Analysis Date | 2015-02-15 02:37:30 |
---|---|
MD5 | 7cb0a2d3a0b5d6238149ce6fe69a1013 |
SHA1 | 5dcebdef00c40a1fa88be565c5c2a1b3e180097c |
Static Details:
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\Local Settings\Temp\blceli1lh0uk4mdvkvxi.exe |
---|---|
Creates File | C:\WINDOWS\system32\foigtvkfxx\tst |
Creates Process | C:\Documents and Settings\Administrator\Local Settings\Temp\blceli1lh0uk4mdvkvxi.exe |
Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\blceli1lh0uk4mdvkvxi.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Call TPM Event KtmRm Services Initiator WMI Health ➝ C:\WINDOWS\system32\aydyunjcerxo.exe |
---|---|
Creates File | C:\WINDOWS\system32\foigtvkfxx\lck |
Creates File | C:\WINDOWS\system32\drivers\etc\hosts |
Creates File | C:\WINDOWS\system32\aydyunjcerxo.exe |
Creates File | C:\WINDOWS\system32\foigtvkfxx\etc |
Creates File | C:\WINDOWS\system32\foigtvkfxx\tst |
Deletes File | C:\WINDOWS\system32\\drivers\etc\hosts |
Creates Process | C:\WINDOWS\system32\aydyunjcerxo.exe |
Creates Service | Initiator Encryption WLAN Play Cache Defragmenter - C:\WINDOWS\system32\aydyunjcerxo.exe |
Process
↳ Pid 800
Process
↳ Pid 848
Process
↳ C:\WINDOWS\System32\svchost.exe
Creates File | pipe\PCHFaultRepExecPipe |
---|
Process
↳ Pid 1112
Process
↳ Pid 1208
Process
↳ C:\WINDOWS\system32\spoolsv.exe
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
---|---|
Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Creates File | WMIDataDevice |
Process
↳ Pid 1052
Process
↳ C:\WINDOWS\system32\aydyunjcerxo.exe
Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1 |
---|---|
Creates File | C:\WINDOWS\system32\foigtvkfxx\run |
Creates File | C:\WINDOWS\system32\foigtvkfxx\lck |
Creates File | C:\WINDOWS\system32\foigtvkfxx\cfg |
Creates File | pipe\net\NtControlPipe10 |
Creates File | C:\WINDOWS\TEMP\blceli1ro3uk4m.exe |
Creates File | C:\WINDOWS\system32\foigtvkfxx\tst |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\WINDOWS\system32\xhrzbzoq.exe |
Creates File | C:\WINDOWS\system32\foigtvkfxx\rng |
Creates Process | C:\WINDOWS\TEMP\blceli1ro3uk4m.exe -r 46871 tcp |
Creates Process | WATCHDOGPROC "c:\windows\system32\aydyunjcerxo.exe" |
Process
↳ C:\WINDOWS\system32\aydyunjcerxo.exe
Creates File | C:\WINDOWS\system32\foigtvkfxx\tst |
---|
Process
↳ WATCHDOGPROC "c:\windows\system32\aydyunjcerxo.exe"
Creates File | C:\WINDOWS\system32\foigtvkfxx\tst |
---|
Process
↳ C:\WINDOWS\TEMP\blceli1ro3uk4m.exe -r 46871 tcp
Creates File | \Device\Afd\Endpoint |
---|---|
Winsock DNS | 239.255.255.250 |
Network Details:
DNS | tablefruit.net Type: A 69.195.129.70 |
---|---|
DNS | stickmarch.net Type: A 69.195.129.70 |
DNS | leaddaily.net Type: A 58.64.158.234 |
DNS | leadfull.net Type: A 192.185.91.40 |
DNS | calldaily.net Type: A 192.241.149.33 |
DNS | pointfull.net Type: A 94.23.74.103 |
DNS | westocean.net Type: A 188.40.39.214 |
DNS | pointocean.net Type: A 184.168.221.59 |
DNS | westocean.net Type: A 188.40.39.214 |
DNS | donaven4guia.com Type: A |
DNS | fredesecas.com Type: A |
DNS | laloponea.com Type: A |
DNS | davedekilai.com Type: A |
DNS | tabledaily.net Type: A |
DNS | tablelose.net Type: A |
DNS | leadlose.net Type: A |
DNS | tablefull.net Type: A |
DNS | pointblood.net Type: A |
DNS | callblood.net Type: A |
DNS | pointdaily.net Type: A |
DNS | pointlose.net Type: A |
