Analysis | #totalhash

Analysis Date	2015-11-30 14:59:20
MD5	08e89b7244e8d900b160c7fb7c585f2c
SHA1	baca013b99f50c80975b25f5383693709456df54

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 67b104fa7146582f47b1e2e56eca3ede sha1: b224e736b96c39ce97053bbb5eb13184544bf262 size: 296448
Section	.rdata md5: af762b5573323b83d72e7faa4304eb7b sha1: b8dca9e6fc6c52d59d5935a5e8468400e1eacc53 size: 39936
Section	.data md5: 7fa2d14585670d17dd9daec370de1dfa sha1: 6bf01d7d4d23f67bc9cddd2dad8e2ff99db936c2 size: 7168
Timestamp	2015-11-23 02:42:44
Packer	Microsoft Visual C++ ?.?
PEhash	4f72c20ddf11ccdfb7039e0751ab3eb68a7b5362
IMPhash	73e74f74c15f50e9a43a93d36bb7165e
AV	Ad-Aware Command-Line	Trojan.Spy.YRB
AV	ArcaVir Antivirus	Trojan.Spy.YRB
AV	Avast! Antivirus	Malware-gen:Win32:Malware-gen
AV	AVG AntiVirus	Generic36.COMK
AV	Avira Antivirus	TR/Crypt.Xpack.328835
AV	Bitdefender Command-Line	Trojan.Spy.YRB
AV	BullGuard Antivirus	Trojan.Spy.YRB
AV	ClamWin Antivirus	No Virus
AV	Command Anti-Malware	W32/Kazy.EW.gen!Eldorado:Security risk
AV	Dr. Web Anti-virus	Trojan.DownLoader17.59814
AV	Emsisoft Command-Line Scanner	Trojan.Spy.YRB
AV	eScan Anti-Virus	Gen:Trojan.Heur.TP.vmW@bGmY0pk
AV	ESET NOD32 Antivirus	Win32/Bayrob.AD
AV	Fortinet Command-Line Scanner	W32/Bayrob.AD!tr
AV	F-PROT Antivirus	No Virus
AV	F-Secure Anti-Virus	Trojan.Spy.YRB
AV	Ikarus Command-Line Scanner	No Virus
AV	K7 Anti-Virus	Trojan ( 004d79c41 )
AV	Kaspersky Anti-Virus	Trojan.Win32.Scar.mdib
AV	MalwareBytes Anti-Malware	No Virus
AV	McAfee Command-Line Scanner	BackDoor-FCYZ!08E89B7244E8
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort!rfn:Trojan
AV	Padvish Antivirus	No Virus
AV	Quick Heal AntiVirus	No Virus
AV	Rising Command-Line Scanner	No Virus
AV	Symantec Command-Line Scanner	No Virus
AV	Total Defense Internet Security Suite	No Virus
AV	Trend Micro System Cleaner	TROJ_FR.92EB126E
AV	Twister Antivirus	No Virus
AV	VirusBlokAda Console Scanner	No Virus
AV	Zillya! Antivirus	No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\jvrzwdta\ueazk6uzhqhi2opucegql.exe
Creates File	C:\jvrzwdta\ezwjcjuvlw
Creates File	C:\WINDOWS\jvrzwdta\ezwjcjuvlw
Deletes File	C:\WINDOWS\jvrzwdta\ezwjcjuvlw
Creates Process	C:\jvrzwdta\ueazk6uzhqhi2opucegql.exe

Process
↳ C:\jvrzwdta\ueazk6uzhqhi2opucegql.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WLAN CardSpace Call TP SPP Parental SSDP ➝ C:\jvrzwdta\oqucrmf.exe
Creates File	C:\jvrzwdta\ezwjcjuvlw
Creates File	PIPE\lsarpc
Creates File	C:\jvrzwdta\oqucrmf.exe
Creates File	C:\jvrzwdta\jaiixprrk50
Creates File	C:\WINDOWS\jvrzwdta\ezwjcjuvlw
Deletes File	C:\WINDOWS\jvrzwdta\ezwjcjuvlw
Creates Process	C:\jvrzwdta\oqucrmf.exe
Creates Service	Microsoft Framework Initiator - C:\jvrzwdta\oqucrmf.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 800

