Analysis Date2015-11-30 14:55:19
MD5bc87b6fc0fecac1609cb4dc10a3a0bcb
SHA15836e6d20e93230cd59c78989840b516740f8bec

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: ad6f18c3c512a40deb0c99787384792d sha1: f17bb404fdce9ed3cd369d37e76daad2813bca74 size: 307712
Section.rdata md5: 467dd3e569f38c48db4170897e31262f sha1: 2b4991c76050abafbcebd48d5acec513e9286628 size: 40960
Section.data md5: bc642aeed0ccb8e73947239de494fd3e sha1: 8b0e0076d00a3980cb745c7769b8610d3576625f size: 7168
Timestamp2015-11-23 02:53:16
PackerMicrosoft Visual C++ ?.?
PEhash29c6cbe6d62861a22d84cdbea7a1fa365a371cbb
IMPhashf203ddb0e3247e24877df34b96b4b640
AVAd-Aware Command-LineTrojan.GenericKD.2894384
AVArcaVir AntivirusTrojan.GenericKD.2894384
AVAvast! AntivirusMalware-gen:Win32:Malware-gen
AVAVG AntiVirusDropper.Generic_r.EC
AVAvira AntivirusTR/Crypt.ZPACK.217560
AVBitdefender Command-LineTrojan.GenericKD.2894384
AVBullGuard AntivirusTrojan.GenericKD.2894384
AVClamWin AntivirusNo Virus
AVCommand Anti-MalwareW32/Kazy.EW.gen!Eldorado:Security risk
AVDr. Web Anti-virusNo Virus
AVEmsisoft Command-Line ScannerTrojan.GenericKD.2894384
AVeScan Anti-VirusNo Virus
AVESET NOD32 AntivirusWin32/Bayrob.AD
AVFortinet Command-Line ScannerW32/Bayrob.AD!tr
AVF-PROT AntivirusNo Virus
AVF-Secure Anti-VirusTrojan.GenericKD.2894384
AVIkarus Command-Line ScannerNo Virus
AVK7 Anti-VirusTrojan ( 004d79c41 )
AVKaspersky Anti-VirusTrojan.Win32.Tinba.zbg
AVMalwareBytes Anti-MalwareTrojan.Bayrob
AVMcAfee Command-Line ScannerBackDoor-FCYZ!BC87B6FC0FEC
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.CE:Trojan
AVPadvish AntivirusNo Virus
AVQuick Heal AntiVirusNo Virus
AVRising Command-Line ScannerNo Virus
AVSymantec Command-Line ScannerNo Virus
AVTotal Defense Internet Security SuiteNo Virus
AVTrend Micro System CleanerNo Virus
AVTwister AntivirusNo Virus
AVVirusBlokAda Console ScannerNo Virus
AVZillya! AntivirusNo Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\yhtjkkyrwlyz\sdkgym
Creates FileC:\yhtjkkyrwlyz\sdkgym
Creates FileC:\yhtjkkyrwlyz\laokxfpgvx41qvq.exe
Deletes FileC:\WINDOWS\yhtjkkyrwlyz\sdkgym
Creates ProcessC:\yhtjkkyrwlyz\laokxfpgvx41qvq.exe

Process
↳ C:\yhtjkkyrwlyz\laokxfpgvx41qvq.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Interface Connections Mapper Bluetooth ➝
C:\yhtjkkyrwlyz\zsajsvao.exe
Creates FileC:\WINDOWS\yhtjkkyrwlyz\sdkgym
Creates FileC:\yhtjkkyrwlyz\v6jxkxu
Creates FileC:\yhtjkkyrwlyz\sdkgym
Creates FileC:\yhtjkkyrwlyz\zsajsvao.exe
Creates FilePIPE\lsarpc
Deletes FileC:\WINDOWS\yhtjkkyrwlyz\sdkgym
Creates ProcessC:\yhtjkkyrwlyz\zsajsvao.exe
Creates ServiceIPsec Process SNMP Visual RPC Problem - C:\yhtjkkyrwlyz\zsajsvao.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 808

