Analysis | #totalhash

Analysis Date	2015-02-15 02:37:30
MD5	7cb0a2d3a0b5d6238149ce6fe69a1013
SHA1	5dcebdef00c40a1fa88be565c5c2a1b3e180097c

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 112acb02d9baa09b219de5c8e9db6c8c sha1: 620ca5357f0c20ebf98f9413189c7dc8df11bf10 size: 734720
Section	.rdata md5: 0d84247006455dca82fc9245d14bb87a sha1: c0e029e3104575e0deceeca1ac319a7e559d05a1 size: 32768
Section	.data md5: 83a3ff2013400bc2960a34ad7c7a97e4 sha1: 909a7c01e8d9f62a5962a7685f754f01e9fa6f54 size: 123392
Timestamp	2014-02-05 02:27:21
Packer	Microsoft Visual C++ ?.?
PEhash	c7e0f645409991a8d3b5f773d4821e51a6f7230e
IMPhash	3cba81c4f0f471c9b53ee92da066d592
AV	360 Safe	no_virus
AV	Ad-Aware	Gen:Variant.Symmi.22722
AV	Alwil (avast)	Kryptik-OCD [Trj]
AV	Arcabit (arcavir)	Gen:Variant.Symmi.22722
AV	Authentium	W32/Symmi.AH.gen!Eldorado
AV	Avira (antivir)	BDS/Zegost.Gen4
AV	BullGuard	Gen:Variant.Symmi.22722
AV	CA (E-Trust Ino)	no_virus
AV	CAT (quickheal)	no_virus
AV	ClamAV	no_virus
AV	Dr. Web	no_virus
AV	Emsisoft	Gen:Variant.Symmi.22722
AV	Eset (nod32)	Win32/Kryptik.CCLE
AV	Fortinet	W32/Kryptik.BCFJ!tr
AV	Frisk (f-prot)	no_virus
AV	F-Secure	Gen:Variant.Symmi.22722
AV	Grisoft (avg)	Win32/Cryptor
AV	Ikarus	Trojan.Win32.Spy
AV	K7	no_virus
AV	Kaspersky	Trojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.175154:Trojan.Win32.PEF.pf.silent.181830:Trojan.Win32.PEF.pf.silent.375904:Trojan.Win32.PEF.pf.silent.376942:Trojan.Win32.PEF.pf.silent.377697:Trojan.Win32.PEF.pf.silent.378515:Trojan.Win32.PEF.pf.silent.379237:Trojan.Win32.PEF.pf.silent.380145:Trojan.Win32.PEF.pf.silent.380997:Trojan.Win32.PEF.pf.silent.416452:Trojan.Win32.PEF.pf.silent.432810:Trojan.Win32.PEF.pf.silent.445825:Trojan.Win32.PEF.pf.silent.454569:Trojan.Win32.PEF.pf.silent.456542:Trojan.Win32.PEF.pf.silent.479305:Trojan.Win32.PEF.pf.silent.481926:Trojan.Win32.PEF.pf.silent.483728:Trojan.Win32.PEF.pf.silent.484661:Trojan.Win32.PEF.pf.silent.23214164:Trojan.Win32.PEF.pf.silent.23712702:Trojan.Win32.VHO.silent.23584149
AV	MalwareBytes	no_virus
AV	Mcafee	no_virus
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort.AE
AV	MicroWorld (escan)	Gen:Variant.Symmi.22722
AV	Rising	no_virus
AV	Sophos	no_virus
AV	Symantec	no_virus
AV	Trend Micro	TSPY_NIVDORT.SM
AV	VirusBlokAda (vba32)	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\blceli1lh0uk4mdvkvxi.exe
Creates File	C:\WINDOWS\system32\foigtvkfxx\tst
Creates Process	C:\Documents and Settings\Administrator\Local Settings\Temp\blceli1lh0uk4mdvkvxi.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\blceli1lh0uk4mdvkvxi.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Call TPM Event KtmRm Services Initiator WMI Health ➝ C:\WINDOWS\system32\aydyunjcerxo.exe
Creates File	C:\WINDOWS\system32\foigtvkfxx\lck
Creates File	C:\WINDOWS\system32\drivers\etc\hosts
Creates File	C:\WINDOWS\system32\aydyunjcerxo.exe
Creates File	C:\WINDOWS\system32\foigtvkfxx\etc
Creates File	C:\WINDOWS\system32\foigtvkfxx\tst
Deletes File	C:\WINDOWS\system32\\drivers\etc\hosts
Creates Process	C:\WINDOWS\system32\aydyunjcerxo.exe
Creates Service	Initiator Encryption WLAN Play Cache Defragmenter - C:\WINDOWS\system32\aydyunjcerxo.exe

