Analysis | #totalhash

Analysis Date	2015-11-30 14:53:54
MD5	aa5fbb294a410b0b8aaec0ddcd6b557c
SHA1	ea3dce9988e85703a97b4347dba005768eeba860

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 51ca9e7aa4a2c18d3122cd52d090b2f8 sha1: 7f335737cfba5ae8f3f4a1777a1e633bbd386170 size: 307200
Section	.rdata md5: 34a7e858d7c07b7bf0a4e7bca50c0080 sha1: 01b5edc11fc208139fcf2f8f8ac34c022e5078e3 size: 40960
Section	.data md5: 9992dd288361ee774b8e4f904cbf1e0c sha1: a23f6e12ea1b7cb38f3a2a1c1afc153edafd4815 size: 7168
Timestamp	2015-11-23 02:48:33
Packer	Microsoft Visual C++ ?.?
PEhash	cbdca03354943f2fc380406850c31ba025c6a0c3
IMPhash	7a60cda4e588a5c02ac98d4289500e60
AV	Ad-Aware Command-Line	Trojan.GenericKD.2894795
AV	ArcaVir Antivirus	Trojan.GenericKD.2894795
AV	Avast! Antivirus	Malware-gen:Win32:Malware-gen
AV	AVG AntiVirus	Dropper.Generic_r.EC
AV	Avira Antivirus	TR/Crypt.Xpack.330203
AV	Bitdefender Command-Line	Trojan.GenericKD.2894795
AV	BullGuard Antivirus	Trojan.GenericKD.2894795
AV	ClamWin Antivirus	No Virus
AV	Command Anti-Malware	W32/Kazy.EW.gen!Eldorado:Security risk
AV	Dr. Web Anti-virus	No Virus
AV	Emsisoft Command-Line Scanner	Trojan.GenericKD.2894795
AV	eScan Anti-Virus	No Virus
AV	ESET NOD32 Antivirus	Win32/Bayrob.AD
AV	Fortinet Command-Line Scanner	W32/Bayrob.AD!tr
AV	F-PROT Antivirus	No Virus
AV	F-Secure Anti-Virus	Trojan.GenericKD.2894795
AV	Ikarus Command-Line Scanner	No Virus
AV	K7 Anti-Virus	Trojan ( 004d79c41 )
AV	Kaspersky Anti-Virus	No Virus
AV	MalwareBytes Anti-Malware	No Virus
AV	McAfee Command-Line Scanner	BackDoor-FCYZ!AA5FBB294A41
AV	Microsoft Security Essentials	Trojan:Win32/Dynamer!ac:Trojan
AV	Padvish Antivirus	No Virus
AV	Quick Heal AntiVirus	No Virus
AV	Rising Command-Line Scanner	No Virus
AV	Symantec Command-Line Scanner	No Virus
AV	Total Defense Internet Security Suite	No Virus
AV	Trend Micro System Cleaner	No Virus
AV	Twister Antivirus	No Virus
AV	VirusBlokAda Console Scanner	No Virus
AV	Zillya! Antivirus	No Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\yhtjkkyrwlyz\ucuwmegqdm
Creates File	C:\yhtjkkyrwlyz\hzz1lvpgavfgblnqop7.exe
Creates File	C:\WINDOWS\yhtjkkyrwlyz\ucuwmegqdm
Deletes File	C:\WINDOWS\yhtjkkyrwlyz\ucuwmegqdm
Creates Process	C:\yhtjkkyrwlyz\hzz1lvpgavfgblnqop7.exe

Process
↳ C:\yhtjkkyrwlyz\hzz1lvpgavfgblnqop7.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Secure Device Virtual Player ➝ C:\yhtjkkyrwlyz\zsajsvao.exe
Creates File	C:\yhtjkkyrwlyz\ucuwmegqdm
Creates File	C:\yhtjkkyrwlyz\v6jxkxu
Creates File	C:\yhtjkkyrwlyz\zsajsvao.exe
Creates File	PIPE\lsarpc
Creates File	C:\WINDOWS\yhtjkkyrwlyz\ucuwmegqdm
Deletes File	C:\WINDOWS\yhtjkkyrwlyz\ucuwmegqdm
Creates Process	C:\yhtjkkyrwlyz\zsajsvao.exe
Creates Service	Network Registry Extender Image Video - C:\yhtjkkyrwlyz\zsajsvao.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ Pid 1020

