sub_outside():
WS2_32.socket
WS2_32.ntohs
WS2_32.inet_addr
WS2_32.connect
WS2_32.closesocket
KERNEL32.Sleep
KERNEL32.ExitThread
WSOCK32.recv
KERNEL32.lstrcmpiA
WS2_32.send
KERNEL32.GetModuleFileNameA
WS2_32.select
WSOCK32.recvfrom
WS2_32.inet_ntoa
WS2_32.sendto
KERNEL32.GetTickCount
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
NTDLL.RtlReAllocateHeap
NTDLL.RtlSizeHeap
|
sub_43228A(011d):
KERNEL32.SetStdHandle
|
sub_432027(0126):
KERNEL32.SetUnhandledExceptionFilter
|
sub_432A86(0251):
NTDLL.RtlDeleteCriticalSection
|
sub_427AFB(0279):
KERNEL32.GetLocalTime
"PM"
"AM"
"%.2d/%.2d/%4d, %.2d:%.2d %s"
|
sub_42C1A8(031c):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_41C53A(031e):
KERNEL32.lstrcpyA
|
sub_42211B(033d):
ADVAPI32.OpenSCManagerA
ADVAPI32.CreateServiceA
NTDLL.RtlGetLastWin32Error
ADVAPI32.CloseServiceHandle
"\"%s\""
|
sub_406C3A(0340):
KERNEL32.GetTickCount
KERNEL32.GetModuleFileNameA
KERNEL32.CreateThread
KERNEL32.Sleep
"KbwMi16jFhl/"
"5OkE/1AWBZq/"
"jt17J1ImTVD1"
"%s %s, %s: %i, File: %s."
|
sub_41C41E(05ff):
WS2_32.send
|
sub_43284B(06bc):
KERNEL32.GetCPInfo
|
sub_42C4A4(072f):
KERNEL32.GetVersion
KERNEL32.GetCommandLineA
KERNEL32.GetStartupInfoA
KERNEL32.GetModuleHandleA
|
sub_42DA1F(075c):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
|
sub_42594D(07df):
"_BOT"
"_BOT_LOGIN"
|
sub_42F453(0879):
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error
|
sub_42C785(0a41):
KERNEL32.HeapCreate
KERNEL32.HeapDestroy
|
sub_4332AF(0b4b):
KERNEL32.MultiByteToWideChar
|
sub_425D4F(0c0f):
WS2_32.ntohs
WS2_32.socket
WS2_32.connect
KERNEL32.GetTickCount
KERNEL32.lstrcatA
WS2_32.send
WS2_32.closesocket
"POST / HTTP/1.1\r\nHost: %s\r\nContent-Leng"...
"\r\n"
|
sub_41CAC6(0cc0):
"\r\n"
|
sub_434CA0(0e35):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
USER32.GetActiveWindow
USER32.GetLastActivePopup
USER32.MessageBoxA
"user32.dll"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
|
sub_403374(0e6b):
WS2_32.closesocket
KERNEL32.TerminateThread
"bNJcZ.ziG1m0"
"jt17J1ImTVD1"
"%s %s %d %s"
"TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
"TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
"jt17J1ImTVD1"
"IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
"%s %s"
|
sub_41D1E5(1044):
KERNEL32.GetLocaleInfoA
|
sub_42A9B1(1067):
KERNEL32.MultiByteToWideChar
NTDLL.RtlGetLastWin32Error
|
sub_41E6F8(1124):
KERNEL32.SearchPathA
KERNEL32.CreatePipe
KERNEL32.GetCurrentProcess
KERNEL32.DuplicateHandle
KERNEL32.CreateProcessA
KERNEL32.CloseHandle
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
"cmd.exe"
"WHdAg1glAgf."
"%s CMD Prompt"
"%s Failed to start IO thread, error: <%"...
|
sub_4164D0(119c):
"]&3c9"
|
sub_418CCA(1334):
KERNEL32.lstrcmpiA
|
sub_434D29(1406):
KERNEL32.SetEndOfFile
NTDLL.RtlGetLastWin32Error
|
sub_427162(144d):
"0.0.0.0"
|
sub_427728(156a):
KERNEL32.GetWindowsDirectoryA
KERNEL32.lstrcatA
KERNEL32.CreateFileA
KERNEL32.GetFileTime
KERNEL32.CloseHandle
KERNEL32.SetFileTime
"Shell"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
|
sub_43475B(1610):
KERNEL32.CreateProcessA
NTDLL.RtlGetLastWin32Error
KERNEL32.WaitForSingleObject
KERNEL32.GetExitCodeProcess
KERNEL32.CloseHandle
|
sub_424DE2(1690):
KERNEL32.GetCurrentProcess
KERNEL32.lstrcpyA
KERNEL32.lstrcatA
"Application Data\\Mozilla\\Firefox"
"\\"
"\\profiles.ini"
"name=default"
"path="
"/"
|
sub_402900(1844):
NTDLL.RtlInitUnicodeString
NTDLL.ZwOpenSection
KERNEL32.CloseHandle
KERNEL32.MapViewOfFile
|
sub_432C18(18d1):
KERNEL32.GetModuleFileNameA
|
sub_4335E9(197b):
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.GetFileType
KERNEL32.CloseHandle
|
sub_42A5F0(1ade):
KERNEL32.GetFileAttributesA
NTDLL.RtlGetLastWin32Error
|
sub_40A938(1aed):
KERNEL32.lstrcmpiA
KERNEL32.lstrcpyA
KERNEL32.CreateThread
KERNEL32.Sleep
WS2_32.WSACleanup
KERNEL32.ExitProcess
KERNEL32.GetVersionExA
ADVAPI32.OpenEventLogA
ADVAPI32.ClearEventLogA
ADVAPI32.CloseEventLog
NTDLL.RtlGetLastWin32Error
KERNEL32.QueryPerformanceCounter
KERNEL32.QueryPerformanceFrequency
KERNEL32.GetTickCount
KERNEL32.lstrcatA
KERNEL32.GetModuleFileNameA
USER32.FindWindowA
KERNEL32.CreateFileMappingA
KERNEL32.MapViewOfFile
USER32.SendMessageA
KERNEL32.UnmapViewOfFile
KERNEL32.CloseHandle
DNSAPI.DnsFlushResolverCache
WS2_32.inet_addr
WS2_32.gethostbyaddr
WS2_32.gethostbyname
WS2_32.inet_ntoa
KERNEL32.WaitForSingleObject
KERNEL32.DeleteFileA
KERNEL32.MoveFileA
KERNEL32.CopyFileA
KERNEL32.SetFileAttributesA
SHELL32.ShellExecuteA
KERNEL32.CreateFileA
KERNEL32.GetFileSize
KERNEL32.SetFilePointer
KERNEL32.ReadFile
KERNEL32.GetTempPathA
WS2_32.getsockname
WININET.InternetGetConnectedStateExA
"deHZI/SA//o0"
"EUIOR0ay2w7."