Process
↳ Pid 856

Process
↳ Pid 1024

Process
↳ Pid 1212

Process
↳ Pid 1316

Process
↳ Pid 1856

Process
↳ Pid 1648

Process
↳ C:\yhtjkkyrwlyz\zsajsvao.exe

Creates FileC:\yhtjkkyrwlyz\vacyyek.exe
Creates Filepipe\net\NtControlPipe10
Creates FileC:\yhtjkkyrwlyz\casbyfn
Creates FileC:\WINDOWS\yhtjkkyrwlyz\sdkgym
Creates FileC:\yhtjkkyrwlyz\v6jxkxu
Creates FileC:\yhtjkkyrwlyz\sdkgym
Creates File\Device\Afd\Endpoint
Deletes FileC:\WINDOWS\yhtjkkyrwlyz\sdkgym
Creates Processoeizofxyltoh "c:\yhtjkkyrwlyz\zsajsvao.exe"

Process
↳ C:\yhtjkkyrwlyz\zsajsvao.exe

Creates FileC:\WINDOWS\yhtjkkyrwlyz\sdkgym
Creates FileC:\yhtjkkyrwlyz\sdkgym
Deletes FileC:\WINDOWS\yhtjkkyrwlyz\sdkgym

Process
↳ oeizofxyltoh "c:\yhtjkkyrwlyz\zsajsvao.exe"

Creates FileC:\WINDOWS\yhtjkkyrwlyz\sdkgym
Creates FileC:\yhtjkkyrwlyz\sdkgym
Deletes FileC:\WINDOWS\yhtjkkyrwlyz\sdkgym

Network Details:

