Analysis | #totalhash

Analysis Date	2015-02-19 00:42:35
MD5	2cf342bb680426ff2818ec32c3903e70
SHA1	51e76f40937596d0e6735c34cf4048d50a224b05

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 49477ecfe7c08196541505f515d50ac4 sha1: 787ee7abff23415ebec69699961fbe2749d24926 size: 975360
Section	.rdata md5: e8dc88eaf7e6868852249c831404d414 sha1: 1b09a46305792cb62c86acf12739f078b604fe2e size: 31232
Section	.data md5: 98ee1936389cc293baa6c71e0f93882e sha1: decbde2f500c1bc86e7c711cd8095d4729940393 size: 117248
Timestamp	2013-03-14 23:48:09
Packer	Microsoft Visual C++ ?.?
PEhash	09bc4ab527e43018e2077fb0c9e6aec12cdde8f3
IMPhash	b462385af684faa7bc7aa26c628006da
AV	360 Safe	no_virus
AV	Ad-Aware	Gen:Variant.Kazy.164619
AV	Alwil (avast)	Downloader-TLD [Trj]
AV	Arcabit (arcavir)	Gen:Variant.Kazy.164619
AV	Authentium	W32/Symmi.G.gen!Eldorado
AV	Avira (antivir)	BDS/Zegost.Gen
AV	BullGuard	Gen:Variant.Kazy.164619
AV	CA (E-Trust Ino)	no_virus
AV	CAT (quickheal)	no_virus
AV	ClamAV	no_virus
AV	Dr. Web	no_virus
AV	Emsisoft	Gen:Variant.Kazy.164619
AV	Eset (nod32)	Win32/Bayrob.N.Gen
AV	Fortinet	W32/Bayrob.N!tr
AV	Frisk (f-prot)	W32/Symmi.G.gen!Eldorado
AV	F-Secure	Gen:Variant.Kazy.164619
AV	Grisoft (avg)	Generic_r.CDN
AV	Ikarus	Trojan.Win32.Spy
AV	K7	Backdoor ( 04c540d41 )
AV	Kaspersky	Trojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.181830:Trojan.Win32.PEF.pf.silent.416452:Trojan.Win32.PEF.pf.silent.23712702:Trojan.Win32.VHO.silent.23486822
AV	MalwareBytes	Trojan.Agent
AV	Mcafee	Error Scanning File
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort.AE
AV	MicroWorld (escan)	Gen:Variant.Kazy.164619
AV	Rising	no_virus
AV	Sophos	Troj/Bayrob-E
AV	Symantec	no_virus
AV	Trend Micro	TSPY_NIVDORT.SM
AV	VirusBlokAda (vba32)	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\WINDOWS\system32\hrjaojnhlwdz\tst
Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\ikvaoi1v1lf9xh5hz1iyqq.exe
Creates Process	C:\Documents and Settings\Administrator\Local Settings\Temp\ikvaoi1v1lf9xh5hz1iyqq.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\ikvaoi1v1lf9xh5hz1iyqq.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\User Microsoft Device Backup ➝ C:\WINDOWS\system32\tpoieyane.exe
Creates File	C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\tpoieyane.exe
Creates File	C:\WINDOWS\system32\drivers\etc\hosts
Creates File	C:\WINDOWS\system32\hrjaojnhlwdz\tst
Creates File	C:\WINDOWS\system32\tpoieyane.exe
Creates File	C:\WINDOWS\system32\hrjaojnhlwdz\lck
Creates File	C:\WINDOWS\system32\hrjaojnhlwdz\etc
Deletes File	C:\WINDOWS\system32\\drivers\etc\hosts
Creates Process	C:\WINDOWS\system32\tpoieyane.exe
Creates Service	Assistant Volume Center Base ActiveX Counter - C:\WINDOWS\system32\tpoieyane.exe

Process
↳ Pid 804

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝ NULL
Creates File	PIPE\lsarpc
Creates File	C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates File	C:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1108

Process
↳ Pid 1204

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL
Registry	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7
Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL
Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1856

