Analysis | #totalhash

Analysis Date	2014-03-08 13:11:15
MD5	d1b3cbcb5d62ac8dce863e6a5df75396
SHA1	ced92d9161e2427b5ac385759bfe62cd22c3d021

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: aa75ed1a3c9545467761c282ed58fb1c sha1: a4d2ef98d5728cae2f90c05702f830f1f4211ca1 size: 736256
Section	.rdata md5: 183ce5bfb8b9b56cef1977e092e749c3 sha1: ecec221085195c979dd64390491ae5dc5036ec16 size: 32768
Section	.data md5: e417830ded68ed9889c797dbca883493 sha1: b41c2fa2801f67e3d0f7924c3c8cd7d6b31c06a0 size: 123392
Timestamp	2014-01-15 00:31:16
Packer	Microsoft Visual C++ ?.?
PEhash	200791c395209637aca5c5735f5818e5185880ed
IMPhash	76654cc1c96912e08448866f419ef2d7
AV	avg	Win32/Cryptor
AV	avira	TR/Symmi.25089.122
AV	mcafee	RDN/Generic.dx!cz3

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\clsqgk1rrkwo7ywq3fzj.exe
Creates File	C:\WINDOWS\system32\debnjrwdxxch\tst
Creates Process	C:\Documents and Settings\Administrator\Local Settings\Temp\clsqgk1rrkwo7ywq3fzj.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\clsqgk1rrkwo7ywq3fzj.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Secure Experience Class Client Thread Function ➝ C:\WINDOWS\system32\bxqfmdyqozr.exe
Creates File	C:\WINDOWS\system32\drivers\etc\hosts
Creates File	C:\WINDOWS\system32\debnjrwdxxch\tst
Creates File	C:\WINDOWS\system32\debnjrwdxxch\etc
Creates File	C:\WINDOWS\system32\bxqfmdyqozr.exe
Creates File	C:\WINDOWS\system32\debnjrwdxxch\lck
Deletes File	C:\WINDOWS\system32\\drivers\etc\hosts
Creates Process	C:\WINDOWS\system32\bxqfmdyqozr.exe
Creates Service	Human Procedure Browser Notification - C:\WINDOWS\system32\bxqfmdyqozr.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 808

Process
↳ Pid 856

Process
↳ C:\WINDOWS\System32\svchost.exe

Process
↳ Pid 1236

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL
Registry	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7
Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL
Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00

Process
↳ Pid 1872

Process
↳ Pid 1180

Process
↳ C:\WINDOWS\system32\bxqfmdyqozr.exe

Creates File	C:\WINDOWS\system32\debnjrwdxxch\tst

Process
↳ C:\WINDOWS\system32\bxqfmdyqozr.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1
Creates File	C:\WINDOWS\system32\uyjxgfp.exe
Creates File	C:\WINDOWS\system32\debnjrwdxxch\cfg
Creates File	pipe\net\NtControlPipe10
Creates File	C:\WINDOWS\TEMP\clsqgk21p7wo7.exe
Creates File	C:\WINDOWS\system32\debnjrwdxxch\rng
Creates File	C:\WINDOWS\system32\debnjrwdxxch\tst
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\debnjrwdxxch\run
Creates File	C:\WINDOWS\system32\debnjrwdxxch\lck
Creates Process	WATCHDOGPROC "c:\windows\system32\bxqfmdyqozr.exe"
Creates Process	C:\WINDOWS\TEMP\clsqgk21p7wo7.exe -r 51706 tcp

Process
↳ WATCHDOGPROC "c:\windows\system32\bxqfmdyqozr.exe"

Creates File	C:\WINDOWS\system32\debnjrwdxxch\tst

Process
↳ C:\WINDOWS\TEMP\clsqgk21p7wo7.exe -r 51706 tcp

Creates File	\Device\Afd\Endpoint
Winsock DNS	239.255.255.250

Network Details:

DNS	kaselindertu.com Type: A 65.254.248.145
DNS	davedekilai.com Type: A 66.147.244.161
DNS	laloponea.com Type: A 216.239.138.68
DNS	fredesecas.com Type: A 216.239.139.20
DNS	donaven4guia.com Type: A 216.239.138.217
DNS	stickmarch.net Type: A 98.139.135.198
DNS	tablefruit.net Type: A 98.139.135.198
DNS	watchhouse.net Type: A 78.137.164.56
DNS	fairhouse.net Type: A 199.68.189.212
DNS	watchgift.net Type: A 184.168.221.16
DNS	fairgift.net Type: A 89.200.142.254
DNS	dreamhouse.net Type: A 176.74.176.167
DNS	thishouse.net Type: A 66.151.181.33
DNS	dreamgift.net Type: A 203.189.109.207
DNS	dreampeace.net Type: A 72.3.249.204
DNS	southover.net Type: A 109.74.242.160
DNS	spotover.net Type: A 62.210.176.146
DNS	spotgold.net Type: A 176.74.176.167
DNS	gladhome.net Type: A 203.158.16.18
DNS	spokepeace.net Type: A
DNS	visitpeace.net Type: A
DNS	watchtuesday.net Type: A
DNS	fairtuesday.net Type: A
DNS	watchpeace.net Type: A
DNS	fairpeace.net Type: A
DNS	thisgift.net Type: A
DNS	dreamtuesday.net Type: A
DNS	thistuesday.net Type: A
DNS	thispeace.net Type: A
DNS	arivehome.net Type: A
DNS	southhome.net Type: A
DNS	ariveover.net Type: A
DNS	arivegrain.net Type: A
DNS	southgrain.net Type: A
DNS	arivegold.net Type: A
DNS	southgold.net Type: A
DNS	uponhome.net Type: A
DNS	whichhome.net Type: A
DNS	uponover.net Type: A
DNS	whichover.net Type: A
DNS	upongrain.net Type: A
DNS	whichgrain.net Type: A
DNS	upongold.net Type: A
DNS	whichgold.net Type: A
DNS	spothome.net Type: A
DNS	salthome.net Type: A
DNS	saltover.net Type: A
DNS	spotgrain.net Type: A
DNS	saltgrain.net Type: A
DNS	saltgold.net Type: A
DNS	takenhome.net Type: A
DNS	gladover.net Type: A
DNS	takenover.net Type: A
HTTP GET	http://kaselindertu.com/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://davedekilai.com/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://laloponea.com/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://fredesecas.com/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://donaven4guia.com/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://stickmarch.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://tablefruit.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://watchhouse.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://fairhouse.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://watchgift.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://fairgift.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://dreamhouse.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://thishouse.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://dreamgift.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://dreampeace.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://southover.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://spotover.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://spotgold.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
HTTP GET	http://gladhome.net/forum/search.php?method=validate&mode=sox&v=019&sox=2cc6ce01 User-Agent:
Flows TCP	192.168.1.1:1033 ➝ 65.254.248.145:80
Flows TCP	192.168.1.1:1037 ➝ 66.147.244.161:80
Flows TCP	192.168.1.1:1038 ➝ 216.239.138.68:80
Flows TCP	192.168.1.1:1039 ➝ 216.239.139.20:80
Flows TCP	192.168.1.1:1040 ➝ 216.239.138.217:80
Flows TCP	192.168.1.1:1041 ➝ 98.139.135.198:80
Flows TCP	192.168.1.1:1042 ➝ 98.139.135.198:80
Flows TCP	192.168.1.1:1043 ➝ 78.137.164.56:80
Flows TCP	192.168.1.1:1044 ➝ 199.68.189.212:80
Flows TCP	192.168.1.1:1045 ➝ 184.168.221.16:80
Flows TCP	192.168.1.1:1047 ➝ 89.200.142.254:80
Flows TCP	192.168.1.1:1048 ➝ 176.74.176.167:80
Flows TCP	192.168.1.1:1049 ➝ 66.151.181.33:80
Flows TCP	192.168.1.1:1050 ➝ 203.189.109.207:80
Flows TCP	192.168.1.1:1051 ➝ 72.3.249.204:80
Flows TCP	192.168.1.1:1052 ➝ 109.74.242.160:80
Flows TCP	192.168.1.1:1053 ➝ 62.210.176.146:80
Flows TCP	192.168.1.1:1054 ➝ 176.74.176.167:80
Flows TCP	192.168.1.1:1055 ➝ 203.158.16.18:80

