Analysis Date2014-11-14 19:30:24
MD5a846ae7af0c102e89ed196f0cd246fc6
SHA179fa1ad8ad0bbee512b24912a8052f539565d0fc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 3ceb749141159405dec03997ff938db2 sha1: 79f74ae6993f43ff37d526aff06d630e8a3ac2ab size: 729600
Section.rdata md5: e8c0468b9f424ba4f31b2e8847290450 sha1: 3d89d1948f6c1b928381e0e3d295fe2e92eca0bf size: 33792
Section.data md5: c9b58eeccc49b9dffd37397d35b314f5 sha1: 61625475962d30d2bcdec9bb2ab06904af6713ab size: 123392
Timestamp2013-06-11 11:52:43
PackerMicrosoft Visual C++ ?.?
PEhashfd2c286836d1ae59b25761f41af2579e8f2ca9dd
IMPhash9c46896f3f322c858d396ca50dec0e54
AV360 SafeGen:Variant.Symmi.22722
AVAd-AwareGen:Variant.Symmi.22722
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Symmi.AH.gen!Eldorado
AVAvira (antivir)BDS/Zegost.Gen4
AVBullGuardGen:Variant.Symmi.22722
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Symmi.22722
AVEset (nod32)Win32/Kryptik.CCLE
AVFortinetW32/Kryptik.BCFJ!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Symmi.22722
AVGrisoft (avg)Win32/Cryptor
AVIkarusTrojan.Win32.Spy
AVK7Backdoor ( 04c540d41 )
AVKasperskyTrojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.175154:Trojan.Win32.PEF.pf.silent.181830:Trojan.Win32.PEF.pf.silent.375904:Trojan.Win32.PEF.pf.silent.376942:Trojan.Win32.PEF.pf.silent.377697:Trojan.Win32.PEF.pf.silent.378515:Trojan.Win32.PEF.pf.silent.379237:Trojan.Win32.PEF.pf.silent.380145:Trojan.Win32.PEF.pf.silent.380997:Trojan.Win32.PEF.pf.silent.411370:Trojan.Win32.PEF.pf.silent.416452:Trojan.Win32.PEF.pf.silent.432299:Trojan.Win32.PEF.pf.silent.445825:Trojan.Win32.PEF.pf.silent.456542:Trojan.Win32.PEF.pf.silent.476081
AVMalwareBytesno_virus
AVMcafeeRDN/Generic.bfr!hw
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.N
AVMicroWorld (escan)Gen:Variant.Symmi.22722
AVNormanGen:Variant.Symmi.22722
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend MicroTSPY_NIVDORT.SMA
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\system32\aoydgclkrvoyyf\tst
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\lwivfzyqovkslc9aljheerq.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\~DF3A41.tmp
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\lwivfzyqovkslc9aljheerq.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\lwivfzyqovkslc9aljheerq.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Cryptographic Distributed Performance Helper ➝
C:\WINDOWS\system32\ybxpzdzuolwb.exe
Creates FileC:\WINDOWS\system32\aoydgclkrvoyyf\tst
Creates FileC:\WINDOWS\system32\ybxpzdzuolwb.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\aoydgclkrvoyyf\lck
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\WINDOWS\system32\ybxpzdzuolwb.exe
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates ServiceCredential Cryptographic Bus Call Biometric - C:\WINDOWS\system32\ybxpzdzuolwb.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates FileWMIDataDevice

Process
↳ Pid 816

Process
↳ Pid 860

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\Prefetch\YBXPZDZUOLWB.EXE-1F31BE68.pf
Creates FileC:\WINDOWS\Prefetch\ADZDVGRRXP.EXE-1B184769.pf
Creates FileC:\WINDOWS\Prefetch\79FA1AD8AD0BBEE512B24912A8052-1EB42048.pf
Creates FileC:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
Creates FileC:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf
Creates FileC:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf
Creates FileC:\WINDOWS\Prefetch\monitor.exe-1949D260.pf
Creates FileC:\WINDOWS\Prefetch\LWIVFZYQOVKSLC9ALJHEERQ.EXE-049A531C.pf
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log
Creates FileC:\WINDOWS\Prefetch\svchost.EXE-0C867EC1.pf

