Analysis Date2015-01-17 18:12:39
MD50e7c26ee5ccb5dfcf5818d2ad23f91bf
SHA1b9e75bec82bf05f179fd661f9aca941eb0ffc603

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Language040904B0 
Section.text md5: 2054bc314c9767e8fd933009d77b0119 sha1: 5a9d7f5e972c52d350b4a7485924b082dafc2951 size: 131072
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 5e005e9faeac1fdf534c9ef70fde4c1e sha1: 1d49f7021d996281a8775d4c171e74fe79b2007c size: 4096
Timestamp2014-12-21 07:12:51
VersionInternalName: a
FileVersion: 1.00
CompanyName: yonsos
Comments: otpxpu
ProductName: zpwnuy
ProductVersion: 1.00
OriginalFilename: a.exe
PackerMicrosoft Visual Basic v5.0
PEhash1cf53dbc0ff5af6600bcd58802086fbd5727f099
IMPhash4b250ca11a3c77d99e8fbdba5f7dceb8
AV360 Safeno_virus
AVAd-AwareGen:Variant.Graftor.21468
AVAlwil (avast)GenMalicious-XO [Trj]
AVArcabit (arcavir)Gen:Variant.Graftor.21468
AVAuthentiumno_virus
AVAvira (antivir)no_virus
AVBullGuardGen:Variant.Graftor.21468
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Graftor.21468
AVEset (nod32)Win32/Spy.Bancos.ADF
AVFortinetW32/Bancos.AAO!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Graftor.21468
AVGrisoft (avg)no_virus
AVIkarusTrojan.Win32.Cossta
AVK7no_virus
AVKasperskyTrojan.Win32.Agent.amyxp
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security EssentialsError Scanning File
AVMicroWorld (escan)Gen:Variant.Graftor.21468
AVRisingTrojan.VBInject!48DD
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\strings.txt
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes FileC:\strings.txt
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.pcbonto.hu
Winsock DNScpl.yonsei.ac.kr
Winsock DNSwww.vubp.cz
Winsock DNSwww.aviafilm.com.ua
Winsock DNSgetmoresitetraffic.com
Winsock DNSwww.vulcanusalumni.net
Winsock DNSwww.artemon.cz
Winsock DNStamilcinemax.net
Winsock DNSdasan.sejong.ac.kr
Winsock DNSwww.unser-mittelhessen.de

Network Details:

DNSwww.aviafilm.com.ua
Type: A
91.203.4.62
DNStamilcinemax.net
Type: A
185.53.179.6
DNSvubp.cz
Type: A
193.165.164.5
DNSartew.artemon.cz
Type: A
81.19.9.10
DNSvulcanusalumni.net
Type: A
213.186.33.16
DNSpcbonto.hu
Type: A
195.70.36.61
DNSdasan.sejong.ac.kr
Type: A
210.107.239.150
DNSwww.unser-mittelhessen.de
Type: A
85.214.252.31
DNSgetmoresitetraffic.com
Type: A
204.197.246.18
DNScpl.yonsei.ac.kr
Type: A
165.132.228.113
DNSwww.vubp.cz
Type: A
DNSwww.artemon.cz
Type: A
DNSwww.vulcanusalumni.net
Type: A
DNSwww.pcbonto.hu
Type: A
HTTP GEThttp://www.aviafilm.com.ua/forum/files/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://tamilcinemax.net/js/info/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.aviafilm.com.ua/forum/files/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vubp.cz/includes/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.artemon.cz/dov/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vulcanusalumni.net/templates/css/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.pcbonto.hu/portal/actions/admin/perm/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://dasan.sejong.ac.kr/~appmath/test/bbs/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.unser-mittelhessen.de/eventbilder/gross/