"uc6Wg1OvWVt1"
"Ob4iQ/KJ5ue."
"O.sxv.ze9bK1GOISY.dO.Vn1"
"HyOMe/iovtV."
"Al./N0Kenp20"
"47Ff/020f.0."
"Al./N0Kenp20"
"g3obv.r6j7H/"
"LTLec18US5q0"
"M5sPX.Qp7Lx."
"6atSs0dyCWF.6N5aw.affEY1"
"9lJBH07crkD."
"7.PaK0OnymN/7Razv/1FefF."
"VP1WE/JVQbn."
"ty2nT0oI2YK/"
"qbwGd0CFxf./"
"2mo7G0.B0qj/"
"9bWj..lZ2My0"
"h1cMQ0wQw5C."
"SXYtb1.EEjQ."
"vB1r0/N.Arr0"
"8Im6i..C829."
"tIYj208FHvN."
"5nG/N0ZJh2i1"
"mdf9n0kzPX60"
"/ATfv.jgK0X1"
"fu6k10iRsc/1"
".lUua.bruje0"
"mflX2.QU4VY."
"/uYcs/BEKWP0"
"xLpyR1aNPGm0"
"fhzdV1OotFg0"
"WPUkb.0uIoa/OFUur11TNYw0"
"uFbSS0Cbo8C."
"HuuDG/YQZDz/"
"NoaZx1Alvg/0"
"6HWiy/OAtg9.6N5aw.affEY1"
"sUd8h/rsu8j1"
"j2yYw.J09XC/"
"rioCl1kzTWO0"
"WUlZR.X7XjB0"
"7FUgU.N0U2m1"
"BjAtz/qyRS11"
"/uBQS.HZPkh1"
"6x7zf1EztnY."
"FyFlU0jI3XH."
"7otcU0FiC6V0"
"xMz20//gJkQ/"
"Lcgg60QK2mf0"
"X.62C.3LDCP/"
"XWzwO1PqcgT16N5aw.affEY1"
"iMvbW1SHwxQ0"
"aXauo.rLGgX0"
"UyfOG.DvVnY0"
"pSern1AAGh6."
"XkG84.cESgs."
"p06vq/BFBMo."
"w1w2V121JSP."
"vfEsO.QcgDt."
"Em42x.1IsZI1"
"KmdIe1UwntQ/"
"QSOZ9.vFVWu0"
"V6jBH0k4u/d."
"iexplore.exe"
"YhzCK13CaOG0"
"BVYGm.aFzkh0"
"WHdAg1glAgf."
"mflX2.QU4VY."
"fFEC81UzNT81"
"deHZI/SA//o0"
"ty2nT0oI2YK/"
"5v1zc1EfRZg.tccap0cH5OH0NHckR.k9Wj.1"
"%s %s"
"dJ9OW/uMRBD."
" (SSL)"
"ty2nT0oI2YK/"
"%s: Server: [%i: %s:%d%s]"
"PlsYM/aEe6v1"
"-=[List Complete]=-"
" (SSL)"
"%i: %s:%d%s, %s"
"ty2nT0oI2YK/"
"%s Server List complete."
"l3nYW.D7Tfl."
"ty2nT0oI2YK/"
"%s [Alias list]"
"%d. %s = %s"
"P00Ls0K4t.N1"
"%s"
" %s"
"ty2nT0oI2YK/"
"%s Added Alias: %s"
"ty2nT0oI2YK/"
"%s %s"
"fOaBg1ACVfo/osdpb1E0v95."
"$user"
"$chan"
"$1"
"$2"
"$3"
"$4"
"$5"
"$6"
"EUIOR0ay2w7."
"ty2nT0oI2YK/"
"EUIOR0ay2w7."
"5.Xnq0cowXs0"
"%s %s (%i) %s"
"5.Xnq0cowXs0"
"%s %s (%i) %s"
"%s %s (%i)"
"8Y4sz09fDH50tccap0cH5OH0/mDXM1sxCV2/iNR"...
"8Y4sz09fDH50tccap0cH5OH0/mDXM1sxCV2/iNR"...
"%s %s (%i)"
"RNYAA0crTPO0yYB2h.Fe8bw.iRLzu0EdQ3j/1D6"...
"ty2nT0oI2YK/"
"ty2nT0oI2YK/"
"ty2nT0oI2YK/"
"EUIOR0ay2w7."
"%s %s"
"%s %s"
"PDazX1oDSOh0"
"uc6Wg1OvWVt1"
"O.sxv.ze9bK1GOISY.dO.Vn1"
"Unsecured"
"jVATg1988z81"
"%s %s."
"6f3aL1m.YdX05ythl/YiVnR/jSlje0VWu/50peq"...
"%s [%s!%s@%s]"
"Vsz2x/xqJP5/"
"security"
"system"
"ty2nT0oI2YK/"
"%s Cleared [%d/%d] syslogs"
"%s Failed to clear syslogs"
"%s Advapi.dll not loaded"
"ty2nT0oI2YK/"
"Ob4iQ/KJ5ue."
