Analysis Date | 2015-02-19 00:42:35 |
---|---|
MD5 | 2cf342bb680426ff2818ec32c3903e70 |
SHA1 | 51e76f40937596d0e6735c34cf4048d50a224b05 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 49477ecfe7c08196541505f515d50ac4 sha1: 787ee7abff23415ebec69699961fbe2749d24926 size: 975360 | |
Section | .rdata md5: e8dc88eaf7e6868852249c831404d414 sha1: 1b09a46305792cb62c86acf12739f078b604fe2e size: 31232 | |
Section | .data md5: 98ee1936389cc293baa6c71e0f93882e sha1: decbde2f500c1bc86e7c711cd8095d4729940393 size: 117248 | |
Timestamp | 2013-03-14 23:48:09 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | 09bc4ab527e43018e2077fb0c9e6aec12cdde8f3 | |
IMPhash | b462385af684faa7bc7aa26c628006da | |
AV | 360 Safe | no_virus |
AV | Ad-Aware | Gen:Variant.Kazy.164619 |
AV | Alwil (avast) | Downloader-TLD [Trj] |
AV | Arcabit (arcavir) | Gen:Variant.Kazy.164619 |
AV | Authentium | W32/Symmi.G.gen!Eldorado |
AV | Avira (antivir) | BDS/Zegost.Gen |
AV | BullGuard | Gen:Variant.Kazy.164619 |
AV | CA (E-Trust Ino) | no_virus |
AV | CAT (quickheal) | no_virus |
AV | ClamAV | no_virus |
AV | Dr. Web | no_virus |
AV | Emsisoft | Gen:Variant.Kazy.164619 |
AV | Eset (nod32) | Win32/Bayrob.N.Gen |
AV | Fortinet | W32/Bayrob.N!tr |
AV | Frisk (f-prot) | W32/Symmi.G.gen!Eldorado |
AV | F-Secure | Gen:Variant.Kazy.164619 |
AV | Grisoft (avg) | Generic_r.CDN |
AV | Ikarus | Trojan.Win32.Spy |
AV | K7 | Backdoor ( 04c540d41 ) |
AV | Kaspersky | Trojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.181830:Trojan.Win32.PEF.pf.silent.416452:Trojan.Win32.PEF.pf.silent.23712702:Trojan.Win32.VHO.silent.23486822 |
AV | MalwareBytes | Trojan.Agent |
AV | Mcafee | Error Scanning File |
AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.AE |
AV | MicroWorld (escan) | Gen:Variant.Kazy.164619 |
AV | Rising | no_virus |
AV | Sophos | Troj/Bayrob-E |
AV | Symantec | no_virus |
AV | Trend Micro | TSPY_NIVDORT.SM |
AV | VirusBlokAda (vba32) | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\WINDOWS\system32\hrjaojnhlwdz\tst |
---|---|
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\ikvaoi1v1lf9xh5hz1iyqq.exe |
Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\ikvaoi1v1lf9xh5hz1iyqq.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\ikvaoi1v1lf9xh5hz1iyqq.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\User Microsoft Device Backup ➝ C:\WINDOWS\system32\tpoieyane.exe |
---|---|
Creates File | C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\tpoieyane.exe |
Creates File | C:\WINDOWS\system32\drivers\etc\hosts |
Creates File | C:\WINDOWS\system32\hrjaojnhlwdz\tst |
Creates File | C:\WINDOWS\system32\tpoieyane.exe |
Creates File | C:\WINDOWS\system32\hrjaojnhlwdz\lck |
Creates File | C:\WINDOWS\system32\hrjaojnhlwdz\etc |
Deletes File | C:\WINDOWS\system32\\drivers\etc\hosts |
Creates Process | C:\WINDOWS\system32\tpoieyane.exe |
Creates Service | Assistant Volume Center Base ActiveX Counter - C:\WINDOWS\system32\tpoieyane.exe |
Process
↳ Pid 804
Process
↳ Pid 848
Process
↳ C:\WINDOWS\System32\svchost.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝ NULL |
---|---|
Creates File | PIPE\lsarpc |
Creates File | C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG |
Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
Process
↳ Pid 1108
Process
↳ Pid 1204
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
---|---|
Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Process
↳ Pid 1856
Process
↳ Pid 1128
Process
↳ C:\WINDOWS\system32\tpoieyane.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1 |
---|---|
Creates File | pipe\net\NtControlPipe10 |
Creates File | C:\WINDOWS\system32\jsqctjkunfji.exe |
Creates File | C:\WINDOWS\system32\hrjaojnhlwdz\tst |
Creates File | C:\WINDOWS\TEMP\ikvaoi1v1s77xh5h1.exe |
Creates File | C:\WINDOWS\system32\hrjaojnhlwdz\run |
Creates File | C:\WINDOWS\system32\hrjaojnhlwdz\rng |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\WINDOWS\system32\hrjaojnhlwdz\cfg |
Creates File | C:\WINDOWS\system32\hrjaojnhlwdz\lck |
Creates Process | WATCHDOGPROC "c:\windows\system32\tpoieyane.exe" |
Creates Process | C:\WINDOWS\TEMP\ikvaoi1v1s77xh5h1.exe -r 47150 tcp |
Process
↳ C:\WINDOWS\system32\tpoieyane.exe
Creates File | C:\WINDOWS\system32\hrjaojnhlwdz\tst |
---|
Process
↳ WATCHDOGPROC "c:\windows\system32\tpoieyane.exe"
Creates File | C:\WINDOWS\system32\hrjaojnhlwdz\tst |
---|
Process
↳ C:\WINDOWS\TEMP\ikvaoi1v1s77xh5h1.exe -r 47150 tcp
Creates File | \Device\Afd\Endpoint |
---|---|
Winsock DNS | 239.255.255.250 |
Network Details:
DNS | mojoguia.com Type: A 204.11.56.45 |
---|---|
DNS | villemojo.com Type: A 141.8.224.169 |
DNS | takestone.net Type: A 50.63.202.7 |
DNS | takeside.net Type: A 184.168.221.104 |
DNS | filltomorrow.net Type: A 208.91.197.27 |
DNS | verywide.net Type: A 50.63.202.62 |
DNS | yourchild.net Type: A 66.151.181.49 |
DNS | yourplace.net Type: A 91.194.151.163 |
DNS | viewabout.net Type: A 72.29.127.100 |
DNS | dominoclub-grup.com Type: A |
DNS | elementarimagine.com Type: A |
DNS | jarybuter.com Type: A |
DNS | mojositio.com Type: A |
DNS | aminastol.com Type: A |
DNS | waitthere.net Type: A |
DNS | takethere.net Type: A |
DNS | waitarms.net Type: A |
DNS | takearms.net Type: A |
DNS | waitstone.net Type: A |
DNS | waitside.net Type: A |
DNS | trieslower.net Type: A |
DNS | yourlower.net Type: A |
DNS | triestomorrow.net Type: A |
DNS | yourtomorrow.net Type: A |
DNS | trieswide.net Type: A |
DNS | yourwide.net Type: A |
DNS | trieskiss.net Type: A |
DNS | yourkiss.net Type: A |
DNS | lrstnlower.net Type: A |
DNS | viewlower.net Type: A |
DNS | lrstntomorrow.net Type: A |
DNS | viewtomorrow.net Type: A |
DNS | lrstnwide.net Type: A |
DNS | viewwide.net Type: A |
DNS | lrstnkiss.net Type: A |
DNS | viewkiss.net Type: A |
DNS | plantlower.net Type: A |
DNS | filllower.net Type: A |
DNS | planttomorrow.net Type: A |
DNS | plantwide.net Type: A |
DNS | fillwide.net Type: A |
DNS | plantkiss.net Type: A |
DNS | fillkiss.net Type: A |
DNS | senselower.net Type: A |
DNS | learnlower.net Type: A |
DNS | sensetomorrow.net Type: A |
DNS | learntomorrow.net Type: A |