Process
↳ Pid 1208

Process
↳ Pid 1296

Process
↳ Pid 1852

Process
↳ Pid 720

Process
↳ C:\yhtjkkyrwlyz\zsajsvao.exe

Creates File	C:\yhtjkkyrwlyz\vacyyek.exe
Creates File	pipe\net\NtControlPipe10
Creates File	C:\yhtjkkyrwlyz\ucuwmegqdm
Creates File	C:\yhtjkkyrwlyz\hktnjtw1
Creates File	C:\yhtjkkyrwlyz\v6jxkxu
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\yhtjkkyrwlyz\ucuwmegqdm
Deletes File	C:\WINDOWS\yhtjkkyrwlyz\ucuwmegqdm
Creates Process	fujg3gghjjgu "c:\yhtjkkyrwlyz\zsajsvao.exe"

Process
↳ C:\yhtjkkyrwlyz\zsajsvao.exe

Creates File	C:\yhtjkkyrwlyz\ucuwmegqdm
Creates File	C:\WINDOWS\yhtjkkyrwlyz\ucuwmegqdm
Deletes File	C:\WINDOWS\yhtjkkyrwlyz\ucuwmegqdm

Process
↳ fujg3gghjjgu "c:\yhtjkkyrwlyz\zsajsvao.exe"

Creates File	C:\yhtjkkyrwlyz\ucuwmegqdm
Creates File	C:\WINDOWS\yhtjkkyrwlyz\ucuwmegqdm
Deletes File	C:\WINDOWS\yhtjkkyrwlyz\ucuwmegqdm

Network Details:

DNS	weathercontrol.net Type: A 50.63.37.71
DNS	melbourneit.hotkeysparking.com Type: A 8.5.1.16
DNS	classcontrol.net Type: A 216.239.130.220
DNS	chiefapple.net Type: A 82.165.25.210
DNS	chiefbuilt.net Type: A 195.22.28.199
DNS	chiefbuilt.net Type: A 195.22.28.198
DNS	chiefbuilt.net Type: A 195.22.28.197
DNS	chiefbuilt.net Type: A 195.22.28.196
DNS	twelvebuilt.net Type: A 98.139.135.129
DNS	twelvecarry.net Type: A 208.91.197.241
DNS	morningapple.net Type: A 222.122.84.70
DNS	strangeapple.net Type: A 82.165.25.210
DNS	weatherfather.net Type: A 208.100.26.234
DNS	weatherbuilt.net Type: A 203.27.227.220
DNS	thickapple.net Type: A 95.211.230.75
DNS	presentmeasure.net Type: A 95.211.230.75
DNS	collegemeasure.net Type: A 184.168.221.31
DNS	melbourneit.hotkeysparking.com Type: A 8.5.1.16
DNS	collegecircle.net Type: A 50.63.202.52
DNS	sk129.webcname.net Type: A 182.18.22.158
DNS	presentalways.net Type: A 208.100.26.234
DNS	thinkforest.net Type: A 59.8.236.130
DNS	thickmatter.net Type: A
DNS	classmatter.net Type: A
DNS	thickspent.net Type: A
DNS	classspent.net Type: A
DNS	thicktogether.net Type: A
DNS	classtogether.net Type: A
DNS	thickcontrol.net Type: A
DNS	thinkfather.net Type: A
DNS	presentfather.net Type: A
DNS	thinkapple.net Type: A
DNS	presentapple.net Type: A
DNS	thinkbuilt.net Type: A
DNS	presentbuilt.net Type: A
DNS	thinkcarry.net Type: A
DNS	presentcarry.net Type: A
DNS	chieffather.net Type: A
DNS	collegefather.net Type: A
DNS	collegeapple.net Type: A
DNS	collegebuilt.net Type: A
DNS	chiefcarry.net Type: A
DNS	collegecarry.net Type: A
DNS	oftenfather.net Type: A
DNS	alonefather.net Type: A
DNS	oftenapple.net Type: A
DNS	aloneapple.net Type: A
DNS	oftenbuilt.net Type: A
DNS	alonebuilt.net Type: A
DNS	oftencarry.net Type: A
DNS	alonecarry.net Type: A
DNS	middlefather.net Type: A
DNS	twelvefather.net Type: A
DNS	middleapple.net Type: A
DNS	twelveapple.net Type: A
DNS	middlebuilt.net Type: A
DNS	middlecarry.net Type: A
DNS	ratherfather.net Type: A
DNS	morningfather.net Type: A
DNS	ratherapple.net Type: A
DNS	ratherbuilt.net Type: A
DNS	morningbuilt.net Type: A
DNS	rathercarry.net Type: A
DNS	morningcarry.net Type: A
DNS	strangefather.net Type: A
DNS	historyfather.net Type: A
DNS	historyapple.net Type: A
DNS	strangebuilt.net Type: A
DNS	historybuilt.net Type: A
DNS	strangecarry.net Type: A
DNS	historycarry.net Type: A
DNS	amountfather.net Type: A
DNS	amountapple.net Type: A
DNS	weatherapple.net Type: A
DNS	amountbuilt.net Type: A
DNS	amountcarry.net Type: A
DNS	weathercarry.net Type: A
DNS	thickfather.net Type: A
DNS	classfather.net Type: A
DNS	classapple.net Type: A
DNS	thickbuilt.net Type: A
DNS	classbuilt.net Type: A
DNS	thickcarry.net Type: A
DNS	classcarry.net Type: A
DNS	thinkmeasure.net Type: A
DNS	thinkdinner.net Type: A
DNS	presentdinner.net Type: A
DNS	thinkafraid.net Type: A
DNS	presentafraid.net Type: A
DNS	thinkcircle.net Type: A
DNS	presentcircle.net Type: A
DNS	chiefmeasure.net Type: A
DNS	chiefdinner.net Type: A
DNS	collegedinner.net Type: A
DNS	chiefafraid.net Type: A
DNS	collegeafraid.net Type: A
DNS	chiefcircle.net Type: A
DNS	oftenmeasure.net Type: A
DNS	alonemeasure.net Type: A
DNS	oftendinner.net Type: A
DNS	alonedinner.net Type: A
DNS	oftenafraid.net Type: A
DNS	aloneafraid.net Type: A
DNS	oftencircle.net Type: A
DNS	alonecircle.net Type: A
DNS	middlemeasure.net Type: A
DNS	twelvemeasure.net Type: A
DNS	middledinner.net Type: A
DNS	twelvedinner.net Type: A
DNS	middleafraid.net Type: A
DNS	twelveafraid.net Type: A
DNS	middlecircle.net Type: A
DNS	twelvecircle.net Type: A
DNS	rathermeasure.net Type: A
DNS	morningmeasure.net Type: A
DNS	ratherdinner.net Type: A