"e0idD0RDw2U/"
"86tb/1FSpjg0"
"O.sxv.ze9bK1GOISY.dO.Vn1"
"%s %d %s"
"TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
"TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
"%s %s"
"IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
"IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
"%s %s (%s)"
"TpzyK0MOE8.0jTPEZ1dC0uG0"
"O.sxv.ze9bK1GOISY.dO.Vn1"
"TpzyK0MOE8.0jTPEZ1dC0uG0"
"4Ezrg1ye5hp1O2jqY1BhtQc.jTPEZ1dC0uG0"
"O.sxv.ze9bK1GOISY.dO.Vn1"
"4Ezrg1ye5hp1O2jqY1BhtQc.jTPEZ1dC0uG0"
"O.sxv.ze9bK1GOISY.dO.Vn1"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"O.sxv.ze9bK1GOISY.dO.Vn1"
"NFKNL0nQigY0"
"O.sxv.ze9bK1GOISY.dO.Vn1"
"%s Thread list"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"O.sxv.ze9bK1GOISY.dO.Vn1"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"g3obv.r6j7H/"
"d/Jst/MFgyQ."
"LTLec18US5q0"
"%s %s (%d)."
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"LTLec18US5q0"
"/iHFN/l6B5X/"
"%s %s."
"%s started."
"g3obv.r6j7H/"
"eRWc30Qfw.P0"
"LTLec18US5q0"
"M5sPX.Qp7Lx."
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"6atSs0dyCWF.6N5aw.affEY1"
"6atSs0dyCWF.6N5aw.affEY1"
"ITx.N.WPAmx."
"6atSs0dyCWF.6N5aw.affEY1"
"%s PStore"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"6atSs0dyCWF.6N5aw.affEY1"
"6atSs0dyCWF.6N5aw.affEY1"
"%s PStore"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"6atSs0dyCWF.6N5aw.affEY1"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"6atSs0dyCWF.6N5aw.affEY1"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"6atSs0dyCWF.6N5aw.affEY1"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"LNdk50vzCqW0"
"%s"
" %s"
"uhdhC1pCV9i/"
"fOaBg1ACVfo/osdpb1E0v95."
"%s %s"
"%s"
" %s"
"9lJBH07crkD."
"7.PaK0OnymN/7Razv/1FefF."
"/iHFN/l6B5X/"
"%s %s."
"7.PaK0OnymN/7Razv/1FefF."
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"7.PaK0OnymN/7Razv/1FefF."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"7.PaK0OnymN/7Razv/1FefF."
"7.PaK0OnymN/7Razv/1FefF."
"7.PaK0OnymN/7Razv/1FefF."
"rioCl1kzTWO0"
"WUlZR.X7XjB0"
"/iHFN/l6B5X/"
"WUlZR.X7XjB0"
"%s %s on: [%s:%i]"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"%s %s on: (%s:%i)"
"%s %s on: (%s:%i)"
".SWwg1hqeiI1"
"WUlZR.X7XjB0"
"s3dY//JZo6r/"
"dO5oA/0U5m7."
"kE3L20Ufrlq0"
"tArXm0mtxpp."
"Q3BEf.grJCN1aA/Td0EX07M1"
"P/JS70EukYp0"
"Q3BEf.grJCN1aA/Td0EX07M1"
"tArXm0mtxpp."
"%s and %s"
"xg4wO0Gh6FY0p9CIj.BYYVY."
"n/i4//27pnT0"
"OGyZo1/qmpy1"
"2MS3c.kJTeK0"
"ty2nT0oI2YK/"
"%s %s %s, %s %s (%s), %s (%s), %s (%s)"
"ty2nT0oI2YK/"
"%s UpTime: (%s)."
", Record UpTime: (%s)."
", (Record)"
"i7Atf.8/tag1"
"%s %s (%s)"
"u/DnE/tzo8s.OMQDW1DERIa/"
"ty2nT0oI2YK/"
"%s %s"
"NEuF//6QYOi/Md/AN15kOfy.nR01m1pzFKu1"
"ty2nT0oI2YK/"
"ty2nT0oI2YK/"
"VP1WE/JVQbn."
"ty2nT0oI2YK/"
"ty2nT0oI2YK/"
"%s /2Maintenance./2"
"%s %s."
"/iHFN/l6B5X/"
"ty2nT0oI2YK/"
"ty2nT0oI2YK/"
"UaxWg1w8vSP0QRn4z10ge1I1"
"ty2nT0oI2YK/"
"qbwGd0CFxf./"
"2mo7G0.B0qj/"
"47Ff/020f.0."
"Al./N0Kenp20"
"%s BKill %s"
"5OkE/1AWBZq/"
"5OkE/1AWBZq/"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"HyOMe/iovtV."
"%s %s"
"fOaBg1ACVfo/osdpb1E0v95."
"Al./N0Kenp20"
"Al./N0Kenp20"
"Al./N0Kenp20"
"CwXYh0RYoUv1"
"%s %s"
"fOaBg1ACVfo/osdpb1E0v95."
"eAvYh.IC0dc0"
"%s %s"
"fOaBg1ACVfo/osdpb1E0v95."
"Al./N0Kenp20"
"%s Procs"
"uz3rf.VTKug1"
"%s %s"
"fOaBg1ACVfo/osdpb1E0v95."
"Al./N0Kenp20"
"Al./N0Kenp20"
"%s Create process thread."
"9bWj..lZ2My0"
"jt17J1ImTVD1"
"8CBGO/rJRYr."
"KbwMi16jFhl/"
"5OkE/1AWBZq/"
"%s %s on %s: %i, %s: %s."
"/iHFN/l6B5X/"
"KbwMi16jFhl/"
"%s %s on %s: %i, thread number: %i."
"KbwMi16jFhl/"
"%s %s on %s: %i, thread number: %i."
"ajTtz06Ztse1"
"uN3hk0sn58o/"
"QRn4z10ge1I1"
"bVUSO0ed3MW/"
"6h4NN1IGJm60"
"%s"
" %s"
"6h4NN1IGJm60"
"%s Sent IRC raw: \"%s\"."
"M1d.716Jg1r1"
"mIRC"
"$version"
"%s"
"$server"
"$serverip"
"$port"
"$chan(0)"
"$chan(%i)"
", "
"Ur6ne.MOT50."