DNS | sensewide.net Type: A |
DNS | learnwide.net Type: A |
DNS | sensekiss.net Type: A |
DNS | learnkiss.net Type: A |
DNS | torelower.net Type: A |
DNS | falllower.net Type: A |
DNS | toretomorrow.net Type: A |
DNS | falltomorrow.net Type: A |
DNS | torewide.net Type: A |
DNS | fallwide.net Type: A |
DNS | torekiss.net Type: A |
DNS | fallkiss.net Type: A |
DNS | weeklower.net Type: A |
DNS | verylower.net Type: A |
DNS | weektomorrow.net Type: A |
DNS | verytomorrow.net Type: A |
DNS | weekwide.net Type: A |
DNS | weekkiss.net Type: A |
DNS | verykiss.net Type: A |
DNS | piecelower.net Type: A |
DNS | muchlower.net Type: A |
DNS | piecetomorrow.net Type: A |
DNS | muchtomorrow.net Type: A |
DNS | piecewide.net Type: A |
DNS | muchwide.net Type: A |
DNS | piecekiss.net Type: A |
DNS | muchkiss.net Type: A |
DNS | waitlower.net Type: A |
DNS | takelower.net Type: A |
DNS | waittomorrow.net Type: A |
DNS | taketomorrow.net Type: A |
DNS | waitwide.net Type: A |
DNS | takewide.net Type: A |
DNS | waitkiss.net Type: A |
DNS | takekiss.net Type: A |
DNS | triesabout.net Type: A |
DNS | yourabout.net Type: A |
DNS | trieschild.net Type: A |
DNS | triesinto.net Type: A |
DNS | yourinto.net Type: A |
DNS | triesplace.net Type: A |
DNS | lrstnabout.net Type: A |
DNS | lrstnchild.net Type: A |
DNS | viewchild.net Type: A |
DNS | lrstninto.net Type: A |
HTTP GET | http://mojoguia.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://villemojo.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://takestone.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://takeside.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://filltomorrow.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://verywide.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://yourchild.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://yourplace.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://viewabout.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://mojoguia.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://villemojo.com/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://takestone.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://takeside.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://filltomorrow.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://verywide.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://yourchild.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://yourplace.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
HTTP GET | http://viewabout.net/forum/search.php?method=validate&mode=sox&v=004&sox=2c8c9800 User-Agent: |
Flows TCP | 192.168.1.1:1036 ➝ 204.11.56.45:80 |
Flows TCP | 192.168.1.1:1037 ➝ 141.8.224.169:80 |
Flows TCP | 192.168.1.1:1038 ➝ 50.63.202.7:80 |
Flows TCP | 192.168.1.1:1039 ➝ 184.168.221.104:80 |
Flows TCP | 192.168.1.1:1040 ➝ 208.91.197.27:80 |
Flows TCP | 192.168.1.1:1042 ➝ 50.63.202.62:80 |
Flows TCP | 192.168.1.1:1043 ➝ 66.151.181.49:80 |
Flows TCP | 192.168.1.1:1044 ➝ 91.194.151.163:80 |
Flows TCP | 192.168.1.1:1045 ➝ 72.29.127.100:80 |