Process
↳ Pid 800

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates File	pipe\PCHFaultRepExecPipe

Process
↳ Pid 1112

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL
Registry	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7
Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL
Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates File	WMIDataDevice

Process
↳ Pid 1052

Process
↳ C:\WINDOWS\system32\aydyunjcerxo.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1
Creates File	C:\WINDOWS\system32\foigtvkfxx\run
Creates File	C:\WINDOWS\system32\foigtvkfxx\lck
Creates File	C:\WINDOWS\system32\foigtvkfxx\cfg
Creates File	pipe\net\NtControlPipe10
Creates File	C:\WINDOWS\TEMP\blceli1ro3uk4m.exe
Creates File	C:\WINDOWS\system32\foigtvkfxx\tst
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\xhrzbzoq.exe
Creates File	C:\WINDOWS\system32\foigtvkfxx\rng
Creates Process	C:\WINDOWS\TEMP\blceli1ro3uk4m.exe -r 46871 tcp
Creates Process	WATCHDOGPROC "c:\windows\system32\aydyunjcerxo.exe"

Process
↳ C:\WINDOWS\system32\aydyunjcerxo.exe

Creates File	C:\WINDOWS\system32\foigtvkfxx\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\aydyunjcerxo.exe"

Creates File	C:\WINDOWS\system32\foigtvkfxx\tst

Process
↳ C:\WINDOWS\TEMP\blceli1ro3uk4m.exe -r 46871 tcp

Creates File	\Device\Afd\Endpoint
Winsock DNS	239.255.255.250

Network Details:

DNS	tablefruit.net Type: A 69.195.129.70
DNS	stickmarch.net Type: A 69.195.129.70
DNS	leaddaily.net Type: A 58.64.158.234
DNS	leadfull.net Type: A 192.185.91.40
DNS	calldaily.net Type: A 192.241.149.33
DNS	pointfull.net Type: A 94.23.74.103
DNS	westocean.net Type: A 188.40.39.214
DNS	pointocean.net Type: A 184.168.221.59
DNS	westocean.net Type: A 188.40.39.214
DNS	donaven4guia.com Type: A
DNS	fredesecas.com Type: A
DNS	laloponea.com Type: A
DNS	davedekilai.com Type: A
DNS	tabledaily.net Type: A
DNS	tablelose.net Type: A
DNS	leadlose.net Type: A
DNS	tablefull.net Type: A
DNS	pointblood.net Type: A
DNS	callblood.net Type: A
DNS	pointdaily.net Type: A
DNS	pointlose.net Type: A
DNS	calllose.net Type: A
DNS	callfull.net Type: A
DNS	noneblood.net Type: A
DNS	liarblood.net Type: A
DNS	nonedaily.net Type: A
DNS	liardaily.net Type: A
DNS	nonelose.net Type: A
DNS	liarlose.net Type: A
DNS	nonefull.net Type: A
DNS	liarfull.net Type: A
DNS	wellblood.net Type: A
DNS	noseblood.net Type: A
DNS	welldaily.net Type: A
DNS	nosedaily.net Type: A
DNS	welllose.net Type: A
DNS	noselose.net Type: A
DNS	wellfull.net Type: A
DNS	nosefull.net Type: A
DNS	ringblood.net Type: A
DNS	favorblood.net Type: A
DNS	ringdaily.net Type: A
DNS	favordaily.net Type: A
DNS	ringlose.net Type: A
DNS	favorlose.net Type: A
DNS	ringfull.net Type: A
DNS	favorfull.net Type: A
DNS	sorryhold.net Type: A
DNS	fiftyhold.net Type: A
DNS	sorrysecond.net Type: A
DNS	fiftysecond.net Type: A
DNS	sorryocean.net Type: A
DNS	fiftyocean.net Type: A
DNS	sorryhave.net Type: A
DNS	fiftyhave.net Type: A
DNS	theirhold.net Type: A
DNS	likrhold.net Type: A
DNS	theirsecond.net Type: A
DNS	likrsecond.net Type: A
DNS	theirocean.net Type: A
DNS	likrocean.net Type: A
DNS	theirhave.net Type: A
DNS	likrhave.net Type: A
DNS	fearhold.net Type: A
DNS	westhold.net Type: A
DNS	fearsecond.net Type: A
DNS	westsecond.net Type: A
DNS	fearocean.net Type: A
DNS	fearhave.net Type: A
DNS	westhave.net Type: A
DNS	tablehold.net Type: A
DNS	leadhold.net Type: A
DNS	tablesecond.net Type: A
DNS	leadsecond.net Type: A
DNS	tableocean.net Type: A
DNS	leadocean.net Type: A
DNS	tablehave.net Type: A
DNS	leadhave.net Type: A
DNS	pointhold.net Type: A
DNS	callhold.net Type: A
DNS	pointsecond.net Type: A
DNS	callsecond.net Type: A
DNS	callocean.net Type: A
DNS	pointhave.net Type: A
DNS	callhave.net Type: A
DNS	nonehold.net Type: A
DNS	liarhold.net Type: A
DNS	nonesecond.net Type: A
DNS	liarsecond.net Type: A
DNS	noneocean.net Type: A
DNS	liarocean.net Type: A
DNS	nonehave.net Type: A
HTTP GET	http://tablefruit.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://stickmarch.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://leaddaily.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://leadfull.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://calldaily.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://pointfull.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://westocean.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://pointocean.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://tablefruit.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://stickmarch.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://leaddaily.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://leadfull.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://calldaily.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://pointfull.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://westocean.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
HTTP GET	http://pointocean.net/forum/search.php?method=validate&mode=sox&v=021&sox=3b488c00 User-Agent:
Flows TCP	192.168.1.1:1036 ➝ 69.195.129.70:80
Flows TCP	192.168.1.1:1037 ➝ 69.195.129.70:80
Flows TCP	192.168.1.1:1038 ➝ 58.64.158.234:80
Flows TCP	192.168.1.1:1039 ➝ 192.185.91.40:80
Flows TCP	192.168.1.1:1040 ➝ 192.241.149.33:80
Flows TCP	192.168.1.1:1041 ➝ 94.23.74.103:80
Flows TCP	192.168.1.1:1043 ➝ 188.40.39.214:80
Flows TCP	192.168.1.1:1044 ➝ 184.168.221.59:80
Flows TCP	192.168.1.1:1045 ➝ 69.195.129.70:80
Flows TCP	192.168.1.1:1046 ➝ 69.195.129.70:80
Flows TCP	192.168.1.1:1047 ➝ 58.64.158.234:80
Flows TCP	192.168.1.1:1048 ➝ 192.185.91.40:80
Flows TCP	192.168.1.1:1049 ➝ 192.241.149.33:80
Flows TCP	192.168.1.1:1050 ➝ 94.23.74.103:80
Flows TCP	192.168.1.1:1051 ➝ 188.40.39.214:80
Flows TCP	192.168.1.1:1052 ➝ 184.168.221.59:80