Raw Pcap

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206b61 73656c69 6e646572 74752e63   : kaselindertu.c
0x00000080 (00128)   6f6d0d0a 0d0a                         om....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206461 76656465 6b696c61 692e636f   : davedekilai.co
0x00000080 (00128)   6d0d0a0d 0a0a                         m.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206c61 6c6f706f 6e65612e 636f6d0d   : laloponea.com.
0x00000080 (00128)   0a0d0a0d 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 65646573 65636173 2e636f6d   : fredesecas.com
0x00000080 (00128)   0d0a0d0a 0a0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20646f 6e617665 6e346775 69612e63   : donaven4guia.c
0x00000080 (00128)   6f6d0d0a 0d0a                         om....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636868 6f757365 2e6e6574   : watchhouse.net
0x00000080 (00128)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206661 6972686f 7573652e 6e65740d   : fairhouse.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207761 74636867 6966742e 6e65740d   : watchgift.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206661 69726769 66742e6e 65740d0a   : fairgift.net..
0x00000080 (00128)   0d0a0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d68 6f757365 2e6e6574   : dreamhouse.net
0x00000080 (00128)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 6973686f 7573652e 6e65740d   : thishouse.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d67 6966742e 6e65740d   : dreamgift.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206472 65616d70 65616365 2e6e6574   : dreampeace.net
0x00000080 (00128)   0d0a0d0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20736f 7574686f 7665722e 6e65740d   : southover.net.
0x00000080 (00128)   0a0d0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207370 6f746f76 65722e6e 65740d0a   : spotover.net..
0x00000080 (00128)   0d0a0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207370 6f74676f 6c642e6e 65740d0a   : spotgold.net..
0x00000080 (00128)   0d0a0a0a 0d0a                         ......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303139 26736f78 3d326363 36636530   =019&sox=2cc6ce0
0x00000040 (00064)   31204854 54502f31 2e300d0a 41636365   1 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20676c 6164686f 6d652e6e 65740d0a   : gladhome.net..
0x00000080 (00128)   0d0a0a0a 0d0a                         ......

Strings

h1
21212
[
Z
[
Z
[
S
+%3D%3A%26A&
 ' 
  ---
ss
dll2
h2
1
1
exe
"1"
2dll1exe
a
.
+
 
"
 
.
.
epT
etetErnlde
lCseeneertHAa
hbKda2vdenjlFt
rvlrCenSSntile
tS
eCil.acerloEeatOa3eg
oWe
 
\
.
..
..
...
...
.......... .!"!#!.$%$0&$'$.
(
.
.
.
.
.
.
)*
)
+,+
-.-/01210/-3-
-_
 
:
:
 0
%+#.*fa
0e
%+#I64o
.,
 -CC 
00-+ 
.
-e-
. 
.00-+ -E-
-0
-0010+-0
0
-0
\
.
:\
:..
  00...........?- 
0
0
0
0
-
.
#
.~
...
Ss
..
`.
..
u
                                 H
         (((((                  H
         h((((                  H
jjjh
jjjj
jjjjj
jjjjjj
KERNEL32.DLL
Kjjj
Ljjj
Mjjj
mscoree.dll
Njjj
N(null)
                          
						
										