"%s User is running mIRC v %s, Connected"...
"Ur6ne.MOT50."
"%s Client not open."
"Ur6ne.MOT50."
"%s Client not open."
"%s"
" %s"
"Ur6ne.MOT50."
"%s Client not open or found: \"%s\""
"Qc9zS1zGZff0"
"ty2nT0oI2YK/"
"%s ARP flushed."
"%s Failed to flush ARP."
"WpuWr.6YFRU/"
"ty2nT0oI2YK/"
"%s DNS cache flushed."
"%s Failed to flush DNS cache."
"%s Failed to load dnsapi.dll."
"6x2Ka0buUbB."
"ty2nT0oI2YK/"
"fOaBg1ACVfo/osdpb1E0v95."
"pImgT12pvEE."
"ty2nT0oI2YK/"
"%s %s: %s -> %s."
"jgYqN0dmziR12zQe40gFoLm.rilJR.uuL/I0"
"ty2nT0oI2YK/"
"%s %s"
"4RmBz/FCic21"
"SC.Co/swLK/."
"Hm1H.049e4O/"
"%s Obtaining external IP"
"LeEs11vPbnf0"
"lbJVg0r.qMb."
"XU6CU1p.SN6.6N5aw.affEY1"
"%s Too Much conns."
"XU6CU1p.SN6.6N5aw.affEY1"
"%s Loaded Onto: (%s:%d), Amount: (%d)"
"XU6CU1p.SN6.6N5aw.affEY1"
"%s Loaded Onto: (%s:%d), Amount: (%d)"
"A52N11SVYFw0"
"%s"
" %s"
"%s"
"Hj6vo0JRP9Q0"
"%s"
" %s"
"zyVGp1MxObt0"
"%s %s :%s"
"r7WRs/qHek.0"
"abcdefghijklmnopqrstuvwxyz1234567890abc"...
"zyVGp1MxObt0"
"%s %s :%s"
"%s %s :%s"
"%s %s :%s"
"%s %s :%s"
"g7/IV/gks9L1"
"zyVGp1MxObt0"
"g7/IV/gks9L1"
"%s %s"
"TuGNF.mQSDR0"
"yJmlc1btsF10"
"DuzCb0KgSsv0"
"%s"
" %s"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"dQJSO.47pdb/"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"K9V/U/KkuTM/"
"%s"
" %s"
"g7/IV/gks9L1"
"%s %s :%s"
"7yfnz0PW11s1"
"%s"
" %s"
"lCX/m/HdpWr1"
"nQ.As1Z1SIt/"
"fOaBg1ACVfo/osdpb1E0v95."
"XU6CU1p.SN6.6N5aw.affEY1"
"%s %s"
"QRn4z10ge1I1"
"yJmlc1btsF10"
"%s %s"
"iEguD0V/.5/."
"yJmlc1btsF10"
"%s %s :%s"
"fc9Kk1jX11G."
"TuGNF.mQSDR0"
"%s %s"
"DnjQ8/ze3ZW/"
"%s %s"
"yJmlc1btsF10"
"%s %s :%s"
"%s %s"
"yJmlc1btsF10"
"%s %s :%s"
"%s %s"
"yJmlc1btsF10"
"%s %s :%s"
"EWqxA//oC1T."
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"g7/IV/gks9L1"
"zyVGp1MxObt0"
"%s %s :DCC SEND C:\\\\\\\\%s"
"JIAtz0xSuMp1"
"abcdefghijklmnopqrstuvwxyz1234567890abc"...
"zyVGp1MxObt0"
"VI0QA1mvfro1"
"%s"
" %s"
"zyVGp1MxObt0"
"W3GP6.13AcY1"
"TuGNF.mQSDR0"
"%s %s"
"e8qiq0Hukv9/"
"%s %s"
"TuGNF.mQSDR0"
"%s %s"
"18Rjk.sa2JE/"
"%s %s"
"TuGNF.mQSDR0"
"%s %s"
"yJmlc1btsF10"
"%s %s"
"lJ/am/kZRtP1"
"%s %s"
"zyVGp1MxObt0"
"%s %s :%s"
"zyVGp1MxObt0"
"%s %s :%s"
"zyVGp1MxObt0"
"%s %s :%s"
"XZArU0aMxhi."
"%s %s"
"g7/IV/gks9L1"
"%s %s :%s"
"g7/IV/gks9L1"
"%s %s :%s"
"g7/IV/gks9L1"
"%s %s :%s"
"rA7E2/hHXPf0"
"%s %s"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"zyVGp1MxObt0"
"Rp4sR11CvR1/"
"%s %s"
"zyVGp1MxObt0"
"g7/IV/gks9L1"
"%s %s :%s"
"zyVGp1MxObt0"
"%s %s :%s"
"g7/IV/gks9L1"
"%s %s :%s"
"ZqrVt0t6nmZ."
"%s"
" %s"
"zyVGp1MxObt0"
"%s memoserv :send %s %s"
"1ShtA0bzFwk1"
"%s@%s.com"
"zyVGp1MxObt0"
"%s nickserv :register pass103 %s"
"AZcsP.hkiLO."
"zyVGp1MxObt0"
"eRWc30Qfw.P0"
"%s Unloaded."
"XU6CU1p.SN6.6N5aw.affEY1"
"XU6CU1p.SN6.6N5aw.affEY1"
"FEpMF/ZswFD/"
"ty2nT0oI2YK/"
"ty2nT0oI2YK/"
"%s SystemCall failed."
"ty2nT0oI2YK/"
"%s SystemCall sent: \"%s\""
"sUd8h/rsu8j1"
"%s %s."
"/iHFN/l6B5X/"
"WHdAg1glAgf."
"%s Couldn't open shell."
"%s Shell ready."
"%s Shell ready."
"j2yYw.J09XC/"
"%s %s"
"fOaBg1ACVfo/osdpb1E0v95."
"WHdAg1glAgf."
"WHdAg1glAgf."
"%s"
" %s"
"\n"
"%s %s"
"YdidB16dnMQ."