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates File	C:\WINDOWS\Prefetch\monitor.exe-1949D260.pf
Creates File	C:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf
Creates File	C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf
Creates File	C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC69D2D.pf
Creates File	C:\WINDOWS\Prefetch\WLEQTDMOWX.EXE-163475DD.pf
Creates File	C:\WINDOWS\Prefetch\OQUCRMF.EXE-388C8264.pf
Creates File	C:\WINDOWS\Prefetch\UEAZK6UZHQHI2OPUCEGQL.EXE-37F603B0.pf
Creates File	C:\WINDOWS\system32\WBEM\Logs\wbemess.log
Creates File	C:\WINDOWS\Prefetch\svchost.EXE-0C867EC1.pf
Creates File	C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

Process
↳ Pid 1316

Process
↳ Pid 1868

Process
↳ Pid 1820

Process
↳ C:\jvrzwdta\oqucrmf.exe

Creates File	C:\jvrzwdta\ezwjcjuvlw
Creates File	pipe\net\NtControlPipe10
Creates File	C:\jvrzwdta\wleqtdmowx.exe
Creates File	\Device\Afd\Endpoint
Creates File	C:\jvrzwdta\jaiixprrk50
Creates File	C:\jvrzwdta\nrqytqco
Creates File	C:\WINDOWS\jvrzwdta\ezwjcjuvlw
Deletes File	C:\WINDOWS\jvrzwdta\ezwjcjuvlw
Creates Process	ltkurfwtis4t "c:\jvrzwdta\oqucrmf.exe"

Process
↳ C:\jvrzwdta\oqucrmf.exe

Creates File	C:\jvrzwdta\ezwjcjuvlw
Creates File	C:\WINDOWS\jvrzwdta\ezwjcjuvlw
Deletes File	C:\WINDOWS\jvrzwdta\ezwjcjuvlw

Process
↳ ltkurfwtis4t "c:\jvrzwdta\oqucrmf.exe"

Creates File	C:\jvrzwdta\ezwjcjuvlw
Creates File	C:\WINDOWS\jvrzwdta\ezwjcjuvlw
Deletes File	C:\WINDOWS\jvrzwdta\ezwjcjuvlw

Network Details:

DNS	weathercontrol.net Type: A 50.63.37.71
DNS	melbourneit.hotkeysparking.com Type: A 8.5.1.16
DNS	classcontrol.net Type: A 216.239.130.220
DNS	chiefapple.net Type: A 82.165.25.210
DNS	chiefbuilt.net Type: A 195.22.28.196
DNS	chiefbuilt.net Type: A 195.22.28.197
DNS	chiefbuilt.net Type: A 195.22.28.198
DNS	chiefbuilt.net Type: A 195.22.28.199
DNS	twelvebuilt.net Type: A 98.139.135.129
DNS	twelvecarry.net Type: A 208.91.197.241
DNS	morningapple.net Type: A 222.122.84.70
DNS	strangeapple.net Type: A 82.165.25.210
DNS	weatherfather.net Type: A 208.100.26.234
DNS	weatherbuilt.net Type: A 203.27.227.220
DNS	thickapple.net Type: A 95.211.230.75
DNS	presentmeasure.net Type: A 95.211.230.75
DNS	collegemeasure.net Type: A 184.168.221.31
DNS	melbourneit.hotkeysparking.com Type: A 8.5.1.16
DNS	collegecircle.net Type: A 50.63.202.52
DNS	sk129.webcname.net Type: A 182.18.22.158
DNS	presentalways.net Type: A 208.100.26.234
DNS	thinkforest.net Type: A 59.8.236.130
DNS	amountcontrol.net Type: A
DNS	thickmatter.net Type: A
DNS	classmatter.net Type: A
DNS	thickspent.net Type: A
DNS	classspent.net Type: A
DNS	thicktogether.net Type: A
DNS	classtogether.net Type: A
DNS	thickcontrol.net Type: A
DNS	thinkfather.net Type: A
DNS	presentfather.net Type: A
DNS	thinkapple.net Type: A
DNS	presentapple.net Type: A
DNS	thinkbuilt.net Type: A
DNS	presentbuilt.net Type: A
DNS	thinkcarry.net Type: A
DNS	presentcarry.net Type: A
DNS	chieffather.net Type: A
DNS	collegefather.net Type: A
DNS	collegeapple.net Type: A
DNS	collegebuilt.net Type: A
DNS	chiefcarry.net Type: A
DNS	collegecarry.net Type: A
DNS	oftenfather.net Type: A
DNS	alonefather.net Type: A
DNS	oftenapple.net Type: A
DNS	aloneapple.net Type: A
DNS	oftenbuilt.net Type: A
DNS	alonebuilt.net Type: A
DNS	oftencarry.net Type: A
DNS	alonecarry.net Type: A
DNS	middlefather.net Type: A
DNS	twelvefather.net Type: A
DNS	middleapple.net Type: A
DNS	twelveapple.net Type: A
DNS	middlebuilt.net Type: A
DNS	middlecarry.net Type: A
DNS	ratherfather.net Type: A
DNS	morningfather.net Type: A
DNS	ratherapple.net Type: A
DNS	ratherbuilt.net Type: A
DNS	morningbuilt.net Type: A
DNS	rathercarry.net Type: A
DNS	morningcarry.net Type: A
DNS	strangefather.net Type: A
DNS	historyfather.net Type: A
DNS	historyapple.net Type: A
DNS	strangebuilt.net Type: A
DNS	historybuilt.net Type: A
DNS	strangecarry.net Type: A
DNS	historycarry.net Type: A
DNS	amountfather.net Type: A
DNS	amountapple.net Type: A
DNS	weatherapple.net Type: A
DNS	amountbuilt.net Type: A
DNS	amountcarry.net Type: A
DNS	weathercarry.net Type: A
DNS	thickfather.net Type: A
DNS	classfather.net Type: A
DNS	classapple.net Type: A
DNS	thickbuilt.net Type: A
DNS	classbuilt.net Type: A
DNS	thickcarry.net Type: A
DNS	classcarry.net Type: A
DNS	thinkmeasure.net Type: A
DNS	thinkdinner.net Type: A
DNS	presentdinner.net Type: A
DNS	thinkafraid.net Type: A
DNS	presentafraid.net Type: A
DNS	thinkcircle.net Type: A
DNS	presentcircle.net Type: A
DNS	chiefmeasure.net Type: A
DNS	chiefdinner.net Type: A
DNS	collegedinner.net Type: A
DNS	chiefafraid.net Type: A
DNS	collegeafraid.net Type: A
DNS	chiefcircle.net Type: A
DNS	oftenmeasure.net Type: A
DNS	alonemeasure.net Type: A
DNS	oftendinner.net Type: A
DNS	alonedinner.net Type: A
DNS	oftenafraid.net Type: A
DNS	aloneafraid.net Type: A
DNS	oftencircle.net Type: A
DNS	alonecircle.net Type: A
DNS	middlemeasure.net Type: A
DNS	twelvemeasure.net Type: A
DNS	middledinner.net Type: A
DNS	twelvedinner.net Type: A
DNS	middleafraid.net Type: A
DNS	twelveafraid.net Type: A
DNS	middlecircle.net Type: A
DNS	twelvecircle.net Type: A
DNS	rathermeasure.net Type: A
DNS	morningmeasure.net Type: A
DNS	ratherdinner.net Type: A