																		
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
05g#&[!
0A@@Ju
0ayi=W
0SSSSS
0WWWWW
~]1\? 
157;]7
1#QNAN
1~QrHl
1#SNAN
1U>Cj2^
1zq{Hrtya 
2ilhbE
#2^?j4k
2"kWg|
	2>	-x
{33kq-
39@`GK
3Bo:Yk
3fH	F<m
3iyf4b(
3q*VBILum+
3]s}AO
(3T0DK
3TTi\C
4Eb2HVE*e
@4lqL%
4ODKWr
4vEmMU
"@]<@5
5AIPTu!
5p^6\4
5u6Hcs
6AHiJ 
|6MD>\
#!6-T9
7fwx#C
8oPD;d
8RlnB<|
8VVVVV
98.iNN
9bKvHU
9^|bvJ
9fh/Fv
/*	9k2
]9o=zC
9v;5r`"
a:1<C=S
A=~2OR
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
aC(V	yB
a'j{]n
america
american
american english
american-english
An application has made an attempt to load the C runtime library incorrectly.
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUctype_base@std@@
August
australian
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$ctype@D@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
"B048!@
.`b1ablZ
\b6^{Y
bA#4?>
bad allocation
bad cast
bad exception
b{aG{E'
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
belgian
BeNVmr
bHn11$7H
B+nMJ	
britain
&brJA)
_bs	x+Xo_
buA"TiId
BU}`R}
Bvq5Z:P
,&c6eNs
CallWindowProcA
canadian
]cbOu[_
cc*>;6
__cdecl
CheckDlgButton
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
cmd.exe
CompareStringA
CompareStringW
 Complete Object Locator'
COMSPEC
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
[;C;QOWk
CreateFileA
CreateProcessA
CreateThread
- CRT not initialized
csYVXi~A
D5M@Mt
>D8h A
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteFileA
deque<T> too long
_:d	GDF]
{Djkxn
dm5yjbL
DOMAIN error
DrawTextA
d]Rmbi
dutch-belgian
"d[vlv
`dynamic atexit destructor for '
`dynamic initializer for '
e9CLKP!l
EcTki/
{e`>_:HE
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EnableWindow
EncodePointer
EndDialog
EndPaint
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
eSIrksv
Et~sze
"%}EWy
ExitProcess
e\YTun
e"ZduV
F4	>/t
__fastcall
F.AWDX
%f\$D	
February
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindResourceA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
F\p>)Z
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
<'fs)iXey
?fSvo=
^F<-uB
fu\eAy
FZ5@#nK
fz/L7*9
%g68e3
GAIsProcessorFeaturePresent
\G=BdO^
gBI	e#
GDI32.dll
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentObject
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCursor
GetDCBrushColor
GetDCPenColor
GetDeviceCaps
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileTime
GetFileType
GetFontLanguageInfo
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameA
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMetaRgn
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNearestColor
GetNearestPaletteIndex
GetObjectType
GetOEMCP
GetPixelFormat
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoA
GetStdHandle
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTextCharsetInfo
GetTextColor
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationA
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
gew:n0
*g-:HGK
`	}G/@J
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
Go,1S>DE
GO>&Mw
GOXk.%Xv 
g~QV6:
great britain
+gR.Mk1
gsQv#y
&G)wO(>z
`h````
h;<1;Wd
HBzZ>c
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtXHHt
HHtYHHt
\@h@|N4 
holland
hong-kong
H" v&F5
>If90t
^+-IJk
iJNbiP
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