Process
↳ Pid 1128

Process
↳ C:\WINDOWS\system32\tpoieyane.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1
Creates File	pipe\net\NtControlPipe10
Creates File	C:\WINDOWS\system32\jsqctjkunfji.exe
Creates File	C:\WINDOWS\system32\hrjaojnhlwdz\tst
Creates File	C:\WINDOWS\TEMP\ikvaoi1v1s77xh5h1.exe
Creates File	C:\WINDOWS\system32\hrjaojnhlwdz\run
Creates File	C:\WINDOWS\system32\hrjaojnhlwdz\rng
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\hrjaojnhlwdz\cfg
Creates File	C:\WINDOWS\system32\hrjaojnhlwdz\lck
Creates Process	WATCHDOGPROC "c:\windows\system32\tpoieyane.exe"
Creates Process	C:\WINDOWS\TEMP\ikvaoi1v1s77xh5h1.exe -r 47150 tcp

Process
↳ C:\WINDOWS\system32\tpoieyane.exe

Creates File	C:\WINDOWS\system32\hrjaojnhlwdz\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\tpoieyane.exe"

Creates File	C:\WINDOWS\system32\hrjaojnhlwdz\tst

Process
↳ C:\WINDOWS\TEMP\ikvaoi1v1s77xh5h1.exe -r 47150 tcp

Creates File	\Device\Afd\Endpoint
Winsock DNS	239.255.255.250

Network Details:

DNS	mojoguia.com Type: A 204.11.56.45
DNS	villemojo.com Type: A 141.8.224.169
DNS	takestone.net Type: A 50.63.202.7
DNS	takeside.net Type: A 184.168.221.104
DNS	filltomorrow.net Type: A 208.91.197.27
DNS	verywide.net Type: A 50.63.202.62
DNS	yourchild.net Type: A 66.151.181.49
DNS	yourplace.net Type: A 91.194.151.163
DNS	viewabout.net Type: A 72.29.127.100
DNS	dominoclub-grup.com Type: A
DNS	elementarimagine.com Type: A
DNS	jarybuter.com Type: A
DNS	mojositio.com Type: A
DNS	aminastol.com Type: A
DNS	waitthere.net Type: A
DNS	takethere.net Type: A
DNS	waitarms.net Type: A
DNS	takearms.net Type: A
DNS	waitstone.net Type: A
DNS	waitside.net Type: A
DNS	trieslower.net Type: A
DNS	yourlower.net Type: A
DNS	triestomorrow.net Type: A
DNS	yourtomorrow.net Type: A
DNS	trieswide.net Type: A
DNS	yourwide.net Type: A
DNS	trieskiss.net Type: A
DNS	yourkiss.net Type: A
DNS	lrstnlower.net Type: A
DNS	viewlower.net Type: A
DNS	lrstntomorrow.net Type: A
DNS	viewtomorrow.net Type: A
DNS	lrstnwide.net Type: A
DNS	viewwide.net Type: A
DNS	lrstnkiss.net Type: A
DNS	viewkiss.net Type: A
DNS	plantlower.net Type: A
DNS	filllower.net Type: A
DNS	planttomorrow.net Type: A
DNS	plantwide.net Type: A
DNS	fillwide.net Type: A
DNS	plantkiss.net Type: A
DNS	fillkiss.net Type: A
DNS	senselower.net Type: A
DNS	learnlower.net Type: A
DNS	sensetomorrow.net Type: A
DNS	learntomorrow.net Type: A
DNS	sensewide.net Type: A
DNS	learnwide.net Type: A
DNS	sensekiss.net Type: A
DNS	learnkiss.net Type: A
DNS	torelower.net Type: A
DNS	falllower.net Type: A
DNS	toretomorrow.net Type: A
DNS	falltomorrow.net Type: A
DNS	torewide.net Type: A
DNS	fallwide.net Type: A
DNS	torekiss.net Type: A
DNS	fallkiss.net Type: A
DNS	weeklower.net Type: A
DNS	verylower.net Type: A
DNS	weektomorrow.net Type: A
DNS	verytomorrow.net Type: A
DNS	weekwide.net Type: A
DNS	weekkiss.net Type: A
DNS	verykiss.net Type: A
DNS	piecelower.net Type: A
DNS	muchlower.net Type: A
DNS	piecetomorrow.net Type: A
DNS	muchtomorrow.net Type: A
DNS	piecewide.net Type: A
DNS	muchwide.net Type: A
DNS	piecekiss.net Type: A
DNS	muchkiss.net Type: A
DNS	waitlower.net Type: A
DNS	takelower.net Type: A
DNS	waittomorrow.net Type: A
DNS	taketomorrow.net Type: A
DNS	waitwide.net Type: A
DNS	takewide.net Type: A
DNS	waitkiss.net Type: A
DNS	takekiss.net Type: A
DNS	triesabout.net Type: A
DNS	yourabout.net Type: A
DNS	trieschild.net Type: A
DNS	triesinto.net Type: A
DNS	yourinto.net Type: A
DNS	triesplace.net Type: A
DNS	lrstnabout.net Type: A
DNS	lrstnchild.net Type: A
DNS	viewchild.net Type: A
DNS	lrstninto.net Type: A
HTTP GET	http://mojoguia.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://villemojo.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://takestone.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://takeside.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://filltomorrow.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://verywide.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://yourchild.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://yourplace.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://viewabout.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://mojoguia.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://villemojo.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://takestone.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://takeside.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://filltomorrow.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://verywide.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://yourchild.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://yourplace.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
HTTP GET	http://viewabout.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent:
Flows TCP	192.168.1.1:1036 ➝ 204.11.56.45:80
Flows TCP	192.168.1.1:1037 ➝ 141.8.224.169:80
Flows TCP	192.168.1.1:1038 ➝ 50.63.202.7:80
Flows TCP	192.168.1.1:1039 ➝ 184.168.221.104:80
Flows TCP	192.168.1.1:1040 ➝ 208.91.197.27:80
Flows TCP	192.168.1.1:1042 ➝ 50.63.202.62:80
Flows TCP	192.168.1.1:1043 ➝ 66.151.181.49:80
Flows TCP	192.168.1.1:1044 ➝ 91.194.151.163:80
Flows TCP	192.168.1.1:1045 ➝ 72.29.127.100:80
Flows TCP	192.168.1.1:1046 ➝ 204.11.56.45:80
Flows TCP	192.168.1.1:1047 ➝ 141.8.224.169:80
Flows TCP	192.168.1.1:1048 ➝ 50.63.202.7:80
Flows TCP	192.168.1.1:1049 ➝ 184.168.221.104:80
Flows TCP	192.168.1.1:1050 ➝ 208.91.197.27:80
Flows TCP	192.168.1.1:1051 ➝ 50.63.202.62:80
Flows TCP	192.168.1.1:1052 ➝ 66.151.181.49:80
Flows TCP	192.168.1.1:1053 ➝ 91.194.151.163:80
Flows TCP	192.168.1.1:1054 ➝ 72.29.127.100:80