"WHdAg1glAgf."
"WHdAg1glAgf."
"WHdAg1glAgf."
"%s Commands: %s."
"43uCS0rkQUx."
"WHdAg1glAgf."
"jC8j0.blHIr0"
"%s"
" %s"
"PIYGC.BgPyH."
"%s"
" %s"
"lmecq0yGcoK/"
"%s Displaying file: %s"
"%s"
"%s"
"%s File displayed: %s"
"%s Failed to read file: %s,error: <%d>"
"%s Failed to read file: %s,error: <%d>"
"7bQzU.aQz2u."
"lmecq0yGcoK/"
"%s File exists: %s"
"lmecq0yGcoK/"
"%s File doesn't exist: %s"
"saR5v0JloIc0"
"lmecq0yGcoK/"
"%s File deleted: %s"
"%s Failed to del file: %s, error: <%d>"
"%s Failed to del file: %s, error: <%d>"
"x43Mx/eGeDu."
"lmecq0yGcoK/"
"%s Folder deleted: %s"
"%s Failed to delete folder: %s"
"%s %s is not a folder."
"%s %s doesn't exist."
"lmecq0yGcoK/"
"IsoPF.PU4tY0"
"lmecq0yGcoK/"
"%s Moved: \"%s\" to: \"%s\""
"%s Failed to move: \"%s\" to: \"%s\", error"...
"%s Failed to move: \"%s\" to: \"%s\", error"...
"98mu./nEdn7."
"lmecq0yGcoK/"
"fOaBg1ACVfo/osdpb1E0v95."
"lmecq0yGcoK/"
"%s Copied: \"%s\" to \"%s\""
"%s Failed to copy: \"%s\" to \"%s\",error: "...
"%s Failed to copy: \"%s\" to \"%s\",error: "...
"vDIrQ.MJcpx1"
"lmecq0yGcoK/"
"%s Attributes Set to: \"%s\"."
"%s Failed to set Attributes to: \"%s\",er"...
"%s Failed to set Attributes to: \"%s\",er"...
"Sad25/hP/R91"
"open"
"lmecq0yGcoK/"
"%s Opened: \"%s\"."
"%s Failed to open: \"%s\",error: <%d>"
"%s Failed to open: \"%s\",error: <%d>"
"fOaBg1ACVfo/osdpb1E0v95."
"lmecq0yGcoK/"
"HPmCH0PbQ800"
"fOaBg1ACVfo/osdpb1E0v95."
"RcCSh.AdUKf1"
"%s %s"
"RcCSh.AdUKf1"
"%s"
"RcCSh.AdUKf1"
"%s No file"
"VV3AJ1ywFkC.XzinP/s/R0A."
"RcCSh.AdUKf1"
"%s %s <%d>"
"VV3AJ1ywFkC.XzinP/s/R0A."
"RcCSh.AdUKf1"
"%s Bind %s <%d>"
"Sending you %s"
"DCC Send %s (%s)"
"%s %d %d %i"
"RcCSh.AdUKf1"
"%s Timed Out, closing connection."
"RcCSh.AdUKf1"
"%s Connection closed: (%i/%ikB sent)."
"uFbSS0Cbo8C."
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"HuuDG/YQZDz/"
"HuuDG/YQZDz/"
"HuuDG/YQZDz/"
"RY6IQ0UDbPh/LL/Dw.r3B9K/"
"%s %s %s."
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"HuuDG/YQZDz/"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"RY6IQ0UDbPh/LL/Dw.r3B9K/"
"%s %s %s."
"RY6IQ0UDbPh/LL/Dw.r3B9K/"
"%s %s %s."
"HuuDG/YQZDz/"
"NoaZx1Alvg/0"
"6HWiy/OAtg9.6N5aw.affEY1"
"fOaBg1ACVfo/osdpb1E0v95."
"]&3c9"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"6HWiy/OAtg9.6N5aw.affEY1"
"6HWiy/OAtg9.6N5aw.affEY1"
"%s%s%d%d%d%d%d.exe"
"RY6IQ0UDbPh/N2NHs/pc9zb/8Wb3v063Ds00"
"6HWiy/OAtg9.6N5aw.affEY1"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"6HWiy/OAtg9.6N5aw.affEY1"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"6HWiy/OAtg9.6N5aw.affEY1"
"6HWiy/OAtg9.6N5aw.affEY1"
"uQYiL.iYvpI."
"%c%c%c%c%c%c"
"%s%d%d%d%d%d.exe"
"C4dD9.nojvO1"
"%s is set to %s:%d U: %s P: %s F: %s"
"C4dD9.nojvO1"
"4QyYH1q/2ps1"
"C4dD9.nojvO1"
"%s is set to %s:%d U: %s P: %s F: %s"
"%s is off."
"ZGidU12tiV0/"
"%s is on."
"C4dD9.nojvO1"
"HGCRW.CWUF5."
"%s is off."
"gzTlE.nhywf/"
"C4dD9.nojvO1"
"%s is off."
"l80re/UvCUe1"
"TVJrO1uBGtg1"
"VXA.u/cDD7S0"
"mflX2.QU4VY."
"h1cMQ0wQw5C."
"%s Invalid port"
"mflX2.QU4VY."
"x.x.x.x"
"%d.x.x.x"
"mflX2.QU4VY."
"%s No IP specified."
"mflX2.QU4VY."
"%s No subnet class specified."
"Random"
"Sequential"
"%s %s %s %s:%d with a delay of %d secon"...
"Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
"mflX2.QU4VY."
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"mflX2.QU4VY."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"mflX2.QU4VY."
"Random"
"Sequential"
"Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
"mflX2.QU4VY."
"Random"
"Sequential"
"Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
"mflX2.QU4VY."
"SXYtb1.EEjQ."
"vB1r0/N.Arr0"
"8Im6i..C829."
"tIYj208FHvN."
"5nG/N0ZJh2i1"
"mdf9n0kzPX60"
"/ATfv.jgK0X1"
"fu6k10iRsc/1"
".lUua.bruje0"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"mflX2.QU4VY."
"mflX2.QU4VY."