DNS	morningdinner.net Type: A
DNS	ratherafraid.net Type: A
DNS	morningafraid.net Type: A
DNS	rathercircle.net Type: A
DNS	morningcircle.net Type: A
DNS	strangemeasure.net Type: A
DNS	historymeasure.net Type: A
DNS	strangedinner.net Type: A
DNS	historydinner.net Type: A
DNS	strangeafraid.net Type: A
DNS	historyafraid.net Type: A
DNS	strangecircle.net Type: A
DNS	historycircle.net Type: A
DNS	amountmeasure.net Type: A
DNS	weathermeasure.net Type: A
DNS	amountdinner.net Type: A
DNS	weatherdinner.net Type: A
DNS	amountafraid.net Type: A
DNS	weatherafraid.net Type: A
DNS	amountcircle.net Type: A
DNS	weathercircle.net Type: A
DNS	thickmeasure.net Type: A
DNS	classmeasure.net Type: A
DNS	thickdinner.net Type: A
DNS	classdinner.net Type: A
DNS	thickafraid.net Type: A
DNS	classafraid.net Type: A
DNS	thickcircle.net Type: A
DNS	classcircle.net Type: A
DNS	thinkwheat.net Type: A
DNS	presentwheat.net Type: A
DNS	thinkanger.net Type: A
DNS	presentanger.net Type: A
DNS	thinkalways.net Type: A
DNS	presentforest.net Type: A
DNS	chiefwheat.net Type: A
DNS	collegewheat.net Type: A
DNS	chiefanger.net Type: A
DNS	collegeanger.net Type: A
DNS	chiefalways.net Type: A
DNS	collegealways.net Type: A
DNS	chiefforest.net Type: A
DNS	collegeforest.net Type: A
DNS	oftenwheat.net Type: A
DNS	alonewheat.net Type: A
DNS	oftenanger.net Type: A
DNS	aloneanger.net Type: A
DNS	oftenalways.net Type: A
DNS	alonealways.net Type: A
DNS	oftenforest.net Type: A
DNS	aloneforest.net Type: A
DNS	middlewheat.net Type: A
DNS	twelvewheat.net Type: A
DNS	middleanger.net Type: A
DNS	twelveanger.net Type: A
DNS	middlealways.net Type: A
DNS	twelvealways.net Type: A
DNS	middleforest.net Type: A
DNS	twelveforest.net Type: A
HTTP GET	http://weathercontrol.net/index.php User-Agent:
HTTP GET	http://classmatter.net/index.php User-Agent:
HTTP GET	http://classcontrol.net/index.php User-Agent:
HTTP GET	http://chiefapple.net/index.php User-Agent:
HTTP GET	http://chiefbuilt.net/index.php User-Agent:
HTTP GET	http://twelvebuilt.net/index.php User-Agent:
HTTP GET	http://twelvecarry.net/index.php User-Agent:
HTTP GET	http://morningapple.net/index.php User-Agent:
HTTP GET	http://strangeapple.net/index.php User-Agent:
HTTP GET	http://weatherfather.net/index.php User-Agent:
HTTP GET	http://weatherbuilt.net/index.php User-Agent:
HTTP GET	http://thickapple.net/index.php User-Agent:
HTTP GET	http://presentmeasure.net/index.php User-Agent:
HTTP GET	http://collegemeasure.net/index.php User-Agent:
HTTP GET	http://collegeafraid.net/index.php User-Agent:
HTTP GET	http://collegecircle.net/index.php User-Agent:
HTTP GET	http://thinkalways.net/index.php User-Agent:
HTTP GET	http://presentalways.net/index.php User-Agent:
HTTP GET	http://thinkforest.net/index.php User-Agent:
Flows TCP	192.168.1.1:1031 ➝ 50.63.37.71:80
Flows TCP	192.168.1.1:1032 ➝ 8.5.1.16:80
Flows TCP	192.168.1.1:1033 ➝ 216.239.130.220:80
Flows TCP	192.168.1.1:1034 ➝ 82.165.25.210:80
Flows TCP	192.168.1.1:1035 ➝ 195.22.28.196:80
Flows TCP	192.168.1.1:1036 ➝ 98.139.135.129:80
Flows TCP	192.168.1.1:1037 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1038 ➝ 222.122.84.70:80
Flows TCP	192.168.1.1:1039 ➝ 82.165.25.210:80
Flows TCP	192.168.1.1:1040 ➝ 208.100.26.234:80
Flows TCP	192.168.1.1:1041 ➝ 203.27.227.220:80
Flows TCP	192.168.1.1:1042 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1043 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1044 ➝ 184.168.221.31:80
Flows TCP	192.168.1.1:1045 ➝ 8.5.1.16:80
Flows TCP	192.168.1.1:1046 ➝ 50.63.202.52:80
Flows TCP	192.168.1.1:1047 ➝ 182.18.22.158:80
Flows TCP	192.168.1.1:1048 ➝ 208.100.26.234:80
Flows TCP	192.168.1.1:1049 ➝ 59.8.236.130:80