DNS | calllose.net Type: A |
DNS | callfull.net Type: A |
DNS | noneblood.net Type: A |
DNS | liarblood.net Type: A |
DNS | nonedaily.net Type: A |
DNS | liardaily.net Type: A |
DNS | nonelose.net Type: A |
DNS | liarlose.net Type: A |
DNS | nonefull.net Type: A |
DNS | liarfull.net Type: A |
DNS | wellblood.net Type: A |
DNS | noseblood.net Type: A |
DNS | welldaily.net Type: A |
DNS | nosedaily.net Type: A |
DNS | welllose.net Type: A |
DNS | noselose.net Type: A |
DNS | wellfull.net Type: A |
DNS | nosefull.net Type: A |
DNS | ringblood.net Type: A |
DNS | favorblood.net Type: A |
DNS | ringdaily.net Type: A |
DNS | favordaily.net Type: A |
DNS | ringlose.net Type: A |
DNS | favorlose.net Type: A |
DNS | ringfull.net Type: A |
DNS | favorfull.net Type: A |
DNS | sorryhold.net Type: A |
DNS | fiftyhold.net Type: A |
DNS | sorrysecond.net Type: A |
DNS | fiftysecond.net Type: A |
DNS | sorryocean.net Type: A |
DNS | fiftyocean.net Type: A |
DNS | sorryhave.net Type: A |
DNS | fiftyhave.net Type: A |
DNS | theirhold.net Type: A |
DNS | likrhold.net Type: A |
DNS | theirsecond.net Type: A |
DNS | likrsecond.net Type: A |
DNS | theirocean.net Type: A |
DNS | likrocean.net Type: A |
DNS | theirhave.net Type: A |
DNS | likrhave.net Type: A |
DNS | fearhold.net Type: A |
DNS | westhold.net Type: A |
DNS | fearsecond.net Type: A |
DNS | westsecond.net Type: A |
DNS | fearocean.net Type: A |
DNS | fearhave.net Type: A |
DNS | westhave.net Type: A |
DNS | tablehold.net Type: A |
DNS | leadhold.net Type: A |
DNS | tablesecond.net Type: A |
DNS | leadsecond.net Type: A |
DNS | tableocean.net Type: A |
DNS | leadocean.net Type: A |
DNS | tablehave.net Type: A |
DNS | leadhave.net Type: A |
DNS | pointhold.net Type: A |
DNS | callhold.net Type: A |
DNS | pointsecond.net Type: A |
DNS | callsecond.net Type: A |
DNS | callocean.net Type: A |
DNS | pointhave.net Type: A |
DNS | callhave.net Type: A |
DNS | nonehold.net Type: A |
DNS | liarhold.net Type: A |
DNS | nonesecond.net Type: A |
DNS | liarsecond.net Type: A |
DNS | noneocean.net Type: A |
DNS | liarocean.net Type: A |
DNS | nonehave.net Type: A |
HTTP GET | http://tablefruit.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://stickmarch.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://leaddaily.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://leadfull.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://calldaily.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://pointfull.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://westocean.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://pointocean.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://tablefruit.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://stickmarch.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://leaddaily.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://leadfull.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://calldaily.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://pointfull.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://westocean.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
HTTP GET | http://pointocean.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent: |
Flows TCP | 192.168.1.1:1036 ➝ 69.195.129.70:80 |
Flows TCP | 192.168.1.1:1037 ➝ 69.195.129.70:80 |