"%s Port pscan started: %s:%d with delay"...
"mflX2.QU4VY."
"kzqSH/dhRIc."
"mflX2.QU4VY."
"/uYcs/BEKWP0"
"xLpyR1aNPGm0"
"/iHFN/l6B5X/"
"%s %s."
"xLpyR1aNPGm0"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"xLpyR1aNPGm0"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"xLpyR1aNPGm0"
"xLpyR1aNPGm0"
"xLpyR1aNPGm0"
"WWFBf.0ptzE."
"xLpyR1aNPGm0"
"fhzdV1OotFg0"
"WPUkb.0uIoa/OFUur11TNYw0"
"/iHFN/l6B5X/"
"%s %s."
"WPUkb.0uIoa/OFUur11TNYw0"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"WPUkb.0uIoa/OFUur11TNYw0"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"WPUkb.0uIoa/OFUur11TNYw0"
"WPUkb.0uIoa/OFUur11TNYw0"
"WPUkb.0uIoa/OFUur11TNYw0"
"Umk7x0PwyW9/QRn4z10ge1I1"
"WPUkb.0uIoa/OFUur11TNYw0"
"7FUgU.N0U2m1"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"BjAtz/qyRS11"
"BjAtz/qyRS11"
"%s --> (%s:%d) for (%d secs)."
"BjAtz/qyRS11"
"BjAtz/qyRS11"
"BjAtz/qyRS11"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"BjAtz/qyRS11"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"BjAtz/qyRS11"
"w3dWL/46o0u0"
"BjAtz/qyRS11"
"/uBQS.HZPkh1"
"6x7zf1EztnY."
"FyFlU0jI3XH."
"7otcU0FiC6V0"
"dnjYk0fWkI.."
"BVYGm.aFzkh0"
"xMz20//gJkQ/"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"Lcgg60QK2mf0"
"Lcgg60QK2mf0"
"Lcgg60QK2mf0"
"%s --> (%s) for %d secs with %d ms dela"...
"%s --> (%s) for %d secs with %d ms dela"...
"%s --> (%s) for %d secs with %d ms dela"...
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"Lcgg60QK2mf0"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"Lcgg60QK2mf0"
"nHr6r0qsk450"
"Lcgg60QK2mf0"
"UyfOG.DvVnY0"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"YhzCK13CaOG0"
"YhzCK13CaOG0"
"YhzCK13CaOG0"
"%s --> (%s:%d) for (%d secs)."
"YhzCK13CaOG0"
"YhzCK13CaOG0"
"YhzCK13CaOG0"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"YhzCK13CaOG0"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"YhzCK13CaOG0"
"pSern1AAGh6."
"%s --> (%s:%d) for (%d secs)."
"YhzCK13CaOG0"
"YhzCK13CaOG0"
"YhzCK13CaOG0"
"XkG84.cESgs."
"%s --> (%s:%d) for (%d secs)."
"YhzCK13CaOG0"
"YhzCK13CaOG0"
"YhzCK13CaOG0"
"p06vq/BFBMo."
"YhzCK13CaOG0"
"%s --> (%s) for (%d secs)."
"%s --> (%s) for (%d secs)."
"%s --> (%s) for (%d secs)."
"3VVsV1VuRUA/"
"YhzCK13CaOG0"
"iMvbW1SHwxQ0"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"aXauo.rLGgX0"
"aXauo.rLGgX0"
"aXauo.rLGgX0"
"%s --> (%s:%d)"
"%s --> (%s:%d)"
"%s --> (%s:%d)"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"aXauo.rLGgX0"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"aXauo.rLGgX0"
"4h4m/.Q.GUy."
"aXauo.rLGgX0"
"X.62C.3LDCP/"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"XWzwO1PqcgT16N5aw.affEY1"
"XWzwO1PqcgT16N5aw.affEY1"
"XWzwO1PqcgT16N5aw.affEY1"
"%s --> (%s:%d) for %d sec's"
"%s --> (%s:%d) for %d sec's"
"%s --> (%s) for %d sec's"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"XWzwO1PqcgT16N5aw.affEY1"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"XWzwO1PqcgT16N5aw.affEY1"
"wt4Rn/WGL6V."
"XWzwO1PqcgT16N5aw.affEY1"
"w1w2V121JSP."
"vfEsO.QcgDt."
"%s --> (%s:%d) with %d conn's for %d se"...
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"vfEsO.QcgDt."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"vfEsO.QcgDt."
"Vz62d1m0Yya/"
"F4c9z1UBCg80"
"vfEsO.QcgDt."
"vfEsO.QcgDt."
"%s %s"
"fOaBg1ACVfo/osdpb1E0v95."
"vfEsO.QcgDt."
"vfEsO.QcgDt."
"2YClO0SRxpi/"
"vfEsO.QcgDt."
"h3YH9.Xq.S2."
"sSOce0JbTXI/"
"sSOce0JbTXI/"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"sSOce0JbTXI/"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"sSOce0JbTXI/"
"%s %s"
"fOaBg1ACVfo/osdpb1E0v95."
"sSOce0JbTXI/"
"sSOce0JbTXI/"
"IwBKf0O1Om6/QRn4z10ge1I1"
"sSOce0JbTXI/"
"Em42x.1IsZI1"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"QSOZ9.vFVWu0"
"QSOZ9.vFVWu0"
"QSOZ9.vFVWu0"
"QSOZ9.vFVWu0"
"%s --> (%s:%d) %d packets."
"%s --> (%s:%d) %d packets."
"%s --> (%s:%d) %d packets."
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"QSOZ9.vFVWu0"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"ERNNi/HM17T1QRn4z10ge1I1"
"QSOZ9.vFVWu0"
"KmdIe1UwntQ/"
"QSOZ9.vFVWu0"
"fOaBg1ACVfo/osdpb1E0v95."
"QSOZ9.vFVWu0"
"%s --> (%s)."
"%s --> (%s)."
"%s --> (%s)."
"UPx0W/cz2EI0QRn4z10ge1I1"
"QSOZ9.vFVWu0"
"V6jBH0k4u/d."