Process
↳ Pid 1216

Process
↳ Pid 1332

Process
↳ Pid 1864

Process
↳ Pid 976

Process
↳ C:\WINDOWS\system32\ybxpzdzuolwb.exe

Creates FileC:\WINDOWS\system32\aoydgclkrvoyyf\tst
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\aoydgclkrvoyyf\cfg
Creates FileC:\WINDOWS\system32\aoydgclkrvoyyf\rng
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\aoydgclkrvoyyf\lck
Creates FileC:\WINDOWS\system32\aoydgclkrvoyyf\run
Creates FileC:\WINDOWS\system32\adzdvgrrxp.exe
Creates ProcessWATCHDOGPROC "c:\windows\system32\ybxpzdzuolwb.exe"

Process
↳ C:\WINDOWS\system32\ybxpzdzuolwb.exe

Process
↳ WATCHDOGPROC "c:\windows\system32\ybxpzdzuolwb.exe"

Creates FileC:\WINDOWS\system32\aoydgclkrvoyyf\tst

Network Details:

DNSelementarimagine.com
Type: A
141.8.225.80
DNSmojoguia.com
Type: A
204.11.56.26
DNSjumpgray.net
Type: A
69.195.129.70
DNSjumpstart.net
Type: A
207.58.170.63
DNShillstart.net
Type: A
202.124.241.178
DNSthreenine.net
Type: A
64.30.184.2
DNSsongcook.net
Type: A
50.63.202.35
DNSmovenext.net
Type: A
212.238.206.179
DNSjumpnext.net
Type: A
184.168.221.52
DNSlooktall.net
Type: A
50.63.202.58
DNSpengthecon.com
Type: A
DNSthemorrefk.com
Type: A
DNStablewash.net
Type: A
DNSsalthave.net
Type: A
DNSyourenjoy.net
Type: A
DNSlookloss.net
Type: A
DNSsouthabout.net
Type: A
DNSliarshot.net
Type: A
DNSableeach.net
Type: A
DNSmovegray.net
Type: A
DNSsignstart.net
Type: A
DNSroomsing.net
Type: A
DNSsignsing.net
Type: A
DNSmovenever.net
Type: A
DNSjumpnever.net
Type: A
DNSmovenine.net
Type: A
DNSjumpnine.net
Type: A
DNSmovestart.net
Type: A
DNSmovesing.net
Type: A
DNSjumpsing.net
Type: A
DNShillnever.net
Type: A
DNSwhomnever.net
Type: A
DNShillnine.net
Type: A
DNSwhomnine.net
Type: A
DNSwhomstart.net
Type: A
DNShillsing.net
Type: A
DNSwhomsing.net
Type: A
DNSfeltnever.net
Type: A
DNSlooknever.net
Type: A
DNSfeltnine.net
Type: A
DNSlooknine.net
Type: A
DNSfeltstart.net
Type: A
DNSlookstart.net
Type: A
DNSfeltsing.net
Type: A
DNSlooksing.net
Type: A
DNSthreenever.net
Type: A
DNSlordnever.net
Type: A
DNSlordnine.net
Type: A
DNSthreestart.net
Type: A
DNSlordstart.net
Type: A
DNSthreesing.net
Type: A
DNSlordsing.net
Type: A
DNSdrinknever.net
Type: A
DNSwifenever.net
Type: A
DNSdrinknine.net
Type: A
DNSwifenine.net
Type: A
DNSdrinkstart.net
Type: A
DNSwifestart.net
Type: A
DNSdrinksing.net
Type: A
DNSwifesing.net
Type: A
DNSknowtall.net
Type: A
DNSabletall.net
Type: A
DNSknowcook.net
Type: A
DNSablecook.net
Type: A
DNSknownext.net
Type: A
DNSablenext.net
Type: A
DNSknowbeen.net
Type: A
DNSablebeen.net
Type: A
DNSpicktall.net
Type: A
DNSsongtall.net
Type: A
DNSpickcook.net
Type: A
DNSpicknext.net
Type: A
DNSsongnext.net
Type: A
DNSpickbeen.net
Type: A
DNSsongbeen.net
Type: A
DNSroomtall.net
Type: A
DNSsigntall.net
Type: A
DNSroomcook.net
Type: A
DNSsigncook.net
Type: A
DNSroomnext.net
Type: A
DNSsignnext.net
Type: A
DNSroombeen.net