Flows TCP | 192.168.1.1:1046 ➝ 204.11.56.45:80 |
Flows TCP | 192.168.1.1:1047 ➝ 141.8.224.169:80 |
Flows TCP | 192.168.1.1:1048 ➝ 50.63.202.7:80 |
Flows TCP | 192.168.1.1:1049 ➝ 184.168.221.104:80 |
Flows TCP | 192.168.1.1:1050 ➝ 208.91.197.27:80 |
Flows TCP | 192.168.1.1:1051 ➝ 50.63.202.62:80 |
Flows TCP | 192.168.1.1:1052 ➝ 66.151.181.49:80 |
Flows TCP | 192.168.1.1:1053 ➝ 91.194.151.163:80 |
Flows TCP | 192.168.1.1:1054 ➝ 72.29.127.100:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d6f 6a6f6775 69612e63 6f6d0d0a : mojoguia.com.. 0x00000080 (00128) 0d0a .. 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207669 6c6c656d 6f6a6f2e 636f6d0d : villemojo.com. 0x00000080 (00128) 0a0d0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 6b657374 6f6e652e 6e65740d : takestone.net. 0x00000080 (00128) 0a0d0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 6b657369 64652e6e 65740d0a : takeside.net.. 0x00000080 (00128) 0d0a0a ... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206669 6c6c746f 6d6f7272 6f772e6e : filltomorrow.n 0x00000080 (00128) 65740d0a 0d0a et.... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207665 72797769 64652e6e 65740d0a : verywide.net.. 0x00000080 (00128) 0d0a0d0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20796f 75726368 696c642e 6e65740d : yourchild.net. 0x00000080 (00128) 0a0d0a0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20796f 7572706c 6163652e 6e65740d : yourplace.net. 0x00000080 (00128) 0a0d0a0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207669 65776162 6f75742e 6e65740d : viewabout.net. 0x00000080 (00128) 0a0d0a0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206d6f 6a6f6775 69612e63 6f6d0d0a : mojoguia.com.. 0x00000080 (00128) 0d0a0a0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207669 6c6c656d 6f6a6f2e 636f6d0d : villemojo.com. 0x00000080 (00128) 0a0d0a0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 6b657374 6f6e652e 6e65740d : takestone.net. 0x00000080 (00128) 0a0d0a0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 6b657369 64652e6e 65740d0a : takeside.net.. 0x00000080 (00128) 0d0a0a0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206669 6c6c746f 6d6f7272 6f772e6e : filltomorrow.n 0x00000080 (00128) 65740d0a 0d0a et.... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207665 72797769 64652e6e 65740d0a : verywide.net.. 0x00000080 (00128) 0d0a0d0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20796f 75726368 696c642e 6e65740d : yourchild.net. 0x00000080 (00128) 0a0d0a0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20796f 7572706c 6163652e 6e65740d : yourplace.net. 0x00000080 (00128) 0a0d0a0a 0d0a ...... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303034 26736f78 3d326338 63393830 =004&sox=2c8c980 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207669 65776162 6f75742e 6e65740d : viewabout.net. 0x00000080 (00128) 0a0d0a0a 0d0a ......
Strings