"iexplore"
"open"
"QSOZ9.vFVWu0"
"%s Site opened."
"%s Site failed to open."
"%s Site failed to open."
"B2smo.WHkeW.QRn4z10ge1I1"
"iexplore.exe"
"QSOZ9.vFVWu0"
"%s %s"
"bNJcZ.ziG1m0"
"bNJcZ.ziG1m0"
"vXG7N.qBMG90aA/Td0EX07M1"
"VV3AJ1ywFkC.XzinP/s/R0A."
"%s %s <%d>"
"QSOZ9.vFVWu0"
"QSOZ9.vFVWu0"
"%s %s HTTP/1.1\r\nReferer: %s\r\nUser-Agent"...
"VV3AJ1ywFkC.XzinP/s/R0A."
"%s %s <%d>"
"QSOZ9.vFVWu0"
"QSOZ9.vFVWu0"
"\n"
"%s"
"QSOZ9.vFVWu0"
"q5l5f.2TO.60"
"jBKL4/FbWCF1"
"q5l5f.2TO.60"
"jBKL4/FbWCF1"
"W3GP6.13AcY1"
"?"
"?"
"M08SE.Kt9tD1"
"?"
"?"
"3eowX/2OCnG/"
"PTaMI1/.aGV/"
"%s Trying to get external IP."
"PTaMI1/.aGV/"
"%s Trying to get external IP."
"?"
"?"
"s3dY//JZo6r/"
"]&3c9"
"]&3c9"
"UWher1DAGD80"
"pNb.a/Bfzu60"
"Zu2s6.O7.yt/"
"4hftZ/6HOlR/"
"yqrdP.9rF4U0"
"1UyIs15KH.n1"
"9lJBH07crkD."
"D0roN.CTDg0."
"fr8ri0f9NfZ."
"wbZcx0/Dknt."
"D0roN.CTDg0."
"fr8ri0f9NfZ."
"wbZcx0/Dknt."
"NyJsR1cV5CH0"
"95"
"nt"
"98"
"me"
"2k"
"xp"
"2k3"
"vista"
"7"
"95"
"nt"
"98"
"me"
"2k"
"xp"
"2k3"
"vista"
"7"
"/I6sD/4CTzn0"
"?"
"?"
"WRlth/n3Uh.1"
"?"
"?"
"yQJsn0wtUtn1"
"%s %s"
"fOaBg1ACVfo/osdpb1E0v95."
"PTaMI1/.aGV/"
"PTaMI1/.aGV/"
"%s"
" %s"
"%s Failed to parse command."
"PTaMI1/.aGV/"
"PTaMI1/.aGV/"
"%s Should run: \"%s\"."
"PTaMI1/.aGV/"
"PTaMI1/.aGV/"
"PTaMI1/.aGV/"
"%s Failed to parse command."
"PTaMI1/.aGV/"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"BVYGm.aFzkh0"
"BVYGm.aFzkh0"
"BVYGm.aFzkh0"
"%s No delay."
"BVYGm.aFzkh0"
"%s --> (%s:%d) for %d secs."
"/uBQS.HZPkh1"
"6x7zf1EztnY."
"FyFlU0jI3XH."
"7otcU0FiC6V0"
"%s %s (%d)."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"BVYGm.aFzkh0"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"BVYGm.aFzkh0"
"%s %s (%d)."
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"mflX2.QU4VY."
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"SXYtb1.EEjQ."
"vB1r0/N.Arr0"
"8Im6i..C829."
"tIYj208FHvN."
"5nG/N0ZJh2i1"
"mdf9n0kzPX60"
"/ATfv.jgK0X1"
"fu6k10iRsc/1"
"%s %s (%d)."
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"mflX2.QU4VY."
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"mflX2.QU4VY."
"d1"
"mflX2.QU4VY."
"mflX2.QU4VY."
"x.x.x.x"
"%d.x.x.x"
"Random"
"Sequential"
"Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
"mflX2.QU4VY."
"%s %s %s %s:%d with a delay of %d secon"...
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"mflX2.QU4VY."
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"mflX2.QU4VY."
"Random"
"Sequential"
"Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
"mflX2.QU4VY."
"%s %s %s %s:%d with a delay of %d secon"...
"Random"
"Sequential"
"Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
"mflX2.QU4VY."
"%s %s %s %s:%d with a delay of %d secon"...
"%s No IP specified."
"%s No subnet class specified"
"mflX2.QU4VY."
"mflX2.QU4VY."
"mflX2.QU4VY."
"fOaBg1ACVfo/osdpb1E0v95."
"%s %s"
"%s %s"
"qbwGd0CFxf./"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"%s %s (%d)."
"fFEC81UzNT81"
"fFEC81UzNT81"
"Secure"
"jVATg1988z81"
"%s %s."
"fFEC81UzNT81"
"%s %s (%d)."
"fFEC81UzNT81"
"jVATg1988z81"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"fFEC81UzNT81"
"jVATg1988z81"
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
" Built: Sep 4 2009 21:52:38"
"]&3c9"
"ty2nT0oI2YK/"
"%s %s (%s) %s"
" Built: Sep 4 2009 21:52:38"
"]&3c9"
"ty2nT0oI2YK/"
"%s %s (%s) %s"
|
sub_41C598(1afe):
KERNEL32.lstrcmpiA
|
sub_4277E9(1c01):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.lstrcpyA
SHLWAPI.PathRemoveFileSpecA
KERNEL32.lstrcmpiA
KERNEL32.GetFileAttributesA
KERNEL32.SetFileAttributesA
NTDLL.RtlGetLastWin32Error
KERNEL32.Sleep
KERNEL32.CopyFileA
|
sub_41BD3B(1d00):
KERNEL32.GetVersionExA
ADVAPI32.GetUserNameA
KERNEL32.GetComputerNameA
KERNEL32.GetSystemDirectoryA
KERNEL32.GetDateFormatA
KERNEL32.GetTimeFormatA
KERNEL32.GlobalMemoryStatusEx
KERNEL32.GetLogicalDriveStringsA
KERNEL32.lstrcmpiA
KERNEL32.GetTickCount
"???"