Type: A
DNSsignbeen.net
Type: A
DNSmovetall.net
Type: A
DNSjumptall.net
Type: A
DNSmovecook.net
Type: A
DNSjumpcook.net
Type: A
DNSmovebeen.net
Type: A
DNSjumpbeen.net
Type: A
DNShilltall.net
Type: A
DNSwhomtall.net
Type: A
DNShillcook.net
Type: A
DNSwhomcook.net
Type: A
DNShillnext.net
Type: A
DNSwhomnext.net
Type: A
DNShillbeen.net
Type: A
DNSwhombeen.net
Type: A
DNSfelttall.net
Type: A
HTTP GEThttp://elementarimagine.com/forum/search.php?method=validate&mode=my&email=madchenpugli@atlanticbb.net&lici=auto_001173&ver=012
User-Agent:
HTTP GEThttp://mojoguia.com/forum/search.php?method=validate&mode=my&email=madchenpugli@atlanticbb.net&lici=auto_001173&ver=012
User-Agent:
HTTP GEThttp://jumpgray.net/forum/search.php?method=validate&mode=my&email=madchenpugli@atlanticbb.net&lici=auto_001173&ver=012
User-Agent:
HTTP GEThttp://jumpstart.net/forum/search.php?method=validate&mode=my&email=madchenpugli@atlanticbb.net&lici=auto_001173&ver=012
User-Agent:
HTTP GEThttp://hillstart.net/forum/search.php?method=validate&mode=my&email=madchenpugli@atlanticbb.net&lici=auto_001173&ver=012
User-Agent:
HTTP GEThttp://threenine.net/forum/search.php?method=validate&mode=my&email=madchenpugli@atlanticbb.net&lici=auto_001173&ver=012
User-Agent:
HTTP GEThttp://songcook.net/forum/search.php?method=validate&mode=my&email=madchenpugli@atlanticbb.net&lici=auto_001173&ver=012
User-Agent:
HTTP GEThttp://movenext.net/forum/search.php?method=validate&mode=my&email=madchenpugli@atlanticbb.net&lici=auto_001173&ver=012
User-Agent:
HTTP GEThttp://jumpnext.net/forum/search.php?method=validate&mode=my&email=madchenpugli@atlanticbb.net&lici=auto_001173&ver=012
User-Agent:
HTTP GEThttp://looktall.net/forum/search.php?method=validate&mode=my&email=madchenpugli@atlanticbb.net&lici=auto_001173&ver=012
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1032 ➝ 204.11.56.26:80
Flows TCP192.168.1.1:1033 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1034 ➝ 207.58.170.63:80
Flows TCP192.168.1.1:1035 ➝ 202.124.241.178:80
Flows TCP192.168.1.1:1036 ➝ 64.30.184.2:80
Flows TCP192.168.1.1:1037 ➝ 50.63.202.35:80
Flows TCP192.168.1.1:1038 ➝ 212.238.206.179:80
Flows TCP192.168.1.1:1039 ➝ 184.168.221.52:80
Flows TCP192.168.1.1:1040 ➝ 50.63.202.58:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 6d616463 68656e70 75676c69   ail=madchenpugli
0x00000040 (00064)   4061746c 616e7469 6362622e 6e657426   @atlanticbb.net&
0x00000050 (00080)   6c696369 3d617574 6f5f3030 31313733   lici=auto_001173
0x00000060 (00096)   26766572 3d303132 20485454 502f312e   &ver=012 HTTP/1.
0x00000070 (00112)   300d0a41 63636570 743a202a 2f2a0d0a   0..Accept: */*..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000090 (00144)   650d0a48 6f73743a 20656c65 6d656e74   e..Host: element
0x000000a0 (00160)   6172696d 6167696e 652e636f 6d0d0a0d   arimagine.com...