DNSchiefbuilt.net
Type: A
195.22.28.196
DNSchiefbuilt.net
Type: A
195.22.28.199
DNSchiefbuilt.net
Type: A
195.22.28.198
DNSchiefbuilt.net
Type: A
195.22.28.197
DNStwelvebuilt.net
Type: A
98.139.135.129
DNStwelvecarry.net
Type: A
208.91.197.241
DNSmorningapple.net
Type: A
222.122.84.70
DNSstrangeapple.net
Type: A
82.165.25.210
DNSweatherfather.net
Type: A
208.100.26.234
DNSweatherbuilt.net
Type: A
203.27.227.220
DNSthickapple.net
Type: A
95.211.230.75
DNSpresentmeasure.net
Type: A
95.211.230.75
DNScollegemeasure.net
Type: A
184.168.221.31
DNSmelbourneit.hotkeysparking.com
Type: A
8.5.1.16
DNScollegecircle.net
Type: A
50.63.202.52
DNSsk129.webcname.net
Type: A
182.18.22.158
DNSpresentalways.net
Type: A
208.100.26.234
DNSthinkforest.net
Type: A
59.8.236.130
DNSmelbourneit.hotkeysparking.com
Type: A
8.5.1.16
DNShistoryforest.net
Type: A
184.168.221.75
DNScollegebuilt.net
Type: A
DNSchiefcarry.net
Type: A
DNScollegecarry.net
Type: A
DNSoftenfather.net
Type: A
DNSalonefather.net
Type: A
DNSoftenapple.net
Type: A
DNSaloneapple.net
Type: A
DNSoftenbuilt.net
Type: A
DNSalonebuilt.net
Type: A
DNSoftencarry.net
Type: A
DNSalonecarry.net
Type: A
DNSmiddlefather.net
Type: A
DNStwelvefather.net
Type: A
DNSmiddleapple.net
Type: A
DNStwelveapple.net
Type: A
DNSmiddlebuilt.net
Type: A
DNSmiddlecarry.net
Type: A
DNSratherfather.net
Type: A
DNSmorningfather.net
Type: A
DNSratherapple.net
Type: A
DNSratherbuilt.net
Type: A
DNSmorningbuilt.net
Type: A
DNSrathercarry.net
Type: A
DNSmorningcarry.net
Type: A
DNSstrangefather.net
Type: A
DNShistoryfather.net
Type: A
DNShistoryapple.net
Type: A
DNSstrangebuilt.net
Type: A
DNShistorybuilt.net
Type: A
DNSstrangecarry.net
Type: A
DNShistorycarry.net
Type: A
DNSamountfather.net
Type: A
DNSamountapple.net
Type: A
DNSweatherapple.net
Type: A
DNSamountbuilt.net
Type: A
DNSamountcarry.net
Type: A
DNSweathercarry.net
Type: A
DNSthickfather.net
Type: A
DNSclassfather.net
Type: A
DNSclassapple.net
Type: A
DNSthickbuilt.net
Type: A
DNSclassbuilt.net
Type: A
DNSthickcarry.net
Type: A
DNSclasscarry.net
Type: A
DNSthinkmeasure.net
Type: A
DNSthinkdinner.net
Type: A
DNSpresentdinner.net
Type: A
DNSthinkafraid.net
Type: A
DNSpresentafraid.net
Type: A
DNSthinkcircle.net
Type: A
DNSpresentcircle.net
Type: A
DNSchiefmeasure.net
Type: A
DNSchiefdinner.net
Type: A
DNScollegedinner.net
Type: A
DNSchiefafraid.net
Type: A
DNScollegeafraid.net
Type: A
DNSchiefcircle.net
Type: A
DNSoftenmeasure.net
Type: A
DNSalonemeasure.net
Type: A
DNSoftendinner.net
Type: A
DNSalonedinner.net
Type: A
DNSoftenafraid.net
Type: A
DNSaloneafraid.net
Type: A
DNSoftencircle.net
Type: A
DNSalonecircle.net
Type: A
DNSmiddlemeasure.net
Type: A
DNStwelvemeasure.net
Type: A
DNSmiddledinner.net
Type: A
DNStwelvedinner.net
Type: A
DNSmiddleafraid.net
Type: A
DNStwelveafraid.net
Type: A
DNSmiddlecircle.net
Type: A
DNStwelvecircle.net
Type: A
DNSrathermeasure.net
Type: A
DNSmorningmeasure.net
Type: A
DNSratherdinner.net
Type: A
DNSmorningdinner.net
Type: A
DNSratherafraid.net
Type: A
DNSmorningafraid.net
Type: A
DNSrathercircle.net
Type: A
DNSmorningcircle.net
Type: A
DNSstrangemeasure.net
Type: A
DNShistorymeasure.net
Type: A
DNSstrangedinner.net
Type: A
DNShistorydinner.net
Type: A
DNSstrangeafraid.net
Type: A
DNShistoryafraid.net
Type: A
DNSstrangecircle.net
Type: A
DNShistorycircle.net
Type: A
DNSamountmeasure.net
Type: A
DNSweathermeasure.net
Type: A
DNSamountdinner.net
Type: A
DNSweatherdinner.net
Type: A
DNSamountafraid.net
Type: A
DNSweatherafraid.net
Type: A
DNSamountcircle.net
Type: A
DNSweathercircle.net
Type: A