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://getmoresitetraffic.com/cache/forums/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://cpl.yonsei.ac.kr/bbs/icon/private_icon/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.artemon.cz/dov/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://tamilcinemax.net/js/info/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.aviafilm.com.ua/forum/files/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vubp.cz/includes/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.artemon.cz/dov/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.vulcanusalumni.net/templates/css/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.pcbonto.hu/portal/actions/admin/perm/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://dasan.sejong.ac.kr/~appmath/test/bbs/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://www.unser-mittelhessen.de/eventbilder/gross/.../strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://getmoresitetraffic.com/cache/forums/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
HTTP GEThttp://cpl.yonsei.ac.kr/bbs/icon/private_icon/strings.txt
User-Agent: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Flows TCP192.168.1.1:1031 ➝ 91.203.4.62:80
Flows TCP192.168.1.1:1032 ➝ 185.53.179.6:80
Flows TCP192.168.1.1:1033 ➝ 91.203.4.62:80
Flows TCP192.168.1.1:1034 ➝ 193.165.164.5:80
Flows TCP192.168.1.1:1035 ➝ 81.19.9.10:80
Flows TCP192.168.1.1:1036 ➝ 213.186.33.16:80
Flows TCP192.168.1.1:1037 ➝ 195.70.36.61:80
Flows TCP192.168.1.1:1038 ➝ 210.107.239.150:80
Flows TCP192.168.1.1:1039 ➝ 85.214.252.31:80
Flows TCP192.168.1.1:1040 ➝ 204.197.246.18:80
Flows TCP192.168.1.1:1041 ➝ 165.132.228.113:80
Flows TCP192.168.1.1:1042 ➝ 81.19.9.10:80
Flows TCP192.168.1.1:1043 ➝ 185.53.179.6:80
Flows TCP192.168.1.1:1044 ➝ 91.203.4.62:80
Flows TCP192.168.1.1:1045 ➝ 193.165.164.5:80
Flows TCP192.168.1.1:1046 ➝ 81.19.9.10:80
Flows TCP192.168.1.1:1047 ➝ 213.186.33.16:80
Flows TCP192.168.1.1:1048 ➝ 195.70.36.61:80
Flows TCP192.168.1.1:1049 ➝ 210.107.239.150:80
Flows TCP192.168.1.1:1050 ➝ 85.214.252.31:80
Flows TCP192.168.1.1:1051 ➝ 204.197.246.18:80
Flows TCP192.168.1.1:1052 ➝ 165.132.228.113:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f66 696c6573   GET /forum/files
0x00000010 (00016)   2f2e2e2e 2f737472 696e6773 2e747874   /.../strings.txt
0x00000020 (00032)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000030 (00048)   4167656e 743a2055 7365722d 4167656e   Agent: User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f35 2e302028   t: Mozilla/5.0 (
0x00000050 (00080)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x00000060 (00096)   574f5736 343b2072 763a3130 2e302e32   WOW64; rv:10.0.2
0x00000070 (00112)   29204765 636b6f2f 32303130 30313031   ) Gecko/20100101
0x00000080 (00128)   20466972 65666f78 2f31302e 302e320d    Firefox/10.0.2.
0x00000090 (00144)   0a486f73 743a2077 77772e61 76696166   .Host: www.aviaf
0x000000a0 (00160)   696c6d2e 636f6d2e 75610d0a 43616368   ilm.com.ua..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f6a732f 696e666f 2f737472   GET /js/info/str
0x00000010 (00016)   696e6773 2e747874 20485454 502f312e   ings.txt HTTP/1.