0x000000b0 (00176)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 6d616463 68656e70 75676c69   ail=madchenpugli
0x00000040 (00064)   4061746c 616e7469 6362622e 6e657426   @atlanticbb.net&
0x00000050 (00080)   6c696369 3d617574 6f5f3030 31313733   lici=auto_001173
0x00000060 (00096)   26766572 3d303132 20485454 502f312e   &ver=012 HTTP/1.
0x00000070 (00112)   300d0a41 63636570 743a202a 2f2a0d0a   0..Accept: */*..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000090 (00144)   650d0a48 6f73743a 206d6f6a 6f677569   e..Host: mojogui
0x000000a0 (00160)   612e636f 6d0d0a0d 0a2e636f 6d0d0a0d   a.com.....com...
0x000000b0 (00176)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 6d616463 68656e70 75676c69   ail=madchenpugli
0x00000040 (00064)   4061746c 616e7469 6362622e 6e657426   @atlanticbb.net&
0x00000050 (00080)   6c696369 3d617574 6f5f3030 31313733   lici=auto_001173
0x00000060 (00096)   26766572 3d303132 20485454 502f312e   &ver=012 HTTP/1.
0x00000070 (00112)   300d0a41 63636570 743a202a 2f2a0d0a   0..Accept: */*..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000090 (00144)   650d0a48 6f73743a 206a756d 70677261   e..Host: jumpgra
0x000000a0 (00160)   792e6e65 740d0a0d 0a2e636f 6d0d0a0d   y.net.....com...
0x000000b0 (00176)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 6d616463 68656e70 75676c69   ail=madchenpugli
0x00000040 (00064)   4061746c 616e7469 6362622e 6e657426   @atlanticbb.net&
0x00000050 (00080)   6c696369 3d617574 6f5f3030 31313733   lici=auto_001173
0x00000060 (00096)   26766572 3d303132 20485454 502f312e   &ver=012 HTTP/1.
0x00000070 (00112)   300d0a41 63636570 743a202a 2f2a0d0a   0..Accept: */*..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000090 (00144)   650d0a48 6f73743a 206a756d 70737461   e..Host: jumpsta
0x000000a0 (00160)   72742e6e 65740d0a 0d0a636f 6d0d0a0d   rt.net....com...
0x000000b0 (00176)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 6d616463 68656e70 75676c69   ail=madchenpugli
0x00000040 (00064)   4061746c 616e7469 6362622e 6e657426   @atlanticbb.net&
0x00000050 (00080)   6c696369 3d617574 6f5f3030 31313733   lici=auto_001173
0x00000060 (00096)   26766572 3d303132 20485454 502f312e   &ver=012 HTTP/1.
0x00000070 (00112)   300d0a41 63636570 743a202a 2f2a0d0a   0..Accept: */*..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000090 (00144)   650d0a48 6f73743a 2068696c 6c737461   e..Host: hillsta
0x000000a0 (00160)   72742e6e 65740d0a 0d0a636f 6d0d0a0d   rt.net....com...
0x000000b0 (00176)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 6d616463 68656e70 75676c69   ail=madchenpugli
0x00000040 (00064)   4061746c 616e7469 6362622e 6e657426   @atlanticbb.net&
0x00000050 (00080)   6c696369 3d617574 6f5f3030 31313733   lici=auto_001173
0x00000060 (00096)   26766572 3d303132 20485454 502f312e   &ver=012 HTTP/1.