Raw Pcap

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   65617468 6572636f 6e74726f 6c2e6e65   eathercontrol.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6c617373 6d617474 65722e6e 65740d0a   lassmatter.net..
0x00000050 (00080)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6c617373 636f6e74 726f6c2e 6e65740d   lasscontrol.net.
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   68696566 6170706c 652e6e65 740d0a0d   hiefapple.net...
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   68696566 6275696c 742e6e65 740d0a0d   hiefbuilt.net...
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   77656c76 65627569 6c742e6e 65740d0a   welvebuilt.net..
0x00000050 (00080)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   77656c76 65636172 72792e6e 65740d0a   welvecarry.net..
0x00000050 (00080)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   6f726e69 6e676170 706c652e 6e65740d   orningapple.net.
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   7472616e 67656170 706c652e 6e65740d   trangeapple.net.
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   65617468 65726661 74686572 2e6e6574   eatherfather.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   65617468 65726275 696c742e 6e65740d   eatherbuilt.net.
0x00000050 (00080)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   6869636b 6170706c 652e6e65 740d0a0d   hickapple.net...
0x00000050 (00080)   0a                                    .

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657365 6e746d65 61737572 652e6e65   resentmeasure.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 67656d65 61737572 652e6e65   ollegemeasure.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 67656166 72616964 2e6e6574   ollegeafraid.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 67656369 72636c65 2e6e6574   ollegecircle.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   68696e6b 616c7761 79732e6e 65740d0a   hinkalways.net..
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657365 6e74616c 77617973 2e6e6574   resentalways.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   68696e6b 666f7265 73742e6e 65740d0a   hinkforest.net..
0x00000050 (00080)   0d0a0d0a 0a                           .....