0x00000020 (00032)   310d0a55 7365722d 4167656e 743a2055   1..User-Agent: U
0x00000030 (00048)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000040 (00064)   6c612f35 2e302028 57696e64 6f777320   la/5.0 (Windows 
0x00000050 (00080)   4e542036 2e313b20 574f5736 343b2072   NT 6.1; WOW64; r
0x00000060 (00096)   763a3130 2e302e32 29204765 636b6f2f   v:10.0.2) Gecko/
0x00000070 (00112)   32303130 30313031 20466972 65666f78   20100101 Firefox
0x00000080 (00128)   2f31302e 302e320d 0a486f73 743a2074   /10.0.2..Host: t
0x00000090 (00144)   616d696c 63696e65 6d61782e 6e65740d   amilcinemax.net.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 6f2d6361   no-cache....o-ca
0x000000c0 (00192)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f666f72 756d2f66 696c6573   GET /forum/files
0x00000010 (00016)   2f2e2e2e 2f737472 696e6773 2e747874   /.../strings.txt
0x00000020 (00032)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000030 (00048)   4167656e 743a2055 7365722d 4167656e   Agent: User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f35 2e302028   t: Mozilla/5.0 (
0x00000050 (00080)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x00000060 (00096)   574f5736 343b2072 763a3130 2e302e32   WOW64; rv:10.0.2
0x00000070 (00112)   29204765 636b6f2f 32303130 30313031   ) Gecko/20100101
0x00000080 (00128)   20466972 65666f78 2f31302e 302e320d    Firefox/10.0.2.
0x00000090 (00144)   0a486f73 743a2077 77772e61 76696166   .Host: www.aviaf
0x000000a0 (00160)   696c6d2e 636f6d2e 75610d0a 43616368   ilm.com.ua..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f696e63 6c756465 732f2e2e   GET /includes/..
0x00000010 (00016)   2e2f7374 72696e67 732e7478 74204854   ./strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 7777772e 76756270 2e637a0d   st: www.vubp.cz.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 6f2d6361   no-cache....o-ca
0x000000c0 (00192)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f646f76 2f737472 696e6773   GET /dov/strings
0x00000010 (00016)   2e747874 20485454 502f312e 310d0a55   .txt HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a2055 7365722d   ser-Agent: User-
0x00000030 (00048)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x00000040 (00064)   2e302028 57696e64 6f777320 4e542036   .0 (Windows NT 6
0x00000050 (00080)   2e313b20 574f5736 343b2072 763a3130   .1; WOW64; rv:10
0x00000060 (00096)   2e302e32 29204765 636b6f2f 32303130   .0.2) Gecko/2010
0x00000070 (00112)   30313031 20466972 65666f78 2f31302e   0101 Firefox/10.
0x00000080 (00128)   302e320d 0a486f73 743a2077 77772e61   0.2..Host: www.a
0x00000090 (00144)   7274656d 6f6e2e63 7a0d0a43 61636865   rtemon.cz..Cache
0x000000a0 (00160)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000b0 (00176)   68650d0a 0d0a6865 0d0a0d0a 6f2d6361   he....he....o-ca
0x000000c0 (00192)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f74656d 706c6174 65732f63   GET /templates/c
0x00000010 (00016)   73732f73 7472696e 67732e74 78742048   ss/strings.txt H
0x00000020 (00032)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000030 (00048)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000050 (00080)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000060 (00096)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000070 (00112)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000080 (00128)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x00000090 (00144)   6f73743a 20777777 2e76756c 63616e75   ost: www.vulcanu
0x000000a0 (00160)   73616c75 6d6e692e 6e65740d 0a436163   salumni.net..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a                     ache....

0x00000000 (00000)   47455420 2f706f72 74616c2f 61637469   GET /portal/acti
0x00000010 (00016)   6f6e732f 61646d69 6e2f7065 726d2f2e   ons/admin/perm/.
0x00000020 (00032)   2e2e2f73 7472696e 67732e74 78742048   ../strings.txt H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000060 (00096)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000070 (00112)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000080 (00128)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000090 (00144)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x000000a0 (00160)   6f73743a 20777777 2e706362 6f6e746f   ost: www.pcbonto
0x000000b0 (00176)   2e68750d 0a436163 68652d43 6f6e7472   .hu..Cache-Contr
0x000000c0 (00192)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000d0 (00208)                                         

0x00000000 (00000)   47455420 2f7e6170 706d6174 682f7465   GET /~appmath/te
0x00000010 (00016)   73742f62 62732f73 7472696e 67732e74   st/bbs/strings.t
0x00000020 (00032)   78742048 5454502f 312e310d 0a557365   xt HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 20557365 722d4167   r-Agent: User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f352e30   ent: Mozilla/5.0
0x00000050 (00080)   20285769 6e646f77 73204e54 20362e31    (Windows NT 6.1
0x00000060 (00096)   3b20574f 5736343b 2072763a 31302e30   ; WOW64; rv:10.0
0x00000070 (00112)   2e322920 4765636b 6f2f3230 31303031   .2) Gecko/201001
0x00000080 (00128)   30312046 69726566 6f782f31 302e302e   01 Firefox/10.0.