DNS	morningdinner.net Type: A
DNS	ratherafraid.net Type: A
DNS	morningafraid.net Type: A
DNS	rathercircle.net Type: A
DNS	morningcircle.net Type: A
DNS	strangemeasure.net Type: A
DNS	historymeasure.net Type: A
DNS	strangedinner.net Type: A
DNS	historydinner.net Type: A
DNS	strangeafraid.net Type: A
DNS	historyafraid.net Type: A
DNS	strangecircle.net Type: A
DNS	historycircle.net Type: A
DNS	amountmeasure.net Type: A
DNS	weathermeasure.net Type: A
DNS	amountdinner.net Type: A
DNS	weatherdinner.net Type: A
DNS	amountafraid.net Type: A
DNS	weatherafraid.net Type: A
DNS	amountcircle.net Type: A
DNS	weathercircle.net Type: A
DNS	thickmeasure.net Type: A
DNS	classmeasure.net Type: A
DNS	thickdinner.net Type: A
DNS	classdinner.net Type: A
DNS	thickafraid.net Type: A
DNS	classafraid.net Type: A
DNS	thickcircle.net Type: A
DNS	classcircle.net Type: A
DNS	thinkwheat.net Type: A
DNS	presentwheat.net Type: A
DNS	thinkanger.net Type: A
DNS	presentanger.net Type: A
DNS	thinkalways.net Type: A
DNS	presentforest.net Type: A
DNS	chiefwheat.net Type: A
DNS	collegewheat.net Type: A
DNS	chiefanger.net Type: A
DNS	collegeanger.net Type: A
DNS	chiefalways.net Type: A
DNS	collegealways.net Type: A
DNS	chiefforest.net Type: A
DNS	collegeforest.net Type: A
DNS	oftenwheat.net Type: A
DNS	alonewheat.net Type: A
DNS	oftenanger.net Type: A
DNS	aloneanger.net Type: A
DNS	oftenalways.net Type: A
DNS	alonealways.net Type: A
DNS	oftenforest.net Type: A
DNS	aloneforest.net Type: A
DNS	middlewheat.net Type: A
DNS	twelvewheat.net Type: A
DNS	middleanger.net Type: A
DNS	twelveanger.net Type: A
DNS	middlealways.net Type: A
DNS	twelvealways.net Type: A
DNS	middleforest.net Type: A
DNS	twelveforest.net Type: A
DNS	ratherwheat.net Type: A
HTTP GET	http://weathercontrol.net/index.php User-Agent:
HTTP GET	http://classmatter.net/index.php User-Agent:
HTTP GET	http://classcontrol.net/index.php User-Agent:
HTTP GET	http://chiefapple.net/index.php User-Agent:
HTTP GET	http://chiefbuilt.net/index.php User-Agent:
HTTP GET	http://twelvebuilt.net/index.php User-Agent:
HTTP GET	http://twelvecarry.net/index.php User-Agent:
HTTP GET	http://morningapple.net/index.php User-Agent:
HTTP GET	http://strangeapple.net/index.php User-Agent:
HTTP GET	http://weatherfather.net/index.php User-Agent:
HTTP GET	http://weatherbuilt.net/index.php User-Agent:
HTTP GET	http://thickapple.net/index.php User-Agent:
HTTP GET	http://presentmeasure.net/index.php User-Agent:
HTTP GET	http://collegemeasure.net/index.php User-Agent:
HTTP GET	http://collegeafraid.net/index.php User-Agent:
HTTP GET	http://collegecircle.net/index.php User-Agent:
HTTP GET	http://thinkalways.net/index.php User-Agent:
HTTP GET	http://presentalways.net/index.php User-Agent:
HTTP GET	http://thinkforest.net/index.php User-Agent:
Flows TCP	192.168.1.1:1031 ➝ 50.63.37.71:80
Flows TCP	192.168.1.1:1033 ➝ 8.5.1.16:80
Flows TCP	192.168.1.1:1034 ➝ 216.239.130.220:80
Flows TCP	192.168.1.1:1035 ➝ 82.165.25.210:80
Flows TCP	192.168.1.1:1036 ➝ 195.22.28.199:80
Flows TCP	192.168.1.1:1037 ➝ 98.139.135.129:80
Flows TCP	192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1039 ➝ 222.122.84.70:80
Flows TCP	192.168.1.1:1040 ➝ 82.165.25.210:80
Flows TCP	192.168.1.1:1041 ➝ 208.100.26.234:80
Flows TCP	192.168.1.1:1042 ➝ 203.27.227.220:80
Flows TCP	192.168.1.1:1043 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1044 ➝ 95.211.230.75:80
Flows TCP	192.168.1.1:1045 ➝ 184.168.221.31:80
Flows TCP	192.168.1.1:1046 ➝ 8.5.1.16:80
Flows TCP	192.168.1.1:1047 ➝ 50.63.202.52:80
Flows TCP	192.168.1.1:1048 ➝ 182.18.22.158:80
Flows TCP	192.168.1.1:1049 ➝ 208.100.26.234:80
Flows TCP	192.168.1.1:1050 ➝ 59.8.236.130:80