0x00000070 (00112)   300d0a41 63636570 743a202a 2f2a0d0a   0..Accept: */*..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000090 (00144)   650d0a48 6f73743a 20746872 65656e69   e..Host: threeni
0x000000a0 (00160)   6e652e6e 65740d0a 0d0a636f 6d0d0a0d   ne.net....com...
0x000000b0 (00176)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 6d616463 68656e70 75676c69   ail=madchenpugli
0x00000040 (00064)   4061746c 616e7469 6362622e 6e657426   @atlanticbb.net&
0x00000050 (00080)   6c696369 3d617574 6f5f3030 31313733   lici=auto_001173
0x00000060 (00096)   26766572 3d303132 20485454 502f312e   &ver=012 HTTP/1.
0x00000070 (00112)   300d0a41 63636570 743a202a 2f2a0d0a   0..Accept: */*..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000090 (00144)   650d0a48 6f73743a 20736f6e 67636f6f   e..Host: songcoo
0x000000a0 (00160)   6b2e6e65 740d0a0d 0a0a636f 6d0d0a0d   k.net.....com...
0x000000b0 (00176)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 6d616463 68656e70 75676c69   ail=madchenpugli
0x00000040 (00064)   4061746c 616e7469 6362622e 6e657426   @atlanticbb.net&
0x00000050 (00080)   6c696369 3d617574 6f5f3030 31313733   lici=auto_001173
0x00000060 (00096)   26766572 3d303132 20485454 502f312e   &ver=012 HTTP/1.
0x00000070 (00112)   300d0a41 63636570 743a202a 2f2a0d0a   0..Accept: */*..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000090 (00144)   650d0a48 6f73743a 206d6f76 656e6578   e..Host: movenex
0x000000a0 (00160)   742e6e65 740d0a0d 0a0a636f 6d0d0a0d   t.net.....com...
0x000000b0 (00176)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 6d616463 68656e70 75676c69   ail=madchenpugli
0x00000040 (00064)   4061746c 616e7469 6362622e 6e657426   @atlanticbb.net&
0x00000050 (00080)   6c696369 3d617574 6f5f3030 31313733   lici=auto_001173
0x00000060 (00096)   26766572 3d303132 20485454 502f312e   &ver=012 HTTP/1.
0x00000070 (00112)   300d0a41 63636570 743a202a 2f2a0d0a   0..Accept: */*..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000090 (00144)   650d0a48 6f73743a 206a756d 706e6578   e..Host: jumpnex
0x000000a0 (00160)   742e6e65 740d0a0d 0a0a636f 6d0d0a0d   t.net.....com...
0x000000b0 (00176)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d6d 7926656d   idate&mode=my&em
0x00000030 (00048)   61696c3d 6d616463 68656e70 75676c69   ail=madchenpugli
0x00000040 (00064)   4061746c 616e7469 6362622e 6e657426   @atlanticbb.net&
0x00000050 (00080)   6c696369 3d617574 6f5f3030 31313733   lici=auto_001173
0x00000060 (00096)   26766572 3d303132 20485454 502f312e   &ver=012 HTTP/1.
0x00000070 (00112)   300d0a41 63636570 743a202a 2f2a0d0a   0..Accept: */*..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 636c6f73   Connection: clos
0x00000090 (00144)   650d0a48 6f73743a 206c6f6f 6b74616c   e..Host: looktal
0x000000a0 (00160)   6c2e6e65 740d0a0d 0a0a636f 6d0d0a0d   l.net.....com...
0x000000b0 (00176)   0a                                    .