0x00000090 (00144)   320d0a48 6f73743a 20646173 616e2e73   2..Host: dasan.s
0x000000a0 (00160)   656a6f6e 672e6163 2e6b720d 0a436163   ejong.ac.kr..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 61636865 0d0a0d0a   ache....ache....
0x000000d0 (00208)                                         

0x00000000 (00000)   47455420 2f657665 6e746269 6c646572   GET /eventbilder
0x00000010 (00016)   2f67726f 73732f2e 2e2e2f73 7472696e   /gross/.../strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 20777777   0.0.2..Host: www
0x000000a0 (00160)   2e756e73 65722d6d 69747465 6c686573   .unser-mittelhes
0x000000b0 (00176)   73656e2e 64650d0a 43616368 652d436f   sen.de..Cache-Co
0x000000c0 (00192)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f636163 68652f66 6f72756d   GET /cache/forum
0x00000010 (00016)   732f7374 72696e67 732e7478 74204854   s/strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 6765746d 6f726573 69746574   st: getmoresitet
0x000000a0 (00160)   72616666 69632e63 6f6d0d0a 43616368   raffic.com..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a6e 6f2d6361 6368650d   che....no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f626273 2f69636f 6e2f7072   GET /bbs/icon/pr
0x00000010 (00016)   69766174 655f6963 6f6e2f73 7472696e   ivate_icon/strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 2063706c   0.0.2..Host: cpl
0x000000a0 (00160)   2e796f6e 7365692e 61632e6b 720d0a43   .yonsei.ac.kr..C
0x000000b0 (00176)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000c0 (00192)   2d636163 68650d0a 0d0a6361 6368650d   -cache....cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f646f76 2f737472 696e6773   GET /dov/strings
0x00000010 (00016)   2e747874 20485454 502f312e 310d0a55   .txt HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a2055 7365722d   ser-Agent: User-
0x00000030 (00048)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x00000040 (00064)   2e302028 57696e64 6f777320 4e542036   .0 (Windows NT 6
0x00000050 (00080)   2e313b20 574f5736 343b2072 763a3130   .1; WOW64; rv:10
0x00000060 (00096)   2e302e32 29204765 636b6f2f 32303130   .0.2) Gecko/2010
0x00000070 (00112)   30313031 20466972 65666f78 2f31302e   0101 Firefox/10.
0x00000080 (00128)   302e320d 0a486f73 743a2077 77772e61   0.2..Host: www.a
0x00000090 (00144)   7274656d 6f6e2e63 7a0d0a43 61636865   rtemon.cz..Cache
0x000000a0 (00160)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000b0 (00176)   68650d0a 0d0a6f6e 74726f6c 3a206e6f   he....ontrol: no
0x000000c0 (00192)   2d636163 68650d0a 0d0a6361 6368650d   -cache....cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f6a732f 696e666f 2f737472   GET /js/info/str
0x00000010 (00016)   696e6773 2e747874 20485454 502f312e   ings.txt HTTP/1.