Raw Pcap

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c65 61646461 696c792e 6e65740d   : leaddaily.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c65 61646675 6c6c2e6e 65740d0a   : leadfull.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206361 6c6c6461 696c792e 6e65740d   : calldaily.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20706f 696e7466 756c6c2e 6e65740d   : pointfull.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207765 73746f63 65616e2e 6e65740d   : westocean.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20706f 696e746f 6365616e 2e6e6574   : pointocean.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c65 61646461 696c792e 6e65740d   : leaddaily.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c65 61646675 6c6c2e6e 65740d0a   : leadfull.net..
0x00000080 (00128)   0d0a0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206361 6c6c6461 696c792e 6e65740d   : calldaily.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20706f 696e7466 756c6c2e 6e65740d   : pointfull.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207765 73746f63 65616e2e 6e65740d   : westocean.net.
0x00000080 (00128)   0a0d0a0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303231 26736f78 3d336234 38386330   =021&sox=3b488c0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20706f 696e746f 6365616e 2e6e6574   : pointocean.net
0x00000080 (00128)   0d0a0d0a                              ....

Strings

 
lnCCnOAaS3elnlvaarTS
deeeeroe
nn
pFgvdeetlaltEsWiotelde
e
.rteraEc2ejKete
lretChSbitH
"1"
2dll1exe
S
  ---
ss
[
Z
[
Z
[
+%3D%3A%26A&
h1
21212
 
dll2
h2
1
1
exe
a
 0
+
:
:
 
-_
"
 
 ' 
\
.
..
..
...
...
.......... .!"!#!.$%$0&$'$.
(
.
.
.
.
.
.
.
.
)*
)
+,+
-.-/01210/-3-
.
.
.
%+#.*fa
0e
%+#I64o
.,
 -00-+ CC
.
-e-
. 
 