Flows TCP | 192.168.1.1:1038 ➝ 58.64.158.234:80 |
Flows TCP | 192.168.1.1:1039 ➝ 192.185.91.40:80 |
Flows TCP | 192.168.1.1:1040 ➝ 192.241.149.33:80 |
Flows TCP | 192.168.1.1:1041 ➝ 94.23.74.103:80 |
Flows TCP | 192.168.1.1:1043 ➝ 188.40.39.214:80 |
Flows TCP | 192.168.1.1:1044 ➝ 184.168.221.59:80 |
Flows TCP | 192.168.1.1:1045 ➝ 69.195.129.70:80 |
Flows TCP | 192.168.1.1:1046 ➝ 69.195.129.70:80 |
Flows TCP | 192.168.1.1:1047 ➝ 58.64.158.234:80 |
Flows TCP | 192.168.1.1:1048 ➝ 192.185.91.40:80 |
Flows TCP | 192.168.1.1:1049 ➝ 192.241.149.33:80 |
Flows TCP | 192.168.1.1:1050 ➝ 94.23.74.103:80 |
Flows TCP | 192.168.1.1:1051 ➝ 188.40.39.214:80 |
Flows TCP | 192.168.1.1:1052 ➝ 184.168.221.59:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 626c6566 72756974 2e6e6574 : tablefruit.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207374 69636b6d 61726368 2e6e6574 : stickmarch.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c65 61646461 696c792e 6e65740d : leaddaily.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c65 61646675 6c6c2e6e 65740d0a : leadfull.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206361 6c6c6461 696c792e 6e65740d : calldaily.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20706f 696e7466 756c6c2e 6e65740d : pointfull.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207765 73746f63 65616e2e 6e65740d : westocean.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20706f 696e746f 6365616e 2e6e6574 : pointocean.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207461 626c6566 72756974 2e6e6574 : tablefruit.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207374 69636b6d 61726368 2e6e6574 : stickmarch.net 0x00000080 (00128) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c65 61646461 696c792e 6e65740d : leaddaily.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206c65 61646675 6c6c2e6e 65740d0a : leadfull.net.. 0x00000080 (00128) 0d0a0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a206361 6c6c6461 696c792e 6e65740d : calldaily.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20706f 696e7466 756c6c2e 6e65740d : pointfull.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a207765 73746f63 65616e2e 6e65740d : westocean.net. 0x00000080 (00128) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f666f72 756d2f73 65617263 GET /forum/searc 0x00000010 (00016) 682e7068 703f6d65 74686f64 3d76616c h.php?method=val 0x00000020 (00032) 69646174 65266d6f 64653d73 6f782676 idate&mode=sox&v 0x00000030 (00048) 3d303231 26736f78 3d336234 38386330 =021&sox=3b488c0 0x00000040 (00064) 30204854 54502f31 2e300d0a 41636365 0 HTTP/1.0..Acce 0x00000050 (00080) 70743a20 2a2f2a0d 0a436f6e 6e656374 pt: */*..Connect 0x00000060 (00096) 696f6e3a 20636c6f 73650d0a 486f7374 ion: close..Host 0x00000070 (00112) 3a20706f 696e746f 6365616e 2e6e6574 : pointocean.net 0x00000080 (00128) 0d0a0d0a ....
Strings