0x00000020 (00032)   310d0a55 7365722d 4167656e 743a2055   1..User-Agent: U
0x00000030 (00048)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000040 (00064)   6c612f35 2e302028 57696e64 6f777320   la/5.0 (Windows 
0x00000050 (00080)   4e542036 2e313b20 574f5736 343b2072   NT 6.1; WOW64; r
0x00000060 (00096)   763a3130 2e302e32 29204765 636b6f2f   v:10.0.2) Gecko/
0x00000070 (00112)   32303130 30313031 20466972 65666f78   20100101 Firefox
0x00000080 (00128)   2f31302e 302e320d 0a486f73 743a2074   /10.0.2..Host: t
0x00000090 (00144)   616d696c 63696e65 6d61782e 6e65740d   amilcinemax.net.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 3a206e6f   no-cache....: no
0x000000c0 (00192)   2d636163 68650d0a 0d0a6361 6368650d   -cache....cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f666f72 756d2f66 696c6573   GET /forum/files
0x00000010 (00016)   2f2e2e2e 2f737472 696e6773 2e747874   /.../strings.txt
0x00000020 (00032)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000030 (00048)   4167656e 743a2055 7365722d 4167656e   Agent: User-Agen
0x00000040 (00064)   743a204d 6f7a696c 6c612f35 2e302028   t: Mozilla/5.0 (
0x00000050 (00080)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x00000060 (00096)   574f5736 343b2072 763a3130 2e302e32   WOW64; rv:10.0.2
0x00000070 (00112)   29204765 636b6f2f 32303130 30313031   ) Gecko/20100101
0x00000080 (00128)   20466972 65666f78 2f31302e 302e320d    Firefox/10.0.2.
0x00000090 (00144)   0a486f73 743a2077 77772e61 76696166   .Host: www.aviaf
0x000000a0 (00160)   696c6d2e 636f6d2e 75610d0a 43616368   ilm.com.ua..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a0a 0d0a6361 6368650d   che.......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e63 6c756465 732f2e2e   GET /includes/..
0x00000010 (00016)   2e2f7374 72696e67 732e7478 74204854   ./strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 7777772e 76756270 2e637a0d   st: www.vubp.cz.
0x000000a0 (00160)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x000000b0 (00176)   6e6f2d63 61636865 0d0a0d0a 6f2d6361   no-cache....o-ca
0x000000c0 (00192)   6368650d 0a0d0a0a 0d0a6361 6368650d   che.......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f646f76 2f737472 696e6773   GET /dov/strings
0x00000010 (00016)   2e747874 20485454 502f312e 310d0a55   .txt HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a2055 7365722d   ser-Agent: User-
0x00000030 (00048)   4167656e 743a204d 6f7a696c 6c612f35   Agent: Mozilla/5
0x00000040 (00064)   2e302028 57696e64 6f777320 4e542036   .0 (Windows NT 6
0x00000050 (00080)   2e313b20 574f5736 343b2072 763a3130   .1; WOW64; rv:10
0x00000060 (00096)   2e302e32 29204765 636b6f2f 32303130   .0.2) Gecko/2010
0x00000070 (00112)   30313031 20466972 65666f78 2f31302e   0101 Firefox/10.
0x00000080 (00128)   302e320d 0a486f73 743a2077 77772e61   0.2..Host: www.a
0x00000090 (00144)   7274656d 6f6e2e63 7a0d0a43 61636865   rtemon.cz..Cache
0x000000a0 (00160)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x000000b0 (00176)   68650d0a 0d0a6865 0d0a0d0a 6f2d6361   he....he....o-ca
0x000000c0 (00192)   6368650d 0a0d0a0a 0d0a6361 6368650d   che.......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f74656d 706c6174 65732f63   GET /templates/c
0x00000010 (00016)   73732f73 7472696e 67732e74 78742048   ss/strings.txt H
0x00000020 (00032)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000030 (00048)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000050 (00080)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000060 (00096)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000070 (00112)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000080 (00128)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x00000090 (00144)   6f73743a 20777777 2e76756c 63616e75   ost: www.vulcanu
0x000000a0 (00160)   73616c75 6d6e692e 6e65740d 0a436163   salumni.net..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 0d0a6361 6368650d   ache......cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f706f72 74616c2f 61637469   GET /portal/acti
0x00000010 (00016)   6f6e732f 61646d69 6e2f7065 726d2f2e   ons/admin/perm/.