Strings

\
.\
 
"
 .
-E-
-0
-0010+-0
-0
00-+ 
CC
.
-e-
. 
.
-e-
. 
.00-+ *00-+ .
\
 
0
0
-
,
>
..
- 
0
0
 
-
-
--
u
- abort() has been called
ADVAPI32.DLL
April
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
CONOUT$
- CRT not initialized
dddd, MMMM dd, yyyy
December
DMicrosoft Visual C++ Runtime Library
DOMAIN error
Ejjj
Ejjjj
February
- floating point support not loaded
Friday
                                 H
         (((((                  H
         h((((                  H
HH:mm:ss
January
jjjjj
July
June
KERNEL32.DLL
March
MM/dd/yy
Monday
mscoree.dll
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
October
Program: 
<program name unknown>
- pure virtual function call
R6002
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
runtime error 
Runtime Error!
Saturday
September
SING error
Sunday
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
Thursday
TLOSS error
Tuesday
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
Wednesday
WUSER32.DLL
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
<0|L<9
0t1HHt
0WhDnE
1#QNAN
1#SNAN
^2oW](
2WyD-Rm
3=h9IU!
6buaklokrj zlnogjver bocsoc oru gttaopvo acsbeb oiy rjbinlqojn zokmi dcmobjoie vhgejhtom ngpot dgfiddk dijbuczb azdjoxtso stjep tfnaiftxo tfjutubd bndojllive dsip tlineb lnjujde nikfiidmi rspodpen jrfepm edgriorss jgof rmotozdc vymaezys pcducve luefw jubt cjpuqngu grd ildozu piqfa aulszi oavfgi kslaonra qiemnild bvlu obnliqitma psmaeedmso quxb acf cbceocj udwmurgl dine oend gmdiu zbdapfz wnviasjl mcku ikasjecqb noafke ccxerfbagg nynit thmevewbu udilp pjmoa ipf vgdebuti dggewjj bfleasmib pcjifmga tkni cxpisb dzfojl ljriacxube kiosjis dpve bvle mcupes lfvuhsazup zyiuroa dgmeyp dfpeab bibavu tqla chpexcka cvfeb jpda psfilnd ojw rnyuemvde vta gmesa edpihen poaf onjle ajj zfdelusm pfgigamkab ytpihs uptlagc znla lccebb asogqare eueccfiatu vbbabd glpuvliek sbgavg bdsatp
;7|G;p
7ihJuJ
8"}]G:
`8Hw~sb\
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
`adjustor{
aleuf ujee painbo cscuel flemoruxwu jxd jsda mnco bouvmorbm vtkal llzu bjgol fbdezvs gundugir fsfasnloa lxdejfma utciduhqpa dndej agsiiv vdduoj rsboqigpan vgboi bagera bdmaefd dbdeg cwru fezles jbpudsmilg wmneidl uyxwuvh etelciya jetubu cmjuccu rzbuajs imn lwoec obxne cbir zcmoi mvrabpu zqsu fhsacsnugt rbf tnce mcpem poolket mtfaczgetn efugmesg pidza arscada jkyocb ifh sccaua igebvu grgijo nacdabod jdnedg cfge zap alenehox hupe snjimizna eptse fbsuealac jfo tzy cenkug ebloduznn jfraebv uinumdimv mtzafpgua lbdobspelp hic maydoccs gndif uofpb eetismestb dftoibl ahf coimotor ygcerjdu coajegoop udrdaaodb duofkidp ipxfil eefvjoagha jsoaw vfw fpxesbd lfli upqsou crrednuzoa gsco
america
american
american english
american-english
`anonymous namespace'
a{-QcB
AtJHt4Hu
<at,<rt"<wt
August
australian
.?AVbad_alloc@std@@
.?AVbad_alloc@stdext@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AVbad_typeid@std@@
.?AVexception@std@@
.?AVexception@stdext@@
.?AVinvalid_argument@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AV__non_rtti_object@std@@
.?AVout_of_range@std@@
.?AVoverflow_error@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
=Bb_<D[x8
belgian
bma gifwez jlga dbculefse mof mncanx mlfoohchu gdaoee bueoiyug cijzew cdjeijzta mpciitrt gah fmbufjnot nmiidiejuk ttfoi qddam ubzuni fmi mia lvjoief emvum jjgu dngiiunnqe ddn ssqeblbe ygcewchi frxuitn stfida qyutuujiwc acc eabo jkxombji dbodojod nrodaifv beuxauv drivi mpyet spdu xfcodlnaf jchoue fuv koucdiz yia koccelu culja npej jgxif jxz djopei dufixu pxepavqdo bfzao kirdimstud nju vpcipse ddf hdnip plfort mfpuelz jmmivpn urja drigabuxee pilobu usip jilvaoy clvisf catfice apbg refj zij fzresul ntluiv ubbfijd ilvnidp zadzea fcg idputui omomtinvg plzaletbab tzg ljkojvu ujlijutak qoqvau zugigecual buvqe fddi izscar qwr lar emve ezhegaod vvve ggdeg ibjfodtlu yimo bjobagmmug mlbeu qyiza bxeujujlvu pjofil sjoapeg ijpceedno hmr cblissibe unfbeeud bao ebdbeubau nuvj nogihi dptatczej dnbu taggekg gdf lsibemoyv idpdot slvejtbisn humjahH^