DNSthickmeasure.net
Type: A
DNSclassmeasure.net
Type: A
DNSthickdinner.net
Type: A
DNSclassdinner.net
Type: A
DNSthickafraid.net
Type: A
DNSclassafraid.net
Type: A
DNSthickcircle.net
Type: A
DNSclasscircle.net
Type: A
DNSthinkwheat.net
Type: A
DNSpresentwheat.net
Type: A
DNSthinkanger.net
Type: A
DNSpresentanger.net
Type: A
DNSthinkalways.net
Type: A
DNSpresentforest.net
Type: A
DNSchiefwheat.net
Type: A
DNScollegewheat.net
Type: A
DNSchiefanger.net
Type: A
DNScollegeanger.net
Type: A
DNSchiefalways.net
Type: A
DNScollegealways.net
Type: A
DNSchiefforest.net
Type: A
DNScollegeforest.net
Type: A
DNSoftenwheat.net
Type: A
DNSalonewheat.net
Type: A
DNSoftenanger.net
Type: A
DNSaloneanger.net
Type: A
DNSoftenalways.net
Type: A
DNSalonealways.net
Type: A
DNSoftenforest.net
Type: A
DNSaloneforest.net
Type: A
DNSmiddlewheat.net
Type: A
DNStwelvewheat.net
Type: A
DNSmiddleanger.net
Type: A
DNStwelveanger.net
Type: A
DNSmiddlealways.net
Type: A
DNStwelvealways.net
Type: A
DNSmiddleforest.net
Type: A
DNStwelveforest.net
Type: A
DNSratherwheat.net
Type: A
DNSmorningwheat.net
Type: A
DNSratheranger.net
Type: A
DNSmorninganger.net
Type: A
DNSratheralways.net
Type: A
DNSmorningalways.net
Type: A
DNSratherforest.net
Type: A
DNSmorningforest.net
Type: A
DNSstrangewheat.net
Type: A
DNShistorywheat.net
Type: A
DNSstrangeanger.net
Type: A
DNShistoryanger.net
Type: A
DNSstrangealways.net
Type: A
DNShistoryalways.net
Type: A
DNSstrangeforest.net
Type: A
DNSamountwheat.net
Type: A
DNSweatherwheat.net
Type: A
DNSamountanger.net
Type: A
DNSweatheranger.net
Type: A
DNSamountalways.net
Type: A
DNSweatheralways.net
Type: A
HTTP GEThttp://chiefbuilt.net/index.php
User-Agent:
HTTP GEThttp://twelvebuilt.net/index.php
User-Agent:
HTTP GEThttp://twelvecarry.net/index.php
User-Agent:
HTTP GEThttp://morningapple.net/index.php
User-Agent:
HTTP GEThttp://strangeapple.net/index.php
User-Agent:
HTTP GEThttp://weatherfather.net/index.php
User-Agent:
HTTP GEThttp://weatherbuilt.net/index.php
User-Agent:
HTTP GEThttp://thickapple.net/index.php
User-Agent:
HTTP GEThttp://presentmeasure.net/index.php
User-Agent:
HTTP GEThttp://collegemeasure.net/index.php
User-Agent:
HTTP GEThttp://collegeafraid.net/index.php
User-Agent:
HTTP GEThttp://collegecircle.net/index.php
User-Agent:
HTTP GEThttp://thinkalways.net/index.php
User-Agent:
HTTP GEThttp://presentalways.net/index.php
User-Agent:
HTTP GEThttp://thinkforest.net/index.php
User-Agent:
HTTP GEThttp://morningwheat.net/index.php
User-Agent:
HTTP GEThttp://historyforest.net/index.php
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 195.22.28.196:80
Flows TCP192.168.1.1:1032 ➝ 98.139.135.129:80
Flows TCP192.168.1.1:1033 ➝ 208.91.197.241:80
Flows TCP192.168.1.1:1034 ➝ 222.122.84.70:80
Flows TCP192.168.1.1:1035 ➝ 82.165.25.210:80
Flows TCP192.168.1.1:1036 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1037 ➝ 203.27.227.220:80
Flows TCP192.168.1.1:1038 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1039 ➝ 95.211.230.75:80
Flows TCP192.168.1.1:1040 ➝ 184.168.221.31:80
Flows TCP192.168.1.1:1041 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1042 ➝ 50.63.202.52:80
Flows TCP192.168.1.1:1043 ➝ 182.18.22.158:80
Flows TCP192.168.1.1:1044 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1045 ➝ 59.8.236.130:80
Flows TCP192.168.1.1:1046 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1047 ➝ 184.168.221.75:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   68696566 6275696c 742e6e65 740d0a0d   hiefbuilt.net...
0x00000050 (00080)   0a                                    .