lnCCnOAaS3elnlvaarTS deeeeroe nn pFgvdeetlaltEsWiotelde e .rteraEc2ejKete lretChSbitH "1" 2dll1exe S --- ss [ Z [ Z [ +%3D%3A%26A& h1 21212 dll2 h2 1 1 exe a 0 + : : -_ " ' \ . .. .. ... ... .......... .!"!#!.$%$0&$'$. ( . . . . . . . . )* ) +,+ -.-/01210/-3- . . . %+#.*fa 0e %+#I64o ., -00-+ CC . -e- . -E- -0 -0010+-0 0 -0 . 00-+ \ :\ :..00 . ...........?- 0 0 0 0 - .J.Y . ;. ^E . .. . . .x ...k..u H ((((( H h(((( H jjjh jjjjh jjjjj KERNEL32.DLL Ljjj Ljjjj Mjjj Mjjjj mscoree.dll Njjj (null) !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0A@@Ju 0Qy[Fw 0SSSSS ]0!W_M 0WWWWW 1ezkQIRuLp 1#QNAN 1s,e]a 1#SNAN 3:{?by {'3'/_D 3"S?(4 `4$^0F,/ 4 <<17lX <]4M U34 \!^|4t [52(h- 5b`}e7 >5H'*O1N 5i6QoT 5J:?f^E 5MF a=w 5nbviQv ;5|@x} )_,6E5 6eT{]d ,6w|!F %6X&N":f* *&79o/ 7<BfF=q 7gMfAiD? 7G/o^ 7[_M-N 7"+XLb# 8 1n+ 8B,E`Z 8>)EXgW 8,mGbY/ 8ow5lv 8v}mzU"x 8VVVVV @*=8wB /928%Q5 9oMe^L 9[P4:U #9x*Od a0U-g a'AJAC` abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ AdPbrR( AHo'^WV a@JcM:'t america american american english american-english An application has made an attempt to load the C runtime library incorrectly. \A]q:G/ <at9<rt,<wt - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization .?AUctype_base@std@@ August australian .?AVbad_alloc@std@@ .?AVbad_cast@std@@ .?AVbad_exception@std@@ .?AV?$basic_ios@DU?$char_traits@D@std@@@std@@ .?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@ .?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ .?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@ .?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ .?AV?$ctype@D@std@@ .?AVexception@std@@ .?AVfacet@locale@std@@ .?AVfailure@ios_base@std@@ .?AVios_base@std@@ .?AV?$_Iosb@H@std@@ .?AVlength_error@std@@ .?AV_Locimp@locale@std@@ .?AVlogic_error@std@@ .?AV?$numpunct@D@std@@ .?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ .?AVout_of_range@std@@ .?AVruntime_error@std@@ .?AVtype_info@@ %`B)}] b0<qE6 b6"D}L bad allocation bad cast bad exception Base Class Array' Base Class Descriptor at ( __based( bC}}!!9 B.'d!A BeginPaint belgian bFhn0lwD bG"+g2 B~}K U B):ONda britain +Bw|4! *b*wHF bXtW45 _:?}by CallWindowProcA canadian __cdecl CheckDlgButton chinese chinese-hongkong chinese-simplified chinese-singapore chinese-traditional cJGf1% CL2vJPf9 Class Hierarchy Descriptor' CloseHandle __clrcall cmd.exe CompareStringA CompareStringW Complete Object Locator' COMSPEC CONOUT$ `copy constructor closure' Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED. CorExitProcess Cp3OJMb C PjPV C$PjQV C.PjRV C/PjSV C*PjTV C+PjUV C,PjVV C-PjWV cq(}`} CreateFileA CreateProcessA CreateThread - CRT not initialized cWdCz+ c`[X%4 cZNj3Y Dad,_[ @.data D{b[KN ?dC2rae, Dc<!]G6 dD^<0sQ dddd, MMMM dd, yyyy December DecodePointer `default constructor closure' delete delete[] Delete DeleteCriticalSection DeleteFileA deque<T> too long DOMAIN error ~dp`?2 `DP_eR DrawTextA dutch-belgian `dynamic atexit destructor for ' `dynamic initializer for ' E]2zb+ e@e&;S `eh vector constructor iterator' `eh vector copy constructor iterator' `eh vector destructor iterator' `eh vector vbase constructor iterator' `eh vector vbase copy constructor iterator' EkHEoH EnableWindow EncodePointer EndDialog EndPaint england english-american english-aus english-belize english-can english-caribbean english-ire english-jamaica english-nz english-south africa english-trinidad y tobago english-uk english-us english-usa EnterCriticalSection EnumSystemLocalesA Ep9KA: evvIE ExitProcess e-yNg` F=2JuH __fastcall February FileTimeToLocalFileTime FileTimeToSystemTime FindClose FindFirstFileA FindResourceA - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue FlushFileBuffers ForceRemove |fpf>3 FreeEnvironmentStringsA FreeEnvironmentStringsW FreeLibrary french-belgian french-canadian french-luxembourg