" a . \ . ...............0... . ... .. . . !"!#$%&%$#!'! "H " dll2 h2 1 1 exe + bmp ' +%3D%3A%26A& "1" 2dll1exe . . . . . . . . . . . . . . . . ! " # $ % h1 21212 : : S . 0 --- ss [ Z [ Z [ - %+#.*fa 0e %+#I64o ., -CC . -e- . 00-+ . -E- -0 -0010+-0 0 -0 \ :\ :.. 00-+ . 00...........?- 0 0 0 0 - . ... *t.. +. .9 . .z .bu H ((((( H h(((( H jjjh jjjj jjjjh jjjjj KERNEL32.DLL mscoree.dll (null) !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0A@@Ju 0SSSSS 0WWWWW 1*-(ei 1#QNAN 1sH 9*[ 1#SNAN 1sPylm 2E/5;s|} {2KB#M )2`r}u6 2suy-H 2?V/GBP [3-{}$ >!-3ab 3*cZ+E 3vPt>]~ 3+|WEW 3Xs:o; {43a`9 "4dC;@r 4E <JA 4Tot:Q *4VGy0 5]ai{#E 5{D/G} +5Eo[uRNN 5-*FP#E 5ha<c; 5H]Mw=3F 5K&!KDC \5\.+M %66'^3E 6"&g~J 6PaBPY 7hxL3U 7R1~Um\ 7RyyV5= $7xb\K =.#8}^ =%* 8|' %8<}?3E 8GJB5: 8/ Tg: 8VVVVV 9 ,1+M ;93#dJREqy =-9@C[C 9&dNK/2 9f85v| <9{ hu a3P4Vg abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ !a~d9 AHHq[J Ah)'SNbv> Aip)<=c AlI'#U america american american english american-english %AMO1#E An application has made an attempt to load the C runtime library incorrectly. AQp__6 aS,nJi_ <at9<rt,<wt aTL#U& - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization .?AUctype_base@std@@ August australian .?AVbad_alloc@std@@ .?AVbad_cast@std@@ .?AVbad_exception@std@@ .?AV?$basic_ios@DU?$char_traits@D@std@@@std@@ .?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@ .?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ .?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@ .?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ .?AV?$ctype@D@std@@ .?AVexception@std@@ .?AVfacet@locale@std@@ .?AVfailure@ios_base@std@@ .?AVios_base@std@@ .?AV?$_Iosb@H@std@@ .?AVlength_error@std@@ .?AV_Locimp@locale@std@@ .?AVlogic_error@std@@ .?AV?$numpunct@D@std@@ .?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ a)vO!0"y .?AVout_of_range@std@@ .?AVruntime_error@std@@ .?AVtype_info@@ B4}eX "ba8~]q bad allocation bad cast bad exception Base Class Array' Base Class Descriptor at ( __based( _{bBHP BDVd!"h belgian /Bf7X$+ bfKCcH"B [bFv3M BgYA3E ]bmd^c <boj@qk $B:$~-+P @b+p w b=.qckq6 britain bsf%j6 Bvo[OE C^'+${ canadian &Cc8+D __cdecl \(>(<cdo ~cG23M chinese chinese-hongkong chinese-simplified chinese-singapore chinese-traditional CJZnXgo Class Hierarchy Descriptor' CloseHandle __clrcall cmd.exe CompareStringA CompareStringW Complete Object Locator' COMSPEC CONOUT$ `copy constructor closure' Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED. CorExitProcess C PjPV C$PjQV C.PjRV C/PjSV C*PjTV C+PjUV C,PjVV C-PjWV CreateEventA CreateFileA CreatePipe CreateProcessA CreateThread =crkMn - CRT not initialized Cx>JMj -cy/C+E D6kM3M :"~D8= @.data dddd, MMMM dd, yyyy d+dE+M December DecodePointer `default constructor closure' delete delete[] Delete DeleteCriticalSection deque<T> too long .D_$E>{s dH1u,o '=DHfj =/d{*I`> D|Lt-`ycJs} dO:\]JX DOMAIN error <d!p]W .)DqX'{ dr~A29 dutch-belgian )D!x!; `dynamic atexit destructor for ' `dynamic initializer for ' E(2]@j e+2P^m e]3,k[ eGumQ| `eh vector constructor iterator' `eh vector copy constructor iterator' `eh vector destructor iterator' `eh vector vbase constructor iterator' `eh vector vbase copy constructor iterator' eI~yr{ EncodePointer england