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   77656c76 65627569 6c742e6e 65740d0a   welvebuilt.net..
0x00000050 (00080)   0d0a                                  ..

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   77656c76 65636172 72792e6e 65740d0a   welvecarry.net..
0x00000050 (00080)   0d0a                                  ..

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   6f726e69 6e676170 706c652e 6e65740d   orningapple.net.
0x00000050 (00080)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   7472616e 67656170 706c652e 6e65740d   trangeapple.net.
0x00000050 (00080)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   65617468 65726661 74686572 2e6e6574   eatherfather.net
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   65617468 65726275 696c742e 6e65740d   eatherbuilt.net.
0x00000050 (00080)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   6869636b 6170706c 652e6e65 740d0a0d   hickapple.net...
0x00000050 (00080)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657365 6e746d65 61737572 652e6e65   resentmeasure.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 67656d65 61737572 652e6e65   ollegemeasure.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 67656166 72616964 2e6e6574   ollegeafraid.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 67656369 72636c65 2e6e6574   ollegecircle.net
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   68696e6b 616c7761 79732e6e 65740d0a   hinkalways.net..
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657365 6e74616c 77617973 2e6e6574   resentalways.net
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   68696e6b 666f7265 73742e6e 65740d0a   hinkforest.net..
0x00000050 (00080)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   6f726e69 6e677768 6561742e 6e65740d   orningwheat.net.
0x00000050 (00080)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2068   : close..Host: h
0x00000040 (00064)   6973746f 7279666f 72657374 2e6e6574   istoryforest.net
0x00000050 (00080)   0d0a0d0a                              ....


Strings
 
.
\
"
 