french-swiss Friday ^F<-uB fWY*8kb9 g1Ya>3 \_g!5L gAd"b[ GAIsProcessorFeaturePresent GDI32.dll german-austrian german-lichtenstein german-luxembourg german-swiss GetACP GetActiveWindow GetBkColor GetClipRgn GetCommandLineA GetConsoleCP GetConsoleMode GetConsoleOutputCP GetCPInfo GetCurrentDirectoryA GetCurrentObject GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetCursor GetDCBrushColor GetDeviceCaps GetDialogBaseUnits GetDlgItem GetDlgItemInt GetDriveTypeA GetEnvironmentStrings GetEnvironmentStringsW GetExitCodeProcess GetFileAttributesA GetFileTime GetFileType GetFontLanguageInfo GetForegroundWindow GetFullPathNameA GetGraphicsMode GetInputState GetKeyboardType GetLastActivePopup GetLastError GetLocaleInfoA GetLocaleInfoW GetMapMode GetMenu GetMenuCheckMarkDimensions GetMenuContextHelpId GetMenuItemCount GetMenuItemID GetMenuState GetMetaRgn GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetNearestColor GetNearestPaletteIndex GetObjectType GetOEMCP GetPixelFormat GetPolyFillMode GetProcAddress GetProcessHeap GetProcessId GetProcessWindowStation GetPropA GetQueueStatus GetRandomRgn GetScrollPos GetStartupInfoA GetStdHandle GetStretchBltMode GetStringTypeA GetStringTypeW GetSystemTimeAsFileTime GetTextAlign GetTextCharacterExtra GetTextCharset GetTextCharsetInfo GetTickCount GetTimeZoneInformation GetUserDefaultLCID GetUserObjectInformationA GetVersion GetWindowContextHelpId GetWindowDC GetWindowLongA GlobalAlloc GlobalFlags GlobalHandle GlobalSize great britain ;grxh` Gtz4iu GwdK&3: `h```` H?0)N|S h1ZS|? ha0ove |H ~d$ h,DB(+P HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSize `h`hhh HH:mm:ss HHtXHHt HHtYHHt holland hong-kong hS%]Ut/<f @%hT([ hVK"OS I4`zQPK i5c.*b >If90t ijw&mkY IM=08{U) InitializeCriticalSection InitializeCriticalSectionAndSpinCount InterlockedDecrement InterlockedExchange InterlockedIncrement invalid map/set<T> iterator invalid string position i`]_#NW IOeV6Q) ios_base::badbit set ios_base::eofbit set ios_base::failbit set iQLbYNH irish-english IsDebuggerPresent ,iSG![ IsProcessorFeaturePresent IsValidCodePage IsValidLocale IsWindowEnabled IsWindowUnicode italian-swiss \,j//& j2h`rM j4h DM j7hPBL j8h$@L ja6%RU JanFebMarAprMayJunJulAugSepOctNovDec January jBh("L jDhHBM j+hdAL j hDFL j hd!L j"hD#M j hD%M j h@EM j%h$GM j hHFM j_hh*L j hh;L j?hh#M j^h@$L j h`[L j h,[L j h@=L j.hL M j?hlZL j hP=L j hTCM j"hTFM j.h XL j hXWL ")JI_" jIhx:M -Jj/|( j@j ^V jkhHSL jMh@8L jOh0:L jPhHIL ,Jpp.D8 jQh`pM j"^SSSSS J%%`^*uu] jwh(#L J/z+AhX ka*C|0 >);kcvK KERNEL32 KERNEL32.dll Khza?7 k}KkQj KOf1jL .]>krb KSKHzv {kw]{f K?yera `K[ZM_Akd LC_ALL LC_COLLATE LC_CTYPE lc}kCP LCMapStringA LCMapStringW LC_MONETARY LC_NUMERIC LC_TIME LeaveCriticalSection LEkvM4 Le;MP- *lewH*= l":gI_Q lk[M>dy[ LoadIconA LoadLibraryA LoadResource LocalAlloc LocalFlags `local static guard' `local static thread guard' `local vftable' `local vftable constructor closure' LockResource .L/uHz m.9AEk.DPHR `managed vector constructor iterator' `managed vector copy constructor iterator' `managed vector destructor iterator' map/set<T> too long MessageBoxA mEvJ:QR Microsoft Visual C++ Runtime Library ~M~,I<st MM/dd/yy Monday MoveFileA MoveWindow MultiByteToWideChar mV'OUf MZ89.Sw ;MZvOi ]*N"5} n}=5hz new[] new-zealand Ni.OJO NoRemove norwegian norwegian-bokmal norwegian-nynorsk Norwegian-Nynorsk - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November ]N?TA\ (null) NVrp'+* nwl'O0 O%1vRf October O=|gR,w |:!o>i ~}\OI'? oJT7{D OkAE`3 Okafn3D o <kE< OLEAUT32.dll `omni callsig' operator O.