"%d.%d"
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2K3"
"Vista"
"2K8"
"7"
"%s (%s)"
"ddd, MMM dd, yyyy"
"HH:mm:ss"
"%d"
"wj27.1Belx20"
"%s (CPU): %I64uMHz, (RAM): %sMB total, "...
|
sub_40A633(1d4b):
KERNEL32.GetComputerNameA
KERNEL32.lstrcmpiA
"TU-4NH09SMCG1HC"
"roo"
"snort"
"honey"
"honeyc"
"honeyd"
"HoneyMule"
"vmware"
"currentuser"
"nepenthes"
"(IMail 8.00 153-1) NT-ESMTP Server X1"
|
sub_407373(1d84):
WS2_32.socket
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.connect
WS2_32.send
WSOCK32.recv
WS2_32.closesocket
"mflX2.QU4VY."
"%s %s -> %s (Ex: %d)"
|
sub_41C7EB(1e5f):
WININET.InternetGetConnectedState
KERNEL32.Sleep
WS2_32.socket
WS2_32.gethostbyname
WS2_32.ntohs
WS2_32.connect
WS2_32.closesocket
KERNEL32.GetTickCount
KERNEL32.QueryPerformanceCounter
KERNEL32.QueryPerformanceFrequency
KERNEL32.lstrcpyA
KERNEL32.lstrcmpiA
"%s %s\r\n"
"7LybP1GuNfm0"
"TuGNF.mQSDR0"
"391mY/LxL28."
"%s %s * 0 :%s\r\n"
|
sub_41FD79(1f05):
KERNEL32.GetCurrentThread
ADVAPI32.OpenThreadToken
KERNEL32.GetCurrentProcess
ADVAPI32.OpenProcessToken
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
KERNEL32.lstrcpyA
KERNEL32.OpenProcess
KERNEL32.lstrcmpiA
KERNEL32.TerminateProcess
"SeDebugPrivilege"
"unknown"
|
sub_4248BB(1f42):
KERNEL32.FreeLibrary
|
sub_4096AB(20bd):
KERNEL32.WriteFile
|
sub_41CCD8(210d):
KERNEL32.lstrcmpiA
|
sub_420D92(2166):
KERNEL32.lstrcmpiA
"HKEY_LOCAL_MACHINE"
"HKLM"
"HKEY_CURRENT_USER"
"HKCU"
"HKEY_CLASSES_ROOT"
"HKCR"
"HKEY_CURRENT_CONFIG"
"HKCC"
"HKEY_USERS"
|
sub_40221C(22a3):
"%d.%d.%d.%d"
|
sub_430EF3(232b):
"PATH"
"\\"
|
sub_4256BD(236b):
"!* SH"
"!* UDP"
"!* PAN"
"!* PUSH"
"wget"
"phpshell"
"[MAIN]:"
"[SCAN]:"
"[FTP]:"
"[TFTP]:"
"[KEYLOGGER]:"
"[VNC]:"
|
sub_4257C9(236b):
"LTLec18US5q0"
"PASS "
"IRC Operator"
"now a network administrator"
"PRIVMSG"
"JOIN"
"OPER"
"PONG"
"PING"
"USERHOST"
"NOTICE"
"TOPIC"
|
sub_41E59B(24dc):
KERNEL32.PeekNamedPipe
KERNEL32.GetExitCodeProcess
KERNEL32.Sleep
KERNEL32.ReadFile
KERNEL32.ExitThread
"Could not read data from proccess.\r\n"
"Proccess has terminated.\r\n"
"Could not read data from proccess.\r\n"
|
sub_425A1B(2546):
WS2_32.gethostname
WS2_32.gethostbyname
WS2_32.socket
KERNEL32.ExitThread
WS2_32.bind
WS2_32.closesocket
WS2_32.WSAIoctl
KERNEL32.lstrcpyA
WSOCK32.recv
WS2_32.ntohs
WS2_32.inet_ntoa
"%s"
|
sub_43045E(25cf):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_41F7B0(2634):
KERNEL32.lstrcatA
NTDLL.RtlGetLastWin32Error
KERNEL32.SetFileAttributesA
KERNEL32.DeleteFileA
KERNEL32.Sleep
"Al./N0Kenp20"
"%s Procs List:"
" PID - Memory Usage - Process"
" K"
" %-6d- %-10s- \"%s\""
"%s End of list"
"YdidB16dnMQ."
"Al./N0Kenp20"
"%s Unable to list procs, %s: <%d>"
"YdidB16dnMQ."
"Al./N0Kenp20"
"%s Unable to list procs, %s: <%d>"
"Al./N0Kenp20"
"%s Pro \"%s\" killed,total: <%s>"
"Al./N0Kenp20"
"%s PID \"%i\" killed"
"%s Failed to kill proc"
"%s"
"Al./N0Kenp20"
"%s Failed to kill and erase proc"
"Al./N0Kenp20"
"%s PID \"%i\" killed and deleted"
|
sub_4283DC(2675):
KERNEL32.ExitThread
"AsQfy.K1uah0"
"Lcgg60QK2mf0"
"%s %s, ports hit: (%s)"
|
sub_4020AA(2783):
KERNEL32.GetTickCount
KERNEL32.GetModuleFileNameA
KERNEL32.CreateThread
KERNEL32.Sleep
"8CBGO/rJRYr."
"KbwMi16jFhl/"
"5OkE/1AWBZq/"
"jt17J1ImTVD1"
"%s %s, %s: %i, %s: %s."
|
sub_402A0E(27f1):
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
|
sub_40203B(285e):
WS2_32.inet_ntoa
"mflX2.QU4VY."
"mflX2.QU4VY."
|
sub_419661(2a9d):
KERNEL32.lstrcpyA
KERNEL32.lstrcatA
|
sub_41D252(2c16):
KERNEL32.GetVersionExA
"%d.%d"
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2K3"
"Vista"
"2K8"
"7"
|
sub_40978A(2c75):
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.CloseHandle
KERNEL32.Sleep
"\\\\%s"
"IPC$"
"mflX2.QU4VY."