\
.
-E-
-0
-0010+-0
-0
00-+ 
CC
.
.
-e-
. 
.
-e-
. 
.00-+ *00-+ 
\
 
0
0
-
,
>
..
- 
0
0
 
-
-
--
+z
xu
- abort() has been called
ADVAPI32.DLL
April
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
CONOUT$
- CRT not initialized
dddd, MMMM dd, yyyy
December
DOMAIN error
Ejjj
EMicrosoft Visual C++ Runtime Library
February
- floating point support not loaded
Friday
                                 H
         (((((                  H
         h((((                  H
HH:mm:ss
January
jjjjj
jjjjjj
July
June
KERNEL32.DLL
March
MM/dd/yy
Monday
mscoree.dll
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
October
Program: 
<program name unknown>
- pure virtual function call
R6002
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
runtime error 
Runtime Error!
Saturday
September
SING error
Sunday
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
Thursday
TLOSS error
Tuesday
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
Wednesday
WUSER32.DLL
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
<0|L<9
0t1HHt
1#QNAN
1#SNAN
*,4apQ
5^c"TMY
+ 6H@wU
;7|G;p
85*CU-
8CSVhJ	C
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
`adjustor{
america
american
american english
american-english
`anonymous namespace'
AtJHt4Hu
<at,<rt"<wt
August
australian
.?AVbad_alloc@std@@
.?AVbad_alloc@stdext@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AVbad_typeid@std@@
.?AVexception@std@@
.?AVexception@stdext@@
.?AVinvalid_argument@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AV__non_rtti_object@std@@
.?AVout_of_range@std@@
.?AVoverflow_error@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
belgian
britain
canadian
__cdecl
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
CHPjPV
class 
 Class Hierarchy Descriptor'
cli::array<
cli::pin_ptr<
CloseHandle
CLPjQV
__clrcall
coclass 
cointerface 
CompareStringW
 Complete Object Locator'
const 
`copy constructor closure'
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CreateFileA
CreateFileW
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
double
^.d'rL
dutch-belgian
DWHegcjiojsl nspuejcu slfubna ntti delragja zjuaxovtdi bohgujujt ypala ppxozl zvjagnn uui negc oginpi djfu gmdon drm fkfimvcec ouca ybfu hepguo skbemtj pqdacc uicu vsgefodyu fbdaszesiw abcda ssvod gbb rvc gzg fifm niw ofzefo pud ujmyaoc eirgk zbkerf bcsinbro gcfou aovle clbaeocfme azqjuimug ffe bmeziba xgnucewuz cvhojn mffodims pwleood loztusscob btzipece vcjoap eldod sbvemajnuv iii duic bfp frnic pgodom cmdep gbeabap mcodibnu fwnoexc gbojenmyav mvsargzeck mabhumi pbjeuggdoz ylinel jlhirn jcr vqosadbju tclij lpsauumvz uzy noc gdibaefdto ruvcij oddpovb lflabg imd jlgef gstiabs igggoac cpciluk azsumetnc qdah wbgibr iadaiuugp mbjib cdnolmbi nsjajd mujlo igtjelo lxluj acpmo nopedetal fyju lbbiaoyu xgusiilqmo ict
DXsigbieiyl lpsofoirco btmepjzec bjci bzyaa zrjednroi foajyijja uvem damiioopi lwy jxni ocg rapneof eiz luajjuhjqe icgcufgh adggibvv tcnikoevwo peor ffwec fkef lnbu zdeda gslel wgtugbnucr ievzyaohjw bnjuytga dngo bxbel ijfmerilf lvnasruz grqiosfia ntegedsde npgifcl rfx ajap ttsubttud npxisjwogk dhkafrri dntipbcif kvluou dgva mxasofbs wmapivvrob pfeve gggincla prsiomdj vdduc dzejofrsuf qfnit plde cofsehp mmanakqm jgg vlniobl lisfo djbue elsxadbeb tofpif vnkimafuyu xex pzo fmfijsva igfob pfgaur lajlafepig dopalunzf iofv rfpijf crwoyeg ivuss nfr ccugo fifco ypyoch ueunpvemk bzek jbeda lcsulm xgducst zai wjsazjji yefcaembso bio mvcuepiad rdoj gdg ccm uzafbu5
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
<ellipsis>
,<ellipsis>
EncodePointer
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