english-american english-aus english-belize english-can english-caribbean english-ire english-jamaica english-nz english-south africa english-trinidad y tobago english-uk english-us english-usa EnterCriticalSection EnumSystemLocalesA ExitProcess __fastcall February !Fex9M4 FileTimeToLocalFileTime FileTimeToSystemTime FindClose FindFirstFileA [F>jqGv) }FK3?W - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue FlushFileBuffers ForceRemove FreeEnvironmentStringsA FreeEnvironmentStringsW FreeLibrary french-belgian french-canadian french-luxembourg french-swiss Friday ^F<-uB G2/V3E GAIsProcessorFeaturePresent G\~Bc[ german-austrian german-lichtenstein german-luxembourg german-swiss GetACP GetActiveWindow GetCommandLineA GetConsoleCP GetConsoleMode GetConsoleOutputCP GetCPInfo GetCurrentDirectoryA GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetDriveTypeA GetEnvironmentStrings GetEnvironmentStringsW GetExitCodeProcess GetFileAttributesA GetFileType GetFullPathNameA GetLastActivePopup GetLastError GetLocaleInfoA GetLocaleInfoW GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetOEMCP GetProcAddress GetProcessHeap GetProcessWindowStation GetStartupInfoA GetStdHandle GetStringTypeA GetStringTypeW GetSystemTimeAsFileTime GetTickCount GetTimeZoneInformation GetUserDefaultLCID GetUserObjectInformationA gf5%*e G)?;Je" &)glOP gN.hg@ GqnKT: great britain `h```` >h2ftP H5lvkX1R H7|]62> HA8}Zt4 HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSize HeuGJr hEZ,#M H||FT"!6e `h`hhh HH:mm:ss H|HQHk$(Mf HHtXHHt HHtYHHt holland hong-kong hrB(#M %<~.i; i6> ~G \i/bI- >If90t i.g4d+V _#I'%'m InitializeCriticalSection InitializeCriticalSectionAndSpinCount InterlockedDecrement InterlockedExchange InterlockedIncrement invalid map/set<T> iterator invalid string position ioa(Rq i=O"J[ ios_base::badbit set ios_base::eofbit set ios_base::failbit set irish-english IsDebuggerPresent IsValidCodePage IsValidLocale italian-swiss ],I*y" $J0`1pv -j1(u3 [j`7gI;+ j9J@5r, JanFebMarAprMayJunJulAugSepOctNovDec January J;?f+U ; :J.?H j,h0lO j,h@jO j hL0Q j hp!Q j@j ^V j'jw+U Jl3aML J\&MN,] &`J?pQ JqE6#U j"^SSSSS jTh0mO jThh.Q jT]:+U jXhxiO &[K1^~ K7Ol3M /$K\c" k_C.JA ,k":-dr KERNEL32 KERNEL32.dll =Kf5!u' ?KgqmG =K"Iw?a krK:ipAq KU9d+M KwfUBa `kzXra =,l,3M l$9__\ LC_ALL LC_COLLATE LC_CTYPE LCMapStringA LCMapStringW LC_MONETARY LC_NUMERIC LC_TIME LeaveCriticalSection lEY.6/ %LH8W3E L~jmIU l<l:11 :LN.5W,\qk LoadLibraryA LocalAlloc `local static guard' `local static thread guard' `local vftable' `local vftable constructor closure' LoMF#E *.lpA,68V6 l+pt=( M=='4] `managed vector constructor iterator' `managed vector copy constructor iterator' `managed vector destructor iterator' map/set<T> too long MessageBoxA mGC0 \ '"m)gXK )~=%mi Microsoft Visual C++ Runtime Library miFAew! MK.=$U MM/dd/yy Monday M-poXHd .*(mqX =>M<t} MultiByteToWideChar .