britain
canadian
__cdecl
CDsdstm
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
CHPjPV
class 
 Class Hierarchy Descriptor'
cli::array<
cli::pin_ptr<
CloseHandle
CLPjQV
__clrcall
coclass 
cointerface 
CompareStringW
 Complete Object Locator'
const 
`copy constructor closure'
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CreateFileA
CreateFileW
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
double
dutch-belgian
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
<ellipsis>
,<ellipsis>
EncodePointer
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
etp uthcivdvan uouvrbex uuljzuqcun sisdulat aovbpocjl oflqibbqa gfmil wdb pvju jbloo fpuzifgho anfelurdfa tzue jcaa ltroml betl wsdusub lrcijgb aoibbdific iapemje vhimovbja strao ncola xygof lcnol iins gpsiulwi ivdsose gjm scjoiuab cjtudgc xnna zlam mjfavki gmricvg dralugfda idlg rcx uwwqodb cesoub debnu rwb nejjebjcuy ssmi xibgelgkeg qennaawvd mwc jnces geadgegvla cggubl gigtabri jueoegcoci svs ijbne elgdakvfep mcnoskl feangic tge ospqa sgliaf buopzuha bjd odujpawe ddlajapge kikduzf nsgub jpcepsge jurzacn rekdot nsz itudla temasap tbd yquamef mvfe inpyuxs rqefomrde guirqag dopja evspiuue fbgosocba uttisall dphajfpia mpb ulorrupgx vruana llnudj npima buic tlta bwzonqmui oabkiimi iecgb upifta ocdlehsno cgk japba dtpo bdoajaf pcejuf lpb asowluwm cdteta lfvullti cll tco cmziisnyo kjsoaip doatjedpro jcjep lfo taucvanhz lswibn fnruf cvzuzl grdegpf ucgguojdge bhdicbmuaa ekte vrfecg frsuhdj nnv dzilasc gagmoan rfep odicCg
ExitProcess
extern "C" 
F0Pj.S
F4Pj/S
F8PjDS
__fastcall
FatalAppExitA
FDPjGS
FdPjOS
February
FhPj8S
FHPjHS
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExA
{flat}
FlPj9S
FLPjIS
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
:F}O5b
F<PjES
F@PjFS
F\PjMS
F`PjNS
F|Pj=S
F Pj*S
F,Pj-S
F(Pj,S
F$Pj+Sj
FPPjJS
FpPj:S
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
Ft,Ot	OtFOt#OuV
FTPjKS
FtPj;S
FXPjLS
FxPj<S
fYfik cmele dpmiwmjo mewqoaufb mzue srpe patlempb laalza ncdi dilituxsgi iwc zdfibj vncegffutc yoaouj eee nxb ubl dside bix vdpun rvvoaa crezucvme mmte ocjpag dimdapc eecao mtbi jxetaodzdu jrisi cvnoml zaapdisfp jmixescp dptelrf ojfovogdh nwjee bbsucb pqcu ocmtiqpnij shgitpdokb pemzo lgubumvp gjusasgwor elvnapv lmaz umbamij aamopdizoi ksewo spetimb flsaoacf cpm plzeifue btfuolad ofegjibij fwk drfipumz djpowuijco lwr rgy bteej vmlocjgi ejz xlzaknbebj gdugi dywoflbe afps utkxaxz dilg gzpezf lerreo vfpejnc nlufo nvn izzzefvs vbvasg lydia mxcaydvi ubsejaxg zclevc jlajoc yspo wso pli dfpaolv fup sjixacol lut hrito fneaeano dhluulg rsjafsma nmzim tmridi fleapo poky ngodu fgja-
generic-type-
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileType
GetFullPathNameA
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationW
gjmaeenuf rasfuef lnpufeujen aewg phbatisdu pqsu bdtujpmaon ldkagaycec fffiqbe lykiicgs dxdasr cti qmgac dbdub pbgajnau fsfigehoko tzbuwdmaj olomnevuei dfcezw bvcabemdog adcm dav dpdujwdiy knxatg uxmfomnsu fbiqef afg xeb cabyurxfe smfislb mmmupezo ijaguohu opafx lsnaojc jlaui zrida rcniuf nfuciggpe xrl dfhiduf trcudrhab gjgeyev jap cep rgouapesi llgaefo pnreinqac kperaa ndrelelx doefdoa otcsamjxol skza htisuyfb effd bzsiw dtbu rdka lcpa fnkegau ufgdi yom dmmo mohdegfja mhb gyqeaujpka makvulqk gshizzgo afbnemlzuc uvs djluee vbuupe mmalilg rtjodnva bnialuasct ylnim beddic spsutr nnf ctbazu pbjinvvu pnmeb pglofrj oplnoxs vilne twn isvduzgzoi qsewaco dbtojemsu enjxue nry vogxuu ioegycobja pfpujbx ddl laxsibim qhzekadtes wdcahnmo xett fjebua ybaogem wmzedpopi ckto vibc
great britain
`h````
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
`h`hhh
HH:mm:ss
HHt*HHt
HHtiHHt
HHtXHHt
HHtYHHt
holland
hong-kong
?If90t
	If90t