\Rg# \p6Q+9 . ^<P8 __pascal P-CL8D =(P>En &P&\^Fc `placement delete closure' `placement delete[] closure' Please contact the application's support team for more information. p;lR8qS) portuguese-brazilian PostMessageA ppDq+; PPPPPPPP pr china pr-china Program: <program name unknown> __ptr64 puerto-rico - pure virtual function call @P&(Z8 PzM z#D qex<z2 qnK[%jX QQ1ZfsK QQSVWd QueryPerformanceCounter q{,|vNjT =q\x5&+q RaiseException `.rdata ReadFile __restrict rF8:f?Z [rK>.> )r!%?M @[*R oB) R|=rDt Rsk#H=: RtlUnwind runtime error Runtime Error! r%&V~P RWgAh^ !r!wR=;W<G Saturday `scalar deleting destructor' {SC $X sdEOwAL ";S/e7 SendMessageA September SetDlgItemTextA SetEndOfFile SetEnvironmentVariableA SetFilePointer SetFocus SetHandleCount SetLastError SetPixel SetStdHandle SetSystemPaletteUse SetTextAlign SetTextCharacterExtra SetTextColor SetTextJustification SetUnhandledExceptionFilter SetWindowTextA ShowWindow SING error siXoqs4 SizeofResource >S-$km slovak SN%r:qT south africa south-africa south korea south-korea ~sP3gf|S spanish-argentina spanish-bolivia spanish-chile spanish-colombia spanish-costa rica spanish-dominican republic spanish-ecuador spanish-el salvador spanish-guatemala spanish-honduras spanish-mexican spanish-modern spanish-nicaragua spanish-panama spanish-paraguay spanish-peru spanish-puerto rico spanish-uruguay spanish-venezuela S$_Pqz/ S<PuG S{r&8T s[S;7|G;w ^SSSSS __stdcall `string' string too long Sunday SunMonTueWedThuFriSat swedish-finland SX==UM<k S}Y\RC, SystemRoot S~z:=~8 .t%bE-U tdhhTK TerminateProcess T)F1D# t=FA9] tGHt.Ht& TgRrdqy (</t$h t=h8rK t$hDaK tHhdUK +t HHt This application has requested the Runtime to terminate it in an unusual way. __thiscall This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. Thursday TI2&DF tIj"[: tIj(h(!M tjh8TK t:j)h\%M tJJH9A < tK< tG TLOSS error TlsAlloc TlsFree TlsGetValue TlsSetValue <\tM</tI tNh<rK tR99u2 trinidad & tobago t"SS9] <+t(<-t$: t$<"u 3 Tuesday ;t$,v- t VV9u &;T wGf t+WWVPV tY7j:i Type Descriptor' `typeof' U)3=ma U69~Zy >:u8FV /u8WcT: -udIq- `udt returning' -UhH/*@d u%h@rK - unable to initialize heap - unable to open console device __unaligned - unexpected heap error - unexpected multithread lock error UnhandledExceptionFilter UNICODE united-kingdom united-states uNj hd!L Unknown exception UpdateColors UQPXY]Y[ uqSSSSS URPQQhL[J US2L;% USER32.dll USER32.DLL u[SSSP UTF-16LE uUj h,[L uvn!:;~ u,VVWV +uw@'zD `vbase destructor' `vbtable' `vcall' \VC_fW `vector constructor iterator' `vector copy constructor iterator' `vector deleting destructor' `vector destructor iterator' `vector vbase constructor iterator' `vector vbase copy constructor iterator' VEtS~k `vftable' VirtualAlloc `virtual displacement map' VirtualFree Vj@h`oK v N+D$ v;Or\A vQc5@W _VVVVV VVVVVQRSSj vz"JeQ .W$@0es <+`[W9 WaitForSingleObject Wednesday WeO'|\ w:eueK wHhDUK WideCharToMultiByte WindowFromDC "wPFSUO WriteConsoleA WriteConsoleW WriteFile WS2_32.dll ^WWWWW =WYS$j X? 9EL } x<gi X$n{7MH xppwpp xpxxxx @xrb < <xtX<XtT :{)Y2# =y$-Bc Yc#uXz ycW#~` YJpF`t ~>Y/Pm@ >=Yt1j Y<\u#j\V ?Y;VQh z5TF": ^z87%a> Z<\e]r z icsD? zj<S7l =zknUUY= ZO2qBB^ z\u!'a1 ZVhgUP z'Wd=[-