Strings
.
.
"1"
2dll1exe
:
:
+%3D%3A%26A&
.
h1
21212
-_
 
aeEetajElrW.telphe3
Ceddn
ltiseHa
onl
eegelrSedretbCa
t
alelOer2tteoiAnvFenKeTCrcnSSv
"
 a
[
Z
[
Z
[
 
\
..
...
...
............... ..!"!0#!$%!.
&
.
').
.
*+*
,-,./010/.,2,
..
dll2
h2
1
1
exe
 0
  ---
ss
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
 
!
"
#
$
%
&
'
(
)
*
+
,
-
.
/
0
1
2
 
+
 ' 
S
%+#.*fa
0e
%+#I64o
.,
 -CC00-+ 
.
-e-
. 
 
-E-
-0
-0010+-0
0
-0
.
\
00-+ 
.
  00:\
:.............?- 
0
0
0
0
-
Ik
..
.
.[
7.
.
..
..
X
<
i.M
S2u
                                 H
         (((((                  H
         h((((                  H
jjjh
jjjj
KERNEL32.DLL
Ljjj
Mjjj
mscoree.dll
Njjj
Njjjj
N(null)
                          
																		
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
`0bt`&i
)^0DZI]
0~!f,t
%.0\s,
0sgTg\
0SSSSS
0W[||/@
0WWWWW
0Xr2%,
=>0{+Z1&v/'b
1&6ZI!0
~?1B3^ 
1#QNAN
1#SNAN
24E.M3
;2btpAe
2=fp@&
{2	Z7B
2zsqHc
3e85Y;
"\3l=C
(3S&eu
4amcKc&
}4>.fk9
^`4\._n
~55({'
5gpFp3
	6aq4R
6DuCQFa
^6]o-~/
^/7_1)
7@<fyW
7kV4wm
7r1qS0
+7TYc)
=7VZSUm
\8C`.Y
8]#E~_
8Htxo	L=
(?8PXyt
*8U Lz
8VVVVV
9{H{wH
:^{9|T
}9UU-"
_+:{A@
A+2{c_
a^aW7X
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
-aDUg5
^A?-&_G
{A(i`<F{
-a"|j_
america
american
american english
american-english
An application has made an attempt to load the C runtime library incorrectly.
A/ob^w
_a `q@
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
A=Twq\
.?AUctype_base@std@@
August
australian
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$ctype@D@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
a[XN	58
bad allocation
bad cast
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
Bc,rUZl
belgian
b>Jyd5=
b-L[nA
boQ5Vy
britain
]c-}0<"
CallWindowProcA
canadian
cCJZO!%
__cdecl
c.f7w|
CheckDlgButton
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
|.CHNr
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
cLt7A.
cmd.exe
CompareStringA
CompareStringW
 Complete Object Locator'
COMSPEC
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
cPW=^X
CreateFileA
CreateProcessA
- CRT not initialized
}+* ]ct
 "Cu5g
]/D+4%]\
@.data
DC2~db 
d )D24
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteFileA
deque<T> too long
DH&$t+
^)dIsC
DOMAIN error
-DP$[}
DrawTextA
dR+,j=
dt~;Bo
dutch-belgian
~DXN?:
`dynamic atexit destructor for '
`dynamic initializer for '
DY/sWY
^e>`2VK
eCzD{!
eET.&Y
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EnableWindow
EncodePointer
EndDialog
EndPaint
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
^;e!O9
`e}:!Q
e+(/Tp
ExitProcess
__fastcall
February
*?.fIgX
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
f+Ow%04
f*P&Bk
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
f	rkT<=
FT*>xNHIo
^F<-uB
F ur#Z
F;u%uO
Fzzslc#>
Ga3=Af$U
GAIsProcessorFeaturePresent
-Gbj9Z\
%G}b/u
GDI32.dll
G{%D$n
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentObject
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCursor
GetDeviceCaps
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileTime
GetFileType
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameA
GetGraphicsMode
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMetaRgn
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNearestColor
GetObjectType
GetOEMCP
GetPixelFormat
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTextColor
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationA
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