=]ipk[D	
iqz[+kNd
irish-english
";irMN
IsDebuggerPresent
is={!m
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWindowEnabled
IsWindowUnicode
italian-swiss
IWY6"W
,IZ%Jsb
j7hhKM
j8hLqL
JanFebMarAprMayJunJulAugSepOctNovDec
January
jBh8OM
j	h8UL
j	hHNM
j)h|^L
j	h(|L
j+hlaM
j"hL{L
j	hlNM
j&h$qL
j"hT|L
j	hx|L
j	hXLM
j	hXPM
j$hXsL
j@j ^V
j"^SSSSS
jwhpMM
&JWi9%
JX#6$b
KERNEL32
KERNEL32.dll
KhPzP8(>~
Ki3d @
KOa3bt
~KRF6C
@kS64`3X
[@K.u-L
L22H8h 
lBQ'2H
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
L/$D]^
LeaveCriticalSection
\l]$fe
lh)+`g
LoadIconA
LoadLibraryA
LoadResource
LocalAlloc
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
lU_0 r
!LwKKe
^Lxe/&
[ly)HRK
lYj'tR9No
{]Lz(+&}
m1NgBa
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
Mar ;@
MessageBoxA
<!|mFH
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
MoveFileA
MoveWindow
MultiByteToWideChar
^mVv1h
}'**Mw^
*}mW%NUs
N1G9b'
(?NDs=
 new[]
new-zealand
-Nj;XF
NKxnimg<
{nM0=@
NoRemove
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
No')=S
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
:$nW=-
=?'o)#
October
]_\/:OF,
o"F~lS
`OJh(G
OLEAUT32.dll
`omni callsig'
operator
O@`).<t
o)YyU{f
__pascal
Phuot*
PJRoytNq
pjSnk0
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
p[Ogi>
portuguese-brazilian
PostMessageA
PPPPPPPP
pr china
pr-china
Program: 
<program name unknown>
__ptr64
puerto-rico
- pure virtual function call
Pwd~)Uy
PxNMrN{
Q<2>RH
\(qD;s
QeL@7Tl
@)Q`fZx
QHX&lLo
&QJXD~d
Q%>,n>
q]=Q(>
QQSVWd
QQyJ!F
QueryPerformanceCounter
qz+u}_+
!	!r1z
_R=3Fo
R,4Fh?
RaiseException
r(BQ.4
`.rdata
rdg@EWlJ
rdOU9+}
ReadFile
REgLQfW
RemovePropA
__restrict
re/VN.I
rHa,Yj
Rmj}M6
rq/up&t
RRyacd
RtlUnwind
runtime error 
Runtime Error!
RUS'nI
Rv:Jpk
s4~z9H
Saturday
@SBKn k
`scalar deleting destructor'
September
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetUnhandledExceptionFilter
SetWindowTextA
'S!g8>
ShowWindow
SING error
SIrdO)
SizeofResource
slovak
.S~mcX
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
>sr.Oh"B
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
swedish-finland
SYfd;y
SystemRoot
t3h(hK
tdhhTK
|T/eJv
TerminateProcess
t=FA9]
tGh0hK
tGHt.Ht&
(</t$h
t=h8rK
tHhhUK
t"h hK
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
tIj"[:
tjh8TK
t_jkhX
< tK<	tG
TLOSS error
TlovO,
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
tNh<rK
T"=+PJ
tR99u2
trinidad & tobago
t"SS9]
<+t(<-t$:
t$<"u	3
Tuesday
;t$,v-
t VV9u
t+WWVPV
 Type Descriptor'
`typeof'
U26rmC
u~7\_Z
>:u8FV
uBh <J
`udt returning'
u&hhgK
u%h@rK
uN.".'
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
united-kingdom
united-states
Unknown exception
UpdateColors
UQPXY]Y[
uqSSSSS
>uR^~]
>+}uRC
URPQQh
USER32.dll
USER32.DLL
uSj	h<
u[SSSP
Usx+kx0
UTF-16LE
u,VVWV
Vb^4+E
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
Vj@h`oK
vL-I6~N
v	N+D$
_VVVVV
VVVVVQRSSj
WaitForSingleObject
'w{b+iK
Wednesday
wHhHUK
WideCharToMultiByte
WindowFromDC
w.mV>P_
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
W.%{sj
Wt`jyP
^WWWWW
x0fB;)
x[a\x_L
~#X+[d
Xg{B\TSm
X *mj0
~x	n?<c1pn
X($Nck~
x+pHlNd
xppwpp
xpxxxx
xQe!VZ
<xtX<XtT
&y0t%=
$y1g9q\^+Z}/
yBse|!
?ye2PkG
yEN)@rS
y=	GQ,
|YmW9Ct
Yp$R6$09k{
>=Yt1j
Y<\u#j\V
yv|aB>
<yWO974
(ZAuat
zF		-ToX
zizSco
zkw7(#
z|n==>
.ZN/u-
ZOn^?*
ZQeu'[
ZWrW(zf
$ZZM\o3