EncodePointer
EndDialog
EndPaint
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
e_z|vF=[_7
F28c_<
__fastcall
February
f:\I b
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindResourceA
Fj$h<WM
FKz1<r
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
fM)3+m8
ForceRemove
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
FtEO#:
^F<-uB
G3N*kY.r4
g57uMC
({g	 A#
gA`-^G
GAIsProcessorFeaturePresent
GDI32.dll
gejU2X
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentObject
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCursor
GetDCPenColor
GetDeviceCaps
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileTime
GetFileType
GetFontLanguageInfo
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameA
GetGraphicsMode
GetInputState
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNearestColor
GetObjectType
GetOEMCP
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoA
GetStdHandle
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTextCharset
GetTextColor
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationA
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
#GgB[bm_
`gh@{~@
Gl^-#6
GlobalFlags
GlobalHandle
GlobalSize
great britain
Gr&fWQs
G/tRO.
`h````
h4Lr<k
Ha!;M?
{hC[of
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
H,eK ]
H"EUkv
H=Fl+s
`h`hhh
HH:mm:ss
HHtXHHt
HHtYHHt
holland
hong-kong
HU0r$|B9
~H{Z>FR
&<(i0w
I6\?PO"W
ICbfG]P
>If90t
&ih4Q}=
IMc@sj
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
ios_base::badbit set
ios_base::failbit set
irish-english
IsDebuggerPresent
IsO48p
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWindowEnabled
IsWindowUnicode
italian-swiss
iwo^\`o
ixJ#!%\
#IY]kL
<iza!D
i	`Z{E
j2h<VM
j4h|QL
j8hhbM
j8h(*L
jahPhM
JanFebMarAprMayJunJulAugSepOctNovDec
January
jbh0<L
jCF"^,
jDh`#L
j	h4(L
j"h4lL
j^h8bL
j.hdfL
j/hDGL
j	hDjL
j<hD=L
j&hD_L
j'hH!L
j,h`%L
j	h`^L
j	h<$L
j	h("L
j'hl$L
j	h`PL
j	h<qL
j	ht)L
j@j ^V
j`!%KG
jMhpcM
jo|q-wd!ty
j"^SSSSS
	%k3JMd0
k574p+u
?,-kCKg2
_KCSE8
KERNEL32
KERNEL32.dll
kKL\"eF
K#+LS?
ky/62a
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
LeaveCriticalSection
lEoHj~k
Lfn9'4
lgC3&/<4
'lLEg3O
 LLvB)
LoadIconA
LoadLibraryA
LoadResource
LocalAlloc
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
}l^`=q
L,REcE
l?Yj@{
LZ*V=?&
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxA
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
MoveFileA
MoveWindow
MRUNq`
mrWEeLR
m.S<^T-U
{MSxNp
MultiByteToWideChar
n+41GeN^
N5+2eFtX
nbfVaq
ne%fdvG_c
ne\'pd2M|
 new[]
new-zealand
=NF+'K
 N#MIx
No^}~8:N
NoRemove
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
<n+wgh
$Nz}K9
October
+Oi6!yG
O'>jhbj
OLEAUT32.dll
`omni callsig'
~o[p^%7b@
operator
%@oqb(t
O(rOj'
"oSrbY
|ouIl}
>ouqpg
;*>, p
P0(+jn6
__pascal
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
po"Mcn
portuguese-brazilian
PostMessageA
~pP^?|+
p#pB/ 
PPPPPPPP
pr china
pr-china
Program: 
<program name unknown>
__ptr64
'PttL*
puerto-rico
- pure virtual function call
pWg4udsmsa
	,`\~Q;
_q3G'6*x
Q?66ZWr
}qd%dj
!/^QgD
qk2%XD
q!|l	F
QQSVWd
QueryPerformanceCounter
_:-{R.
R7=T)T
RaiseException
`.rdata
}=r Dj
ReadFile
RemovePropA
__restrict
RtlUnwind
runtime error 
Runtime Error!
rw/x-t
S5pKz;8
Saturday
`scalar deleting destructor'
SendMessageA
September
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
SING error
SizeofResource
Skr0i5
slovak
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
$SU9+i
Sunday
SunMonTueWedThuFriSat
swedish-finland
	sy_Q(C
SystemRoot
<tBpE\D@D
	t#^cI@
tdhX$K
TerminateProcess
t=FA9]
tGHt.Ht&
>!TGY>>
(</t$h(8K
t=h(8K
t=h(BK
+t HHt
tHhX%K
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
tIj"[:
tj(49-~R
tjh($K
tKj$hhXL
< tK<	tG
TLKeCT
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
Tm\snJ
<\tM</tI
|?>@>Tn 
tNh,BK
tR99u2
t:\Rcp
trinidad & tobago
t"SS9]
tS;<y3d:
<+t(<-t$:
ttj$hhXL
t$<"u	3
Tuesday
;t$,v-
t VV9u
t+WWVPV
t=Yjc>G
 Type Descriptor'
`typeof'
>:u8FV
`udt returning'
u%h0BK
u&hx7K
uiVVZ1p
UmNyRj
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
united-kingdom
united-states
Unknown exception
UpdateColors
UQPXY]Y[
uqSSSSS
URPQQhH
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
uUj	h`PL
uVj	hPZL
u,VVWV
v]5a1s
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
Vem8*%dy
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
Vj@hP?K
vJVA@Ai}
v	N+D$
vP]!nF
_VVVVV
VVVVVQRSSj
$Vz]Fw
W,6kVU
WaitForSingleObject
Wednesday
wHh8%K
WideCharToMultiByte
WindowFromDC
wOT#!R
WpBnQ+a
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
~X;3yg
X{BImH
;xDdf+F
X	EHjN
Xf@1wKrn
^Xp	@^`
xppwpp
xpxxxx
xt_acs
<xtX<XtT
Xv(f_J
xzC\XU
Y?0vYTD
y7f0e&YKj
Yg"0v~
Y@ios_base::eofbit set
^ykygw
~ynPtp
>=Yt1j
Y<\u#j\V
z1Hf0Y>
zdL"/f~:
=zh{y[
:.`ZQ40-jB