G%h>NETl
&g%izkJ}
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
$gN}/6
":gQ*=7
gQb;5l
great britain
gscu35
GzTb)8
`h````
H3Vy$mG>
HD}^19G
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtXHHt
HHtYHHt
holland
hong-kong
<hv5l}
[i@asjd
>If90t
ih-glFJ
>iJ4ra
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
i-Qjkn,u
irish-english
IsDebuggerPresent
IsValidCodePage
IsValidLocale
IsWindowEnabled
IsWindowUnicode
italian-swiss
j`0}%3
j8hp$M
j8hT<M
JanFebMarAprMayJunJulAugSepOctNovDec
January
>`/_Jaz
j/h4#M
j	h|CM
j'hd/M
j	hH;M
JH.ie=
j	h\KM
j&h ?L
j/hLAM
j#hl;L
j	hluM
j	h`"M
j	h\uM
j"hXLM
&jJo+Y%v
j@j ^V
jMhp"M
J_nL%vc
Jo!@mni
jrhhDL
*jRY,mC
js7P:,v
j"^SSSSS
JTb7M&
j\T"yq
 JUzVt
K7~16>gMi
kB#=?#7
KeN4E^~)X
KERNEL32
KERNEL32.dll
_Kf_D%Gs
K%i|tY
K<zc4Om
L'00E9
l8mY(_
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
%lC\s1
LC_TIME
LeaveCriticalSection
l Hy6c
LoadIconA
LoadLibraryA
LoadResource
LocalAlloc
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
<LOu{pP~
#lP8Z^f&
L)P;TD
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
`m+cFz
MessageBoxA
+!=?^MF
Microsoft Visual C++ Runtime Library
[mM3#k[
MM/dd/yy
M(mKoh
Monday
MoveFileA
MoveWindow
	m 	q"
MultiByteToWideChar
MZ{bF"iq
N6=.`C
n-9~>h
nD\Z!J 
 new[]
new-zealand
Nmk!l(
NoRemove
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
!N 	YV
o ,^-3w
o.~5/|SK
October
OD`$Ti
oL0(.=
OLEAUT32.dll
`omni callsig'
operator
OQ,{vZi
{<o.TV
{{-$P@
__pascal
pb5Vg;4
#pD )^
p	hZ*<i
;|P'i>K;
Pjzi<-
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
-Pm(O(
portuguese-brazilian
PostMessageA
PPPPPPPP
pr china
pr-china
Program: 
<program name unknown>
__ptr64
puerto-rico
- pure virtual function call
pxKR8<sN
pZ wvm
qA*IiL
Q,@^c"
_(QHze
q>mE/V
!qOZ*&S54
QQSVWd
QrXBE]
Qs{z0B&
QueryPerformanceCounter
%QV(Pyh?\
%qV=sG
#{:Qxv
"+?r|.
r4TJ9^D
.R9\9v|
RaiseException
`.rdata
ReadFile
RemovePropA
__restrict
*)RmZT
RPazu3
RtlUnwind
runtime error 
Runtime Error!
S8_wZ9
Saturday
`scalar deleting destructor'
SendMessageA
September
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
SING error
Sk."LQ
slovak
S+No(h
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
S :UCd]
Sunday
SunMonTueWedThuFriSat
's\$w=
swedish-finland
SystemRoot
T*-0kn S
t3hdXK
t|9xpZ
TAjs,+4
tdhHDK
TerminateProcess
t=FA9]
tGHt.Ht&
tGhTXK
tHhHEK
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
t hpGK
Thursday
(</t$h@XK
t=h@XK
t"h\XK
tiC%Ol
tIj"[:
.T+jLG;
< tK<	tG
t`lHL	
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
tR99u2
trinidad & tobago
t"SS9]
<+t(<-t$:
t$<"u	3
Tuesday
;t$,v-
TVuEEt
t VV9u
t+WWVPV
 Type Descriptor'
`typeof'
>:u8FV
`udt returning'
u{G8jl
u&hpWK
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
united-kingdom
united-states
Unknown exception
UpdateColors
UQPXY]Y[
uqSSSSS
URPQQh
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
UV7bQ1
u,VVWV
--UW//
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
]V>?fmW
`vftable'
vhJYJ4
v=HkC6
VirtualAlloc
`virtual displacement map'
VirtualFree
Vlou5P
v	N+D$
_VVVVV
VVVVVQRSSj
vx{O9de
~\VZ|	<:fe
WaitForSingleObject
Wednesday
wHh(EK
WideCharToMultiByte
WindowFromDC
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
wx8rV1
	wz8 FVIGP
#_x+^/<
 =`X0[D
XC&~H#
]x-Cqc
}xEybW
`XlIg{
)X:NK,}X
xppwpp
xpxxxx
,Xr]cw
<xtX<XtT
	(y*[:
/$/"Y@
(-{Y^@
Y#,1xf4
Y	8q&n/
yc'C)m
	<Ye&N~
 yFuRs
yHgYn|l
y$<(I, 
~Y&KR'd
yn0t1s
yR.=Nv
>=Yt1j
Y<\u#j\V
Z2361\HG
#[<Z27
Z}F.qf
~){zRe
zux~|E<?
Zzbd?AE