Raw Pcap

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   65617468 6572636f 6e74726f 6c2e6e65   eathercontrol.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6c617373 6d617474 65722e6e 65740d0a   lassmatter.net..
0x00000050 (00080)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6c617373 636f6e74 726f6c2e 6e65740d   lasscontrol.net.
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   68696566 6170706c 652e6e65 740d0a0d   hiefapple.net...
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   68696566 6275696c 742e6e65 740d0a0d   hiefbuilt.net...
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   77656c76 65627569 6c742e6e 65740d0a   welvebuilt.net..
0x00000050 (00080)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   77656c76 65636172 72792e6e 65740d0a   welvecarry.net..
0x00000050 (00080)   0d0a0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a206d   : close..Host: m
0x00000040 (00064)   6f726e69 6e676170 706c652e 6e65740d   orningapple.net.
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2073   : close..Host: s
0x00000040 (00064)   7472616e 67656170 706c652e 6e65740d   trangeapple.net.
0x00000050 (00080)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   65617468 65726661 74686572 2e6e6574   eatherfather.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2077   : close..Host: w
0x00000040 (00064)   65617468 65726275 696c742e 6e65740d   eatherbuilt.net.
0x00000050 (00080)   0a0d0a0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   6869636b 6170706c 652e6e65 740d0a0d   hickapple.net...
0x00000050 (00080)   0a                                    .

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657365 6e746d65 61737572 652e6e65   resentmeasure.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 67656d65 61737572 652e6e65   ollegemeasure.ne
0x00000050 (00080)   740d0a0d 0a                           t....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 67656166 72616964 2e6e6574   ollegeafraid.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2063   : close..Host: c
0x00000040 (00064)   6f6c6c65 67656369 72636c65 2e6e6574   ollegecircle.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   68696e6b 616c7761 79732e6e 65740d0a   hinkalways.net..
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2070   : close..Host: p
0x00000040 (00064)   72657365 6e74616c 77617973 2e6e6574   resentalways.net
0x00000050 (00080)   0d0a0d0a 0a                           .....

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2074   : close..Host: t
0x00000040 (00064)   68696e6b 666f7265 73742e6e 65740d0a   hinkforest.net..
0x00000050 (00080)   0d0a0d0a 0a                           .....

Strings

"
  
\
.
\
.
-E-
-0
-0010+-0
-0
CC
.00-+ 00-+ *00-+ 
.
.
-e-
. 
.
-e-
. 
\
 
0
0
-
,
>
..
- 
0
0
 
-
-
--
..p
]u
- abort() has been called
ADVAPI32.DLL
April
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
CONOUT$
- CRT not initialized
dddd, MMMM dd, yyyy
December
DOMAIN error
Ejjjj
EMicrosoft Visual C++ Runtime Library
E(null)
February
- floating point support not loaded
Friday
                                 H
         (((((                  H
         h((((                  H
HH:mm:ss
January
jjjjj
jjjjjj
July
June
KERNEL32.DLL
March
MM/dd/yy
Monday
mscoree.dll
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
October
Program: 
<program name unknown>
- pure virtual function call
R6002
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
runtime error 
Runtime Error!
Saturday
September
SING error
Sunday
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
Thursday
TLOSS error
Tuesday
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
Wednesday
WUSER32.DLL
                          