@<mx% "M/X}! MyGQ!d` n4x'#U Na9%}1r new[] new-zealand nf2;;3N +Nf]3M nhd^%:C ;nm%G$dL{ n>nEu` NoRemove norwegian norwegian-bokmal norwegian-nynorsk Norwegian-Nynorsk - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November n ;p0J5i=` (null) [ O-&> o~?bq% October }o;K%xO OLEAUT32.dll `omni callsig' _o|&n\ O@NItI operator oQs&b.W{ } P/1u1T __pascal %'^?p#E p;<f3M pl?3d^ `placement delete closure' `placement delete[] closure' Please contact the application's support team for more information. portuguese-brazilian POv^vyBG` PPPPPPPP pr china pr-china Program: <program name unknown> psJ1\^ __ptr64 puerto-rico - pure virtual function call `q q1YA#U qb_g}p? q$C;;S =Q~d9|, "Q:Hi#^ QhNh#E QQSVWd qtE8Zg Q%TVMI QueryPerformanceCounter qZLne5N :R6@/VQ R9\G#M RaiseException `.rdata ReadFile __restrict !RHyI9 Richh! r"jXK8 \Rjy[= R|LC+E *-rLw> _Rm{3M r_&?ojO RtlUnwind ]{rTXAM <<=RU: runtime error Runtime Error! =+=Rzu Saturday sBrG1F `scalar deleting destructor' September SetEndOfFile SetEnvironmentVariableA SetEvent SetFilePointer SetHandleCount SetHandleInformation SetLastError SetStdHandle SetUnhandledExceptionFilter SING error slovak +:.s+M south africa south-africa south korea south-korea spanish-argentina spanish-bolivia spanish-chile spanish-colombia spanish-costa rica spanish-dominican republic spanish-ecuador spanish-el salvador spanish-guatemala spanish-honduras spanish-mexican spanish-modern spanish-nicaragua spanish-panama spanish-paraguay spanish-peru spanish-puerto rico spanish-uruguay spanish-venezuela Sqr=s89u s[S;7|G;w ^SSSSS __stdcall `string' string too long S=U,jEm> Sunday SunMonTueWedThuFriSat `SW=`8 swedish-finland SystemRoot @t0DR= "t0s#M @T8S}^ TerminateProcess t=FA9] tGHt.Ht& (</t$h( +t HHt This application has requested the Runtime to terminate it in an unusual way. __thiscall This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. Thursday |t>?i| tIj"[: < tK< tG TLOSS error TlsAlloc TlsFree TlsGetValue TlsSetValue <\tM</tI TnSaIC/5 to=T6Q tR99u2 trinidad & tobago t"SS9] <+t(<-t$: tT7L/# Tt<t#U t$<"u 3 Tuesday ;t$,v- ,tVmf< t VV9u tWfBc{ t+WWVPV $tX'u3`@ Type Descriptor' `typeof' >:u8FV u;&9+M +uaA$M u,bu]Fzmk `udt returning' U#jq3M |um`6x60rW Um(p*I - unable to initialize heap - unable to open console device __unaligned - unexpected heap error - unexpected multithread lock error Unh]'# UnhandledExceptionFilter UNICODE united-kingdom united-states Unknown exception uo%5X5 <]uO7L\ UoNwbZ %u+PU;E U- Q3M u}Qd#M UQPXY]Y[ uqSSSSS URPQQh4 USER32.DLL u[SSSP UTF-16LE u.VU~' u,VVWV =u]x0|7 uXR|z0a u'ZVQDw V1_ +U v$;5x6Q `vbase destructor' `vbtable' `vcall' [vC?J4 vd916] `vector constructor iterator' `vector copy constructor iterator' `vector deleting destructor' `vector destructor iterator' `vector vbase constructor iterator' `vector vbase copy constructor iterator' `vftable' VG- 3M VirtualAlloc `virtual displacement map' VirtualFree v N+D$ _VVVVV VVVVVQRSSj vW:2Y1 V|^wIJ ]V:&WJ WaitForSingleObject WalK#M WaqP=X WArm]|e Wednesday WFSw(" WideCharToMultiByte w.l{aH?B`c -w.@oKo Wq\y*3 WriteConsoleA WriteConsoleW WriteFile WS2_32.dll Ws>TMs {w =wb ^WWWWW x_24Oo9 xa9-pz xppwpp xpxxxx XrA);` Xt~SxJ <xtX<XtT x)xu;M yI^7yU ~Ykj)u >=Yt1j YT-@+M Y<\u#j\V zbUr~ln zCkMl{ ~zg<9p }-+Z+M ZsZo+U zt+~yU[ )ZWU;m