Raw Pcap

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 6a6f6775 69612e63 6f6d0d0a   : mojoguia.com..
0x00000080 (00128)   0d0a                                  ..

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207669 6c6c656d 6f6a6f2e 636f6d0d   : villemojo.com.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b657374 6f6e652e 6e65740d   : takestone.net.
0x00000080 (00128)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b657369 64652e6e 65740d0a   : takeside.net..
0x00000080 (00128)   0d0a0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206669 6c6c746f 6d6f7272 6f772e6e   : filltomorrow.n
0x00000080 (00128)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207665 72797769 64652e6e 65740d0a   : verywide.net..
0x00000080 (00128)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20796f 75726368 696c642e 6e65740d   : yourchild.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20796f 7572706c 6163652e 6e65740d   : yourplace.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207669 65776162 6f75742e 6e65740d   : viewabout.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d6f 6a6f6775 69612e63 6f6d0d0a   : mojoguia.com..
0x00000080 (00128)   0d0a0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207669 6c6c656d 6f6a6f2e 636f6d0d   : villemojo.com.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b657374 6f6e652e 6e65740d   : takestone.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 6b657369 64652e6e 65740d0a   : takeside.net..
0x00000080 (00128)   0d0a0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206669 6c6c746f 6d6f7272 6f772e6e   : filltomorrow.n
0x00000080 (00128)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207665 72797769 64652e6e 65740d0a   : verywide.net..
0x00000080 (00128)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20796f 75726368 696c642e 6e65740d   : yourchild.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20796f 7572706c 6163652e 6e65740d   : yourplace.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303034 26736f78 3d326338 63393830   =004&sox=2c8c980
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207669 65776162 6f75742e 6e65740d   : viewabout.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

Strings

"
 
a
.
\
.
...............0...
.
...
..
. .
!"!#$%&%$#!'!
"H
"
dll2
h2
1
1
exe
 
+
bmp
 
 ' 
+%3D%3A%26A&
"1"
2dll1exe
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
 
!
"
#
$
%
h1
21212
:
:
 
S
.
 0
  ---
ss
[
Z
[
Z
[
-
%+#.*fa
0e
%+#I64o
.,
 -CC
.
-e-
. 
00-+  
.
-E-
-0
-0010+-0
0
-0
\
:\
:..
  00-+ 
.
00...........?- 
0
0
0
0
-
.
...
*t..
+.
.9
.
.z
.bu
                                 H
         (((((                  H
         h((((                  H
jjjh
jjjj
jjjjh
jjjjj
KERNEL32.DLL
mscoree.dll
(null)
                          