}0<-=#
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
<0|L<9
0t1HHt
[1agpodi cgem uunfbeja ljosad lcneboesdu wbopobk sfhidfmetc fpzoisj ptvefdjo qgleagizaz bcmoloc lcj hbjofcdu jugteij cnpefd fzti gziyu pngibi fqgowktunp ucar qjzugy ssgaouplya bpunutt lmhit oisjebeupk gcinem pggufdhe fambub rzbeaj hehhooem dbiarin licmuucj ild qyzosurce cqpiybgub eomkd jdeedagnu zoulpuzzt zuzm movu kutbibgmoa jllea zkcacm uaf jvaqouw mosnudflo jytunfmo nvuh nbtound pmjulbazob dna lcf fceciuspdi pbioul oaarlyotc zpozuqt ipcmuxy slewiujsu cplij gtruj sfalomoc qjcul dcboqx ljfec svlim lepjamgb djgalipp pmuluadzd hwmefcn suwcia ghdigpz vmgaffcalt adw jbmeosobco vei bofdo upinpog dcj bptooseii gfcuvltut izq jawvolm czpamtfiz bbjelrci cnqamiria iwlkinll nbme bkluburrid ltomocac xjwu aacj gslafngacx fnutoj ugolebi zval dtewiyjwis bmizugsv wdix emrdermqa rpdoatba eihcgoyl proaofuwo iipdlaqc rdjokwjuh smma pdfejm rbf zzue
1G:e\^
1#QNAN
1#SNAN
3.[IfA
}6.h(U
;7|G;p
8CSVhx
99//.<
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
`adjustor{
america
american
american english
american-english
`anonymous namespace'
AtJHt4Hu
<at,<rt"<wt
August
australian
.?AVbad_alloc@std@@
.?AVbad_alloc@stdext@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AVbad_typeid@std@@
.?AVexception@std@@
.?AVexception@stdext@@
.?AVinvalid_argument@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AV__non_rtti_object@std@@
.?AVout_of_range@std@@
.?AVoverflow_error@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
belgian
britain
canadian
__cdecl
cDR:X!FOd
cdtocd vpw uflis rgpuvek pzj heb wsiroej vjj rcinolc jlb intpeuagsg fsfuupsj kgletislen tmje jwpet ocadniang rvruthli pgzuu gpmicuioj tmculdi adffe sxgi nbbofsga bildufjfic htdoj ijtv yngeod rinro mbjigdlar bdgi mdse vgbac tfegovrlum eernne pdcawfsib comua ijcseawlhu qszod jgd soflua bbjiklka lloja liz ajll fuppaxfmea fbus fdel tonkar apfwellc dbsegoodc uncgol cepp glfu rfweyiyg bcgicc giwbaousd xhpifdsopm pdfodibg izjfubm bmt egfavagvka ouuov riljujko vwwoc ljruoetu dreci onaw lclaumhno nmc pukc lbele foubdoic lbjo lbsutcpu gooeefo xftel srtugiue ffmivbusu invruuuo lrsinzesul ccer dcbuxqj gdzu vnbovv gundaaxt jnfupwf ouesgal blni nkfeqaa virejilit aoopgf emexhocefn lrjuspmu lkvamunf gajuse
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
CHPjPV
class 
 Class Hierarchy Descriptor'
cli::array<
cli::pin_ptr<
CloseHandle
CLPjQV
__clrcall
coclass 
cointerface 
CompareStringW
 Complete Object Locator'
const 
`copy constructor closure'
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CreateFileA
CreateFileW
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
double
dutch-belgian
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
<ellipsis>
,<ellipsis>
EncodePointer
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
extern "C" 
F0Pj.S
F4Pj/S
F8PjDS
__fastcall
FatalAppExitA
FDPjGS
FdPjOS
February
FhPj8S
FHPjHS
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExA
{flat}
FlPj9S
FLPjIS
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
F<PjES
F@PjFS
F\PjMS
F`PjNS
F|Pj=S
F Pj*S
F,Pj-S
F(Pj,S
F$Pj+Sj
FPPjJS
FpPj:S
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
Ft,Ot	OtFOt#OuV
FTPjKS
FtPj;S
FXPjLS
FxPj<S
generic-type-
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileType
GetFullPathNameA
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationW
great britain
`h````
H./".c
-h(c`J
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
`h`hhh
HH:mm:ss
HHt*HHt
HHtiHHt
HHtXHHt
HHtYHHt
}$hj\}
HN(E$'J
holland
hong-kong
Hu\hL3E
?If90t
	If90t
InitializeCriticalSectionAndSpinCount
__int128
__int16
__int32
__int64
__int8
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
irish-english
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
italian-swiss
<it|<otx<utt<xtp<Xtl
JanFebMarAprMayJunJulAugSepOctNovDec
January
jhhxNE
j,h(SE
j,h(UE
j@j ^V
j"X_^[]
K2dufconejub vfmaeh ivnm dpgislj mid earqpeji tcs uumjc gmb kebpag fofsanbjir fctel vtbogoln baaxce ippfedn xdcehccu vcvafaccez ixxleuc mrig xbj buox gdbizrgub vsjobo zltonofof rll dpbafdfub sfijaj xrb djz btr pifjewfq obygodlud ummu fqlorj uau gtliepngen jid ohzjeoajsc ffebap mrzuzia fafrisi fpguhd pgdetoggod plurojuud kemlofe dkvoorufel pdujocpi dfat scvesa tzu frsumjva pgzipzfeur lnn spradvjuj zdgeugd aruuo lpzujpoj szba kjsubmg lfy nrfice bjomob vamv prhogcmol jssuutajw rluuq brsozc yjej gibqehzh rcicac losb sopta tuzdi uvljagcg jsdodufmuc nna cjdut lvzudut bsojan aipvtajbot cfkastquvc srigis geviloa cbd rnak ouuggapeip evbubak kjsaoar zsebebmo bunmamfu dbvanayso mfnuztoj lffar l
KERNEL32.dll
[kJ3p5
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
LeaveCriticalSection
Lgcmitk sobf nvmimbfuwc clocutu gcmuoc txfu pluuipajg uglec lhoqabidti ffzoga lnbopdi ccboud eje sgeudernut csofiklf osuk aoli dzk kclesggo snafe csgojbdomo xovq opasnok pdsujfibir dxbi oitav npjicgla brmeag lln zss gnieheevpm bbcugxal crxovp nvpu osg sjoup bcganlzo cufa rjritujim lcbordgo fbaep ukj clautuo mpxillju zlr lafnucbt crgicpmi blzosspo nns tdop bttaarlm ujugjaf nijlo cgteeaazv ovserocpz cuddi pldafyga nfyijjgu vubdagtgi bjab irslaegkl ltl duo omfmi fagfatdju nxeaad ujlnud hqfejzf bbr rrjaon cbdorjip dqmofsr tfaitap fvmae gmcirgd gshofvbiw titsiab mogedu yloneouu comvoplb god vwhuzgla lqruziqc cgvuei igj xyfed ltoabinsm qdukouizd irfafegp yuda qmtorbmi ptxi ale dptefsw rnwodbo kdzao uefmt gflozodm jecpalxmu jsjoppd qfvaz bbu babkujo fugje uurcfiglp rlkemtjoec sdecurcd
LoadLibraryW
`local static destructor helper'
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
mceido jjcilbpa pnxiafdgio yilfep vnsenmt bpkag dvte pdjifoo yrafa jrjam lztigcb wodli fkjoonaix mcjebvw oddmi pdij cdcinm mfoja sdtica uasaaag zacyevace zpsex pcamuvvjo nigcokan ridi oebjkooq rwcen gfjancgecc qscojjci accgieu dns adtrau fcpeg gspabweled guufaviwu oup yceqiz tpgujk vblum mag oam jgoxarqr zsc hnfuppowiv gabaguaidg dsmebsd lppi soij uicwjub pasx jsmurbde zogwis wznecmfes nlu uscpej yrlib dsbem xvmor kwapau mamrihkba olgf ogkluc uteeo sdb vvjuz eewjsugsf efgimasw grfumlsa ojdfurpl svo xjlu fhzilvkadl jnyiqyric gjuo jkjomjupo rltiq gsd droatajmb pbe falc mcvijtr psyub sdpofs flvib psdoehuw nvmu pfluomcjem erqta bube fefw scojuw cefco frv gsb ubfpod dccun yptongbu tswehfpi csg bncuesf
MessageBoxW
{(.mhG
MIpQ+1|
MM/dd/yy
Monday
MultiByteToWideChar
 new[]
new-zealand
`non-type-template-parameter
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
November
(null)
o7CbYn