0x00000020 (00032)   2e2e2f73 7472696e 67732e74 78742048   ../strings.txt H
0x00000030 (00048)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000040 (00064)   656e743a 20557365 722d4167 656e743a   ent: User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x00000060 (00096)   6e646f77 73204e54 20362e31 3b20574f   ndows NT 6.1; WO
0x00000070 (00112)   5736343b 2072763a 31302e30 2e322920   W64; rv:10.0.2) 
0x00000080 (00128)   4765636b 6f2f3230 31303031 30312046   Gecko/20100101 F
0x00000090 (00144)   69726566 6f782f31 302e302e 320d0a48   irefox/10.0.2..H
0x000000a0 (00160)   6f73743a 20777777 2e706362 6f6e746f   ost: www.pcbonto
0x000000b0 (00176)   2e68750d 0a436163 68652d43 6f6e7472   .hu..Cache-Contr
0x000000c0 (00192)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f7e6170 706d6174 682f7465   GET /~appmath/te
0x00000010 (00016)   73742f62 62732f73 7472696e 67732e74   st/bbs/strings.t
0x00000020 (00032)   78742048 5454502f 312e310d 0a557365   xt HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 20557365 722d4167   r-Agent: User-Ag
0x00000040 (00064)   656e743a 204d6f7a 696c6c61 2f352e30   ent: Mozilla/5.0
0x00000050 (00080)   20285769 6e646f77 73204e54 20362e31    (Windows NT 6.1
0x00000060 (00096)   3b20574f 5736343b 2072763a 31302e30   ; WOW64; rv:10.0
0x00000070 (00112)   2e322920 4765636b 6f2f3230 31303031   .2) Gecko/201001
0x00000080 (00128)   30312046 69726566 6f782f31 302e302e   01 Firefox/10.0.
0x00000090 (00144)   320d0a48 6f73743a 20646173 616e2e73   2..Host: dasan.s
0x000000a0 (00160)   656a6f6e 672e6163 2e6b720d 0a436163   ejong.ac.kr..Cac
0x000000b0 (00176)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x000000c0 (00192)   61636865 0d0a0d0a 61636865 0d0a0d0a   ache....ache....
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f657665 6e746269 6c646572   GET /eventbilder
0x00000010 (00016)   2f67726f 73732f2e 2e2e2f73 7472696e   /gross/.../strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 20777777   0.0.2..Host: www
0x000000a0 (00160)   2e756e73 65722d6d 69747465 6c686573   .unser-mittelhes
0x000000b0 (00176)   73656e2e 64650d0a 43616368 652d436f   sen.de..Cache-Co
0x000000c0 (00192)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f636163 68652f66 6f72756d   GET /cache/forum
0x00000010 (00016)   732f7374 72696e67 732e7478 74204854   s/strings.txt HT
0x00000020 (00032)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000030 (00048)   6e743a20 55736572 2d416765 6e743a20   nt: User-Agent: 
0x00000040 (00064)   4d6f7a69 6c6c612f 352e3020 2857696e   Mozilla/5.0 (Win
0x00000050 (00080)   646f7773 204e5420 362e313b 20574f57   dows NT 6.1; WOW
0x00000060 (00096)   36343b20 72763a31 302e302e 32292047   64; rv:10.0.2) G
0x00000070 (00112)   65636b6f 2f323031 30303130 31204669   ecko/20100101 Fi
0x00000080 (00128)   7265666f 782f3130 2e302e32 0d0a486f   refox/10.0.2..Ho
0x00000090 (00144)   73743a20 6765746d 6f726573 69746574   st: getmoresitet
0x000000a0 (00160)   72616666 69632e63 6f6d0d0a 43616368   raffic.com..Cach
0x000000b0 (00176)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x000000c0 (00192)   6368650d 0a0d0a6e 6f2d6361 6368650d   che....no-cache.