eqts fgyedcga ffh ldnomajm bvgiepp uzcz ojdbudfp cesnamb mjzaviol xlju mljez leeuibbud llba ltgalbf fzaribfvao dgibaf elbdilbne ejamneej meifx clgi rqt ftsaiguowt jgceejjjul fbsaie segla sgedagbuaw vcofaf dqyafsacaf pomoija srfovk xroc ajotbul prdo dmveplegob szb lfde idjji uriar rjjofcgooc tjdecgpeo epjasotsna dlbuf eqwsecqz ukfgi mfn hgoce bgcieitme gitsuj iqdsafeigm mbfe ttzi gtsas epblerooi jzodopy tjnasf bdejizbm ocl jdbixylu fqbiu cjpombeeo grg ejonluta djeouce tbo ycemagp bcleqki kng wrewujmd hhoselc deoenyih fhsubpij lolzedr lnab kii dtbe bfsojumm eipurdensj uvibcee rupsezbcav vjc pmdio scucec sucp hfgodcpig wmyi ygcafggon dretafd gdgemmpegx matfaprs cptemvun snkuph agteafii odwn dipijajgif 
ExitProcess
extern "C" 
-]F,0f
F0Pj.S
F4Pj/S
F8PjDS
__fastcall
FatalAppExitA
FDPjGS
FdPjOS
February
FGTmwTA
FhPj8S
FHPjHS
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExA
{flat}
FlPj9S
FLPjIS
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
fosuseq bcdodbdav soct lozjedo molbiisiwi zyzavcmot gzuked gifla gsvixal ohugw fdapaftf dffefdvo ppnecs ftfictjiip cveziltnu dvsilxa ncbosmeji lmqiq clsupkmos jqt grsurgjopr anlocid pfgoivsek majuf huugofa dlbojlg ifaudso svcishf sosatobdf pdceeaiiu eiii tjk ivpbi lnu lvguom mlacaajfb nejb mamfolibb lidfeil ifmma znvif nghu jmb ciqcoldcir ggrac abfced rfi yonpu ilsciilni vsvafef bcvoqfp bgjubjfium ilcmojjdu dziyubl gsf zbiyigrsuw ocn cdfe fpisez ainiibkem zdpejrv nvmi yvcucevbi soyfupvbas gjpel kklumrojab ezcdu soc nofjugslep invfe uvlfudy xcuufognv qdrep xebdefdjo tnyuslricj tcmunptuto ceml iremrisz tjea acf uva jnfidlgeb pffejglie ifdsi mjpacgdeb lmgul egfu hlgi xgc ggpixune sbr mbul macfu bmviekqfi fmj npgiundome hbu omluiiz oel anpsuf bsq 
F<PjES
F@PjFS
F\PjMS
F`PjNS
F|Pj=S
F Pj*S
F,Pj-S
F(Pj,S
F$Pj+Sj
FPPjJS
FpPj:S
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
Ft,Ot	OtFOt#OuV
FTPjKS
FtPj;S
.#fVC5C_e
FXPjLS
FxPj<S
generic-type-
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileType
GetFullPathNameA
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationW
great britain
`h````
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
`h`hhh
HH:mm:ss
HHt*HHt
HHtiHHt
HHtXHHt
HHtYHHt
holland
hong-kong
\h\WRb?7
?If90t
	If90t
IHU=j[
InitializeCriticalSectionAndSpinCount
__int128
__int16
__int32
__int64
__int8
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
irish-english
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
italian-swiss
<it|<otx<utt<xtp<Xtl
JanFebMarAprMayJunJulAugSepOctNovDec
January
jdh8cE
j h ]E
j h@[E
j@j ^V
j"X_^[]
jXh`\E
`kbGp}
KERNEL32.dll
Kkampo tufqo glfubeuupb dxdaa pjoje mvfecujb efoveti nfconche gfi sjbo eozlotugbm zaujmoi ffnejb dlvah oolwt ldpu eunbzuh eae cvlaneeexj frsizutt utploz mpcof cgxat bgz rta pjf fwoat fbnidbbubx mgjeo kfr fgf aoly phzoor fkrabvo adpseqb mmjo dpmunpede adgc dlja sibjo fktercjujo bfgoads ntnal ngeebi pmpizujgim uftgexls ebqf rsnib dflu duivc uufof delkesjv dobxapnmab fem jupnot fqe gzjeiutkc aasrifefx tnixicugo bipsidcl fpwol jagdaub stcafsya dgbusi apiflilezu ppgaff bhasei nudwu fpijifnte vavmainbd llafikoef gzajigcdi pndanlsaif dsgeufxfi olrqemfne zvejivi dair gggeboa rps rvveol gjzape mmruivnoju jlpigifqiv lfr sfmu znpoborg sfji accfeuay gmoejeb yger ntzudkje gknarjdo ogfh uep mjga jsf pchigpofe gdgulr l
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
LeaveCriticalSection
LoadLibraryW
`local static destructor helper'
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
,LV'4}
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
MM/dd/yy
Monday
MultiByteToWideChar
 new[]
new-zealand
`non-type-template-parameter
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
November
(null)
October
`omni callsig'
operator
o?S+`J`
:o!Zs?