-E-
-0
-0010+-0
0
-0
.
00-+ 
\
:\
:..00
.
  ...........?- 
0
0
0
0
-
.J.Y
.
;.
^E
.
..
.
.
.x
...k..u
                                 H
         (((((                  H
         h((((                  H
jjjh
jjjjh
jjjjj
KERNEL32.DLL
Ljjj
Ljjjj
Mjjj
Mjjjj
mscoree.dll
Njjj
(null)
                          
																		
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0Qy[Fw
0SSSSS
]0!W_M
0WWWWW
1ezkQIRuLp
1#QNAN
1s,e]a
1#SNAN
3:{?by
{'3'/_D
3"S?(4
`4$^0F,/
4 <<17lX
<]4M	U34
\!^|4t
[52(h-
5b`}e7
>5H'*O1N
5i6QoT
5J:?f^E
5MF	a=w
5nbviQv
;5|@x}
)_,6E5
6eT{]d
,6w|!F
%6X&N":f*
*&79o/
7<BfF=q
7gMfAiD?
	7G/o^
7[_M-N
7"+XLb#
8	 1n+
8B,E`Z
8>)EXgW
8,mGbY/
8ow5lv
8v}mzU"x
8VVVVV
@*=8wB
/928%Q5
9oMe^L
9[P4:U
#9x*Od
 a0U-g
a'AJAC`
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
AdPbrR(
AHo'^WV
a@JcM:'t
america
american
american english
american-english
An application has made an attempt to load the C runtime library incorrectly.
\A]q:G/
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUctype_base@std@@
August
australian
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$ctype@D@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
%`B)}]
b0<qE6
b6"D}L
bad allocation
bad cast
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
bC}}!!9
B.'d!A
BeginPaint
belgian
bFhn0lwD
bG"+g2
B~}K	U
B):ONda
britain
+Bw|4!
*b*wHF
bXtW45
_:?}by
CallWindowProcA
canadian
__cdecl
CheckDlgButton
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
cJGf1%
CL2vJPf9
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
cmd.exe
CompareStringA
CompareStringW
 Complete Object Locator'
COMSPEC
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
Cp3OJMb
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
cq(}`}
CreateFileA
CreateProcessA
CreateThread
- CRT not initialized
cWdCz+
c`[X%4
cZNj3Y
Dad,_[
@.data
D{b[KN
?dC2rae,
Dc<!]G6
dD^<0sQ
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteFileA
deque<T> too long
DOMAIN error
~dp`?2 
`DP_eR
DrawTextA
dutch-belgian
`dynamic atexit destructor for '
`dynamic initializer for '
E]2zb+
e@e&;S
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EkHEoH
EnableWindow
EncodePointer
EndDialog
EndPaint
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
Ep9KA:
 evvIE
ExitProcess
e-yNg`
F=2JuH
__fastcall
February
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindResourceA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
|fpf>3
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
^F<-uB
fWY*8kb9
g1Ya>3
\_g!5L
gAd"b[
GAIsProcessorFeaturePresent
GDI32.dll
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentObject
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCursor
GetDCBrushColor
GetDeviceCaps
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileTime
GetFileType
GetFontLanguageInfo
GetForegroundWindow
GetFullPathNameA
GetGraphicsMode
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMetaRgn
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNearestColor
GetNearestPaletteIndex
GetObjectType
GetOEMCP
GetPixelFormat
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoA
GetStdHandle
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationA
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
great britain
;grxh`
Gtz4iu
GwdK&3:
`h````
H?0)N|S
h1ZS|?
ha0ove
|H	~d$
h,DB(+P
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtXHHt
HHtYHHt
holland
hong-kong
hS%]Ut/<f
@%hT([
hVK"OS
I4`zQPK
i5c.*b
>If90t
ijw&mkY
IM=08{U)
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
i`]_#NW
IOeV6Q)