0x000000d0 (00208)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f626273 2f69636f 6e2f7072   GET /bbs/icon/pr
0x00000010 (00016)   69766174 655f6963 6f6e2f73 7472696e   ivate_icon/strin
0x00000020 (00032)   67732e74 78742048 5454502f 312e310d   gs.txt HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20557365   .User-Agent: Use
0x00000040 (00064)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000050 (00080)   2f352e30 20285769 6e646f77 73204e54   /5.0 (Windows NT
0x00000060 (00096)   20362e31 3b20574f 5736343b 2072763a    6.1; WOW64; rv:
0x00000070 (00112)   31302e30 2e322920 4765636b 6f2f3230   10.0.2) Gecko/20
0x00000080 (00128)   31303031 30312046 69726566 6f782f31   100101 Firefox/1
0x00000090 (00144)   302e302e 320d0a48 6f73743a 2063706c   0.0.2..Host: cpl
0x000000a0 (00160)   2e796f6e 7365692e 61632e6b 720d0a43   .yonsei.ac.kr..C
0x000000b0 (00176)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x000000c0 (00192)   2d636163 68650d0a 0d0a6361 6368650d   -cache....cache.
0x000000d0 (00208)   0a0d0a                                ...


Strings
.
040904B0
1.00
a.exe
Comments
CompanyName
FileVersion
InternalName
LFreeMemory
Nc7sb
OriginalFilename
otpxpu
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
yonsos
zpwnuy
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
AdjustTokenPrivileges
advapi32
_allmul
caq88q
C:\Arquivos de programas\Microsoft Visual Studio\VB98\VB6.OLB
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
CloseHandle
CreateToolhelp32Snapshot
C:\WINDOWS\system32\msvbvm60.dll\3
`.data
DebugActiveProcess
DllFunctionCall
EnumProcesses
EnumProcessModules
EVENT_SINK_AddRef
EVENT_SINK_QueryInterface
EVENT_SINK_Release
Ffm2oplx
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameExA
GetShortPathNameA
GetTempPathA
GetVersion
GetVersionExA
GetWindowsDirectoryA
Hm1pnt
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
ipklcdf2
}#j0h8G@
jDh Q@
j(h8G@
j$h8G@
jl4501kd
}#jPhH<@
}#jXhH<@
jXhH<@
kernel32
Kernel32.dll
Kjg9pn
LookupPrivilegeValueA
l$$PUV
L$ PUV
MSVBVM60.DLL
nt2ww8
onnnon
OpenProcess
OpenProcessToken
PQh`M@
Process32First
Process32Next
psapi.dll
QRh`M@
RPh`M@
RtlMoveMemory
rxssnz
shell32.dll
SHGetPathFromIDListA
SHGetSpecialFolderLocation
TerminateProcess
!This program cannot be run in DOS mode.
topons
Ukopoq2c
VB5!6&*
VBA6.DLL
__vbaAryConstruct2
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryUnlock
__vbaBoolVarNull
__vbaChkstk
__vbaEnd
__vbaErase
__vbaErrorOverflow
__vbaExceptHandler
__vbaFileClose
__vbaFileOpen
__vbaFixstrConstruct
__vbaFPException
__vbaFpI2
__vbaFpI4
__vbaFPInt
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGenerateBoundsError
__vbaGet3
__vbaGetOwner3
__vbaHresultCheckObj
__vbaI2I4
__vbaI2Var
__vbaI4Var
__vbaInStr
__vbaInStrVar
__vbaLateMemCall
__vbaLbound
__vbaLenBstr
__vbaLsetFixstr
__vbaNew
__vbaNew2
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaPut3
__vbaPutOwner3
__vbaR8IntI2
__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaSetSystemError
__vbaStr2Vec
__vbaStrCat
__vbaStrCmp
__vbaStrCopy
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrMove
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUbound
__vbaUI1I2
__vbaUI1I4
__vbaVar2Vec
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpNe
__vbaVarCopy
__vbaVarForInit
__vbaVarForNext
__vbaVarInt
__vbaVarMove
__vbaVarMul
__vbaVarOr
__vbaVarSub
__vbaVarTstEq
__vbaVarTstGt
__vbaVarTstNe
Vc0pzp
wininet.dll
WPh`M@
xk474h4
yospsn
Ywdlm8w