__pascal
PeekNamedPipe
`placement delete closure'
`placement delete[] closure'
portuguese-brazilian
PPPPPPPP
pr china
pr-china
private: 
protected: 
__ptr64
public: 
puerto-rico
q??~c[
QQSVWd
QueryPerformanceCounter
qwfigludif grpolyo ccbepc xsleo coeisjubei bfteppqajb pllof bomeh lrtegu dhjoj ffvudlqa pgwui zuwyu wgviryqiff tuewgaibs pkk hnidigfga demcetbtue ygucu lnnal ijc jawacugafj qproand esjbiccm iotssosroy vdorollvih zoknig phacawploh xbuidejn ecab jkcejji lfnemen adldazgpa tqo dcfis uhvhicts sbhegjgujt gebaseo evkdaffi blloed jkvobcop gsuefu ufqjojlgu nuilmapz rsfina scpo unrcokrlu poccig csha iedxfigfl jggaifvpi sjza qfa dbpouo viga qpliso rakruipg vilpi lsedacfvuf argsenud pnbuilbooe cgpe sdyuzal tnpagdazi cjbuug qzvomipxo gcsa lrs mtmefe mdc cnf tvdiv xpsoxuzm vfr amfyege fovregmlo qmj ogvteppi bneejiaji fhca houmdizcee bdvads caeqf soonuyevx kzuciav vpeunipf hibau rjdij rukwefnb ytdec euze<[wA
RaiseException
`.rdata
ReadFile
__restrict
RtlUnwind
Saturday
`scalar deleting destructor'
September
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
short 
signed 
slovak
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
^SSSSS
static 
__stdcall
std::nullptr_t
`string'
string too long
struct 
Sunday
SunMonTueWedThuFriSat
swedish-finland
SystemFunction036
t3hp3E
t4<@t;V
tcee ubhc iekdzucp mlz cgzabdsua kum ddgadcluos vpneb azg lif jmyu jdva nabcip tvq xjnuijl ukmpueckwa fncejli zem orbalena bepag mdjutpf fugc uolmg rudditsobu jbnaloup tftostqe jvduag pvxiri fjt ubycupv inimy aglpu dluu pvlolpgoy zglane ggfagblus llmiuclyir fgko fvtugq zvnis bfmajsn xaslolih ogcdumg stbip awjcuzsf ixfumaac lym rfapape memi cplo smeaim acrwiisn blwozd fgudauxtdi bczaedgp jrwu opbdafoka mvejo dctipl bdp gfpev bjvubmnoh fvm cldoerip bhgei cgnezu bylollged olb nujn cpg ljfoaoss ael onwgicwj sbpimjpu dgzisdku dupdecrfid jgqe asjz idff grcecvpap ftqo blusegd ucfc ljjo jlilotmgij ycsuxdsub nzpaimic digofel gxjazb bluv iujpji snvenob jl
tCHt(Ht 
`template-parameter
template-parameter-
`template static data member constructor helper'
`template static data member destructor helper'
TerminateProcess
tGhx3E
<?tG<Xt
t"hh3E
+t HHt
__thiscall
!This program cannot be run in DOS mode.
 throw(
[thunk]:
Thursday
tI<A|2<P
<@tJ!~
< tK<	tG
tK<_t<<$t8<<t4<>t0<-t,<a|
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tM<it-<ot)<ut%<xt!<Xt
<\tM</tI
tp<@tl
.t|PVj@
tR99u2
t*=RCC
trinidad & tobago
t"SS9] u
<+t"<-t
Tt^HtTHtJHt
t]<@tS<Zt
t$<"u	3
Tuesday
;t$,v-
t VV9u
 Type Descriptor'
`typeof'
>:u8FV
`udt returning'
u}h88E
__unaligned
UnhandledExceptionFilter
UNICODE
union 
united-kingdom
united-states
<unknown>
UNKNOWN
`unknown ecsu'
unknown exception
Unknown exception
unsigned 
UQPXY]Y[
URPQQh
UTF-16LE
uZSSSP
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
virtual 
`virtual displacement map'
v	N+D$
volatile
 volatile
volatile 
VPPPPP
`vtordisp{
`vtordispex{
VVVVVQRSSj
__w64 
W9Ki"g
wchar_t
Wednesday
WideCharToMultiByte
WriteConsoleW
WriteFile
WVhJ	C
xIvS`F 
xppwpp
xpxxxx
z[972-$
<z~$<A|
zimqieppay qqceyojoa mdinojjlu ecnnoq gjpigip nzbulgt fircoddxel nkgikbr ajzsefrnav ucur jbra zfwiege ucys saeblijy ihw oszvig gzkadgac lxvedz sbde fjla sidnoj xzpac yeocli kfwoba duldemcfuu rzzeo louzj fubjier unghokt qzviadcgad ups gipjiajz crcanrma silcauni zfbal zcbopd iytvugo maz wdburzwuhi oblnaa qpat bdgestcoo igmn cbrodiqhud mejgaf ytcenle cyfoebjih gljibcf eanamdojbj jcvibieso edjzagcimu lcc wzbicjc wzbeekgsu dau milovupue jjsobz fivnu clloegcl ibgaco czdopsbazj mcupidebxu ygzanibbo vlpougjmu uay dacik fin kpf umefalu lma gcuugafva mggiukf jaj ejcmeghd etvbutbdo ztolo bbzu lmzamls nafv jbtolz opzpe fusd kap cvfewd tjp cifpolrfe zfbocadh