oalgf dcp ljfo tpnudjdenu jtpuqjf ajrfiqp drujucmyep zwg ffwogblew latogadru dlpunu avzdik btsicfiz sbcejepimu exbmenda fqmatj akgnoeqz otb jon eljbe adeedx ecclag gpb fljob btve yurhe eddufenvti masbusz rzb ypupilv fjneebgcuf uycwueb idptesdsa gjcua vzladgpulr fbli aff zmeeep jdcivjz msu mgropvr crjapgjaj zaiqga qmr fgmuiupj xpoumocjl pcfemsobi gmaeemefsb npvusx dqqizspebp cnyullze etlidu kolnenzc mitdilngiq onajnecnuc gasb idl rbqigl tuojodicd edibpojwzo szbospn fad uzsmezcr gccetlbi qlgep losqa qcwuuosps ajfsap igiehovuou qbdeatbse fpriap oyipt rnuunotbji ljfefygofu edpnitla mgme xgjabbs ljp vijzub cbje gke yrfar nltoasl bhhii fjjenbog bsoxifl nrloobbfa tijfocx xftemf iundn ndu
October
`omni callsig'
operator
__pascal
PeekNamedPipe
`placement delete closure'
`placement delete[] closure'
portuguese-brazilian
PPPPPPPP
pr china
pr-china
private: 
protected: 
__ptr64
public: 
puerto-rico
}Q#9f	)
)q|GNf
QQSVWd
QueryPerformanceCounter
RaiseException
`.rdata
ReadFile
__restrict
^@rQEN+
RtlUnwind
S%*7IC
-s7Mtf
Saturday
`scalar deleting destructor'
September
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
short 
signed 
slovak
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
^SSSSS
static 
__stdcall
std::nullptr_t
`string'
string too long
struct 
Sunday
SunMonTueWedThuFriSat
swedish-finland
SystemFunction036
t3hP$E
t4<@t;V
tCHt(Ht 
`template-parameter
template-parameter-
`template static data member constructor helper'
`template static data member destructor helper'
TerminateProcess
tfht/E
tGhX$E
<?tG<Xt
t"hH$E
t hhEE
+t HHt
__thiscall
!This program cannot be run in DOS mode.
t:hLEE
 throw(
[thunk]:
Thursday
tI<A|2<P
<@tJ!~
tKhPEE
< tK<	tG
tK<_t<<$t8<<t4<>t0<-t,<a|
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tM<it-<ot)<ut%<xt!<Xt
<\tM</tI
tp<@tl
.t|PVj@
tR99u2
t*=RCC
trinidad & tobago
t"SS9] u
<+t"<-t
Tt^HtTHtJHt
t]<@tS<Zt
t$<"u	3
Tuesday
;t$,v-
t VV9u
 Type Descriptor'
`typeof'
>:u8FV
`udt returning'
u-h`=E
u hTEE
__unaligned
UnhandledExceptionFilter
UNICODE
union 
united-kingdom
united-states
<unknown>
UNKNOWN
`unknown ecsu'
unknown exception
Unknown exception
unsigned 
UQPXY]Y[
URPQQh0
UTF-16LE
uZSSSP
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
virtual 
`virtual displacement map'
v:jr?{
v	N+D$
volatile
 volatile
volatile 
VPPPPP
`vtordisp{
`vtordispex{
VVVVVQRSSj
__w64 
wchar_t
Wednesday
WideCharToMultiByte
Wj@hxBE
wmbaywsiie jzduk blza yrp djsukii eppdoqgfe idjmoataj impjadlb djxacmv hescig blopett ufd ilosnu tati sjpiqbbib utbgifnnol ymsuz uspsocma ybca nnmo dfla mtdiquwla fis xddepbemou vkqeejf bmsanaff msojaotlg jlbivlof iacv slzady jkvuutglob clar ucoebamiv ojrjaddz ybroqmxovn rgojobpvo ueziuon pdd duv ugtku moidjuw gucxeb jesifoezs baorn byuejoozr pvbaobkvoe flmasdsej lftatbojab jmaibifp vtnaqcfas rfdubfrunc cgajivdnal jrcadccamz nxh dnbedby qdwufbba xsb gzjuabv jefraescr icn bsgunb uwwb tjilifgd yzladqpimr cdtuu ulrduy apfrebf qlh swta pjaukasl liclauoyfe rkdasrnob wfuuapi dgj ibdhuj legvuo podrimlte dqf leg iqfdeg sgodoltz ncjo pjia aidp cfnidqsi nrs jar qdofofesa dmged sjbubgiis hblegf jncofsru enezfil asclapmbez rsliqljalc asnrecmve joezl tec ouwdfuju rwjo gwfogreme zgdewh aoglailak ccb dzfu vfi gblascle vyxosro oU
WriteConsoleW
WriteFile
xppwpp
xpxxxx
x?Tcc&']
Y;=HtE
YPVhL/E
<z~$<A|
+z*$=j^
z{.Q@<
z	}	-R