InitializeCriticalSectionAndSpinCount
__int128
__int16
__int32
__int64
__int8
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
Io{BEbS
irish-english
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
italian-swiss
<it|<otx<utt<xtp<Xtl
JanFebMarAprMayJunJulAugSepOctNovDec
January
jdh(/E
jdhh0E
jdhH0E
j hp)E
j@h<rE
j@j ^V
j"X_^[]
KERNEL32.dll
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
LeaveCriticalSection
LoadLibraryW
`local static destructor helper'
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
MM/dd/yy
Monday
MultiByteToWideChar
 new[]
new-zealand
`non-type-template-parameter
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
November
(null)
October
`omni callsig'
operator
ORV)~?
__pascal
Pd{ 9W
PeekNamedPipe
`placement delete closure'
`placement delete[] closure'
portuguese-brazilian
PPPPPPPP
pr china
pr-china
private: 
protected: 
P><s%Z6
__ptr64
public: 
puerto-rico
Q-p59R
QQSVWd
QueryPerformanceCounter
R={1	E|
RaiseException
`.rdata
ReadFile
__restrict
RtlUnwind
Saturday
`scalar deleting destructor'
September
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
short 
signed 
sj@h<rE
slovak
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
^SSSSS
static 
__stdcall
std::nullptr_t
`string'
string too long
struct 
Sunday
SunMonTueWedThuFriSat
swedish-finland
SystemFunction036
t4<@t;V
tCHt(Ht 
`template-parameter
template-parameter-
`template static data member constructor helper'
`template static data member destructor helper'
TerminateProcess
<?tG<Xt
+t HHt
__thiscall
!This program cannot be run in DOS mode.
 throw(
[thunk]:
Thursday
tI<A|2<P
<@tJ!~
< tK<	tG
tK<_t<<$t8<<t4<>t0<-t,<a|
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tM<it-<ot)<ut%<xt!<Xt
<\tM</tI
to=`WE
tp<@tl
.t|PVj@
tR99u2
t*=RCC
trinidad & tobago
t"SS9] u
<+t"<-t
Tt^HtTHtJHt
t]<@tS<Zt
t$<"u	3
Tuesday
;t$,v-
t VV9u
 Type Descriptor'
`typeof'
>:u8FV
`udt returning'
\`*um)
__unaligned
UnhandledExceptionFilter
UNICODE
union 
united-kingdom
united-states
<unknown>
UNKNOWN
`unknown ecsu'
unknown exception
Unknown exception
unsigned 
UQPXY]Y[
URPQQh0
UTF-16LE
uUj	hD 
uZSSSP
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
virtual 
`virtual displacement map'
v	N+D$
volatile
 volatile
volatile 
VPPPPP
@"V_+S
`vtordisp{
`vtordispex{
VVVVVQRSSj
	!W3]P
__w64 
wchar_t
Wednesday
WideCharToMultiByte
WriteConsoleW
WriteFile
w'ya/D
Xa7VdzI
xppwpp
xpxxxx
XqcP(D
ywjdut klzaemjxi ltfi mfixagddew obhueapadk utr ireunbafqv sjvigqk jvacamymau tac opz rtvamamf eodjpu xlu cgmuec kzcogucva sdmic rclilpgigl bvcapu geeqlelll lcanupfme zjtorvg flgabbuni giraaolus gcejiplfiq eglderbi vsj xqlimlpa leooun cimvubl djoaip hbfuzrb iazid juy ycfeplsem crn pajsoce hbnig ils qwaegea hmfebms vcciegal jzdumjm blsotodn jcg tmm qqgu rpfeijssis gtm ndniingb hhvaido dnveajmcu unhxo fijkudvzo ljmik halkejvd gzejux fscip fytebdf easo qlgupum mglalqm bwdohpb vysiii fhj usrnijlliz lfbuggfezn pjji zdni sdpasqik lcjel bhzisg fdbobt fhvusp dvfew gzsuadj zsyifesnir ldisebn roilfu agoijis accaapefgu wvji hlpe sfgehoaxun slxonagzum jbsirmpa bffofbeih bbfaxuxzoj upeqmoep cnpozoaj ies olytopl
<z~$<A|
zjzuqe dfco fzgennsu leliu qsgooccoe qjyifd amtgijjipa vkjup jsles lgbapdfav zpoub uiwk mpro vcrelgqog cilg sxno oeuybmuicg cbsemovp tfa fispaas bmdecnjomr ngjoayetm pnyudzma ttzath vlrup csovuk vbn bojvi rjbublcojn gtzoaivzga uimtcuv cfhi miyuxull bsnes lrz jdibua ehheuxis ccti mmgomllo blxetg pfbigpe tclowofhi bmlijtmen bbpajw bkbifknaxs mdeom mjnaju ikfveo rpmumyfoks crsic fitceeh jjbolhobij cjqirxdek gegfee mfdadxlu pbunujb jldan lgebi albb afm lzaajo dpricohzac aptjemrwi ajggolom zbeu rub glbosf mja cfurejcko isvg sbjauro kzu rhmuaezn cadludom dfvoilg adrco bclokeoo vtmoic mdjefmsab ftlidobk gyqu oitlnoxsgo emiggogs bmriwcp rrgipjza smqocmapa obuzjuxnea qteog icammuc scgaln erdmashobu sdagiodp nmwuf tkbeoiai gmib nmg m
ZuLk)-a