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
iQLbYNH
irish-english
IsDebuggerPresent
,iSG![
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWindowEnabled
IsWindowUnicode
italian-swiss
\,j//&
j2h`rM
j4h DM
j7hPBL
j8h$@L
ja6%RU
JanFebMarAprMayJunJulAugSepOctNovDec
January
jBh("L
jDhHBM
j+hdAL
j	hDFL
j	hd!L
j"hD#M
j	hD%M
j	h@EM
j%h$GM
j	hHFM
j_hh*L
j	hh;L
j?hh#M
j^h@$L
j	h`[L
j	h,[L
j	h@=L
j.hL M
j?hlZL
j	hP=L
j	hTCM
j"hTFM
j.h XL
j	hXWL
")JI_"
jIhx:M
-Jj/|(
j@j ^V
jkhHSL
jMh@8L
jOh0:L
jPhHIL
,Jpp.D8
jQh`pM
j"^SSSSS
J%%`^*uu]
jwh(#L
J/z+AhX
ka*C|0
>);kcvK
KERNEL32
KERNEL32.dll
Khza?7
k}KkQj
KOf1jL
.]>krb
KSKHzv
{kw]{f
K?yera
`K[ZM_Akd
LC_ALL
LC_COLLATE
LC_CTYPE
lc}kCP
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
LeaveCriticalSection
LEkvM4
Le;MP-
*lewH*=
l":gI_Q
lk[M>dy[
LoadIconA
LoadLibraryA
LoadResource
LocalAlloc
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
.L/uHz
m.9AEk.DPHR
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxA
mEvJ:QR
Microsoft Visual C++ Runtime Library
~M~,I<st
MM/dd/yy
Monday
MoveFileA
MoveWindow
MultiByteToWideChar
mV'OUf
MZ89.Sw
;MZvOi
]*N"5}
n}=5hz
 new[]
new-zealand
Ni.OJO
NoRemove
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
]N?TA\
(null)
NVrp'+*
nwl'O0
O%1vRf
October
O=|gR,w
|:!o>i
~}\OI'?
oJT7{D
OkAE`3
Okafn3D
o	<kE<
OLEAUT32.dll
`omni callsig'
operator
O.\Rg#
\p6Q+9
. ^<P8
__pascal
P-CL8D
=(P>En
&P&\^Fc
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
p;lR8qS)
portuguese-brazilian
PostMessageA
ppDq+;
PPPPPPPP
pr china
pr-china
Program: 
<program name unknown>
__ptr64
puerto-rico
- pure virtual function call
@P&(Z8
PzM z#D
qex<z2
qnK[%jX
QQ1ZfsK
QQSVWd
QueryPerformanceCounter
q{,|vNjT
=q\x5&+q
RaiseException
`.rdata
ReadFile
__restrict
rF8:f?Z
[rK>.>
)r!%?M
@[*R oB)
R|=rDt
	Rsk#H=:
RtlUnwind
runtime error 
Runtime Error!
r%&V~P
RWgAh^
!r!wR=;W<G
Saturday
`scalar deleting destructor'
{SC	$X
sdEOwAL
";S/e7
SendMessageA
September
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
SING error
siXoqs4
SizeofResource
>S-$km
slovak
SN%r:qT
south africa
south-africa
south korea
south-korea
~sP3gf|S
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
S$_Pqz/
S<PuG	
S{r&8T
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
swedish-finland
SX==UM<k
S}Y\RC,
SystemRoot
S~z:=~8
.t%bE-U	
tdhhTK
TerminateProcess
T)F1D#
t=FA9]
tGHt.Ht&
TgRrdqy
(</t$h
t=h8rK
t$hDaK
tHhdUK
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
TI2&DF
tIj"[:
tIj(h(!M
tjh8TK
t:j)h\%M
tJJH9A
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
tNh<rK
tR99u2
trinidad & tobago
t"SS9]
<+t(<-t$:
t$<"u	3
Tuesday
;t$,v-
t VV9u
&;T wGf
t+WWVPV
tY7j:i
 Type Descriptor'
`typeof'
U)3=ma
U69~Zy
>:u8FV
/u8WcT:
-udIq-
`udt returning'
-UhH/*@d
u%h@rK
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
united-kingdom
united-states
uNj	hd!L
Unknown exception
UpdateColors
UQPXY]Y[
uqSSSSS
URPQQhL[J
US2L;%
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
uUj	h,[L
uvn!:;~
u,VVWV
+uw@'zD
`vbase destructor'
`vbtable'
`vcall'
\VC_fW
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
VEtS~k
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
Vj@h`oK
v	N+D$
v;Or\A
vQc5@W
_VVVVV
VVVVVQRSSj
vz"JeQ
.W$@0es
<+`[W9
WaitForSingleObject
Wednesday
WeO'|\
w:eueK
wHhDUK
WideCharToMultiByte
WindowFromDC
"wPFSUO
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
=WYS$j
X? 9EL
}	x<gi
X$n{7MH
xppwpp
xpxxxx
@xrb <
<xtX<XtT
:{)Y2#
=y$-Bc
Yc#uXz
ycW#~`
YJpF`t
~>Y/Pm@
>=Yt1j
Y<\u#j\V
?Y;VQh
z5TF":
^z87%a>
Z<\e]r
z icsD?
zj<S7l
=zknUUY=
ZO2qBB^
z\u!'a1
ZVhgUP
z'Wd=[-