																		
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0SSSSS
0WWWWW
1*-(ei
1#QNAN
1sH	9*[
1#SNAN
1sPylm
2E/5;s|}
{2KB#M
)2`r}u6
2suy-H
2?V/GBP
[3-{}$
>!-3ab
3*cZ+E
3vPt>]~
3+|WEW
3Xs:o;
{43a`9
"4dC;@r
4E	<JA
4Tot:Q
*4VGy0
5]ai{#E
5{D/G}
+5Eo[uRNN
5-*FP#E
5ha<c;
5H]Mw=3F
5K&!KDC
\5\.+M
%66'^3E
6"&g~J
6PaBPY
7hxL3U
7R1~Um\
7RyyV5=
$7xb\K
=.#8}^
=%* 8|'
%8<}?3E
8GJB5:
8/	Tg:
8VVVVV
9 ,1+M
;93#dJREqy
=-9@C[C
9&dNK/2
9f85v|
<9{	hu
a3P4Vg
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
 !a~d9
AHHq[J
Ah)'SNbv>
Aip)<=c
AlI'#U
america
american
american english
american-english
%AMO1#E
An application has made an attempt to load the C runtime library incorrectly.
AQp__6
aS,nJi_
<at9<rt,<wt
aTL#U&
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUctype_base@std@@
August
australian
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$ctype@D@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
a)vO!0"y
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
B4}eX 
"ba8~]q
bad allocation
bad cast
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
_{bBHP
BDVd!"h
belgian
/Bf7X$+
bfKCcH"B
[bFv3M
BgYA3E
]bmd^c
<boj@qk
$B:$~-+P
@b+p w
b=.qckq6
britain
bsf%j6
Bvo[OE
C^'+${
canadian
&Cc8+D
__cdecl
\(>(<cdo
~cG23M
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
CJZnXgo
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
cmd.exe
CompareStringA
CompareStringW
 Complete Object Locator'
COMSPEC
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CreateEventA
CreateFileA
CreatePipe
CreateProcessA
CreateThread
=crkMn
- CRT not initialized
Cx>JMj
-cy/C+E
D6kM3M
:"~D8=
@.data
dddd, MMMM dd, yyyy
d+dE+M
December
DecodePointer
`default constructor closure'
 delete
 delete[]
Delete
DeleteCriticalSection
deque<T> too long
.D_$E>{s
dH1u,o
'=DHfj
=/d{*I`>
D|Lt-`ycJs}
dO:\]JX
DOMAIN error
<d!p]W
.)DqX'{
dr~A29
dutch-belgian
)D!x!;
`dynamic atexit destructor for '
`dynamic initializer for '
E(2]@j
e+2P^m
e]3,k[
eGumQ|
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
eI~yr{
EncodePointer
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
__fastcall
February
!Fex9M4
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
[F>jqGv)
}FK3?W
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
^F<-uB
G2/V3E
GAIsProcessorFeaturePresent
G\~Bc[
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationA
gf5%*e
G)?;Je"
&)glOP
gN.hg@
GqnKT:
great britain
`h````
>h2ftP
H5lvkX1R
H7|]62>
HA8}Zt4	
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
HeuGJr
hEZ,#M
H||FT"!6e
`h`hhh
HH:mm:ss
H|HQHk$(Mf
HHtXHHt
HHtYHHt
holland
hong-kong
hrB(#M
%<~.i;
i6> ~G
\i/bI-
>If90t
i.g4d+V
_#I'%'m
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
ioa(Rq
i=O"J[
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
irish-english
IsDebuggerPresent
IsValidCodePage
IsValidLocale
italian-swiss
],I*y"
$J0`1pv
-j1(u3
[j`7gI;+
j9J@5r,
JanFebMarAprMayJunJulAugSepOctNovDec
January
J;?f+U
; :J.?H
j,h0lO
j,h@jO
j	hL0Q
j	hp!Q
j@j ^V
j'jw+U
Jl3aML
J\&MN,]
&`J?pQ
JqE6#U
j"^SSSSS
jTh0mO
jThh.Q
jT]:+U
jXhxiO
&[K1^~
K7Ol3M
/$K\c"
k_C.JA
,k":-dr
KERNEL32
KERNEL32.dll
=Kf5!u'
?KgqmG
=K"Iw?a
krK:ipAq
KU9d+M
KwfUBa
`kzXra
=,l,3M
l$9__\
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
LeaveCriticalSection
lEY.6/
%LH8W3E
L~jmIU
l<l:11
:LN.5W,\qk
LoadLibraryA
LocalAlloc
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LoMF#E
*.lpA,68V6
l+pt=(
M=='4]
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxA
mGC0 \
'"m)gXK
)~=%mi
Microsoft Visual C++ Runtime Library
miFAew!
MK.=$U
MM/dd/yy
Monday
M-poXHd
.*(mqX
	=>M<t}
MultiByteToWideChar
.@<mx%
"M/X}!
MyGQ!d`
n4x'#U
Na9%}1r
 new[]
new-zealand
nf2;;3N
+Nf]3M
nhd^%:C
;nm%G$dL{
n>nEu`
NoRemove
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
n	;p0J5i=`
(null)
[ O-&>
o~?bq%
October
}o;K%xO
OLEAUT32.dll
`omni callsig'
_o|&n\
O@NItI
operator
oQs&b.W{ }
P/1u1T
__pascal
%'^?p#E
p;<f3M
pl?3d^
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
portuguese-brazilian
POv^vyBG`
PPPPPPPP
pr china
pr-china
Program: 
<program name unknown>
psJ1\^
__ptr64
puerto-rico
- pure virtual function call
`q    
q1YA#U
qb_g}p?
q$C;;S
=Q~d9|,
"Q:Hi#^
QhNh#E
QQSVWd
qtE8Zg
Q%TVMI
QueryPerformanceCounter
qZLne5N
:R6@/VQ
R9\G#M
RaiseException
`.rdata
ReadFile
__restrict
!RHyI9
Richh!
r"jXK8
\Rjy[=
R|LC+E
*-rLw>
_Rm{3M
r_&?ojO
RtlUnwind
]{rTXAM
<<=RU:
runtime error 
Runtime Error!
=+=Rzu
Saturday
sBrG1F
`scalar deleting destructor'
September
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFilePointer
SetHandleCount
SetHandleInformation
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SING error
slovak
+:.s+M
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
Sqr=s89u
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
S=U,jEm>
Sunday
SunMonTueWedThuFriSat
`SW=`8
swedish-finland
SystemRoot
@t0DR=
"t0s#M
@T8S}^
TerminateProcess
t=FA9]
tGHt.Ht&
(</t$h(
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
|t>?i|
tIj"[:
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
TnSaIC/5
to=T6Q
tR99u2
trinidad & tobago
t"SS9]
<+t(<-t$:
tT7L/#
Tt<t#U
t$<"u	3
Tuesday
;t$,v-
,tVmf<
t VV9u
tWfBc{
t+WWVPV
$tX'u3`@
 Type Descriptor'
`typeof'
>:u8FV
u;&9+M
+uaA$M
u,bu]Fzmk
`udt returning'
U#jq3M
|um`6x60rW
Um(p*I
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
Unh]'#
UnhandledExceptionFilter
UNICODE
united-kingdom
united-states
Unknown exception
uo%5X5
<]uO7L\
UoNwbZ
%u+PU;E
U- Q3M
u}Qd#M
UQPXY]Y[
uqSSSSS
URPQQh4
USER32.DLL
u[SSSP
UTF-16LE
u.VU~'
u,VVWV
=u]x0|7
uXR|z0a
u'ZVQDw
V1_	+U
v$;5x6Q
`vbase destructor'
`vbtable'
`vcall'
[vC?J4
vd916]
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VG-	3M
VirtualAlloc
`virtual displacement map'
VirtualFree
v	N+D$
_VVVVV
VVVVVQRSSj
vW:2Y1
V|^wIJ
]V:&WJ
WaitForSingleObject
WalK#M
WaqP=X
WArm]|e
Wednesday
WFSw("
WideCharToMultiByte
w.l{aH?B`c
-w.@oKo
Wq\y*3
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
Ws>TMs
{w	=wb
^WWWWW
x_24Oo9
xa9-pz
xppwpp
xpxxxx
XrA);`
Xt~SxJ
<xtX<XtT
x)xu;M
yI^7yU
~Ykj)u
>=Yt1j
YT-@+M
Y<\u#j\V
zbUr~ln
zCkMl{
~zg<9p
}-+Z+M
ZsZo+U
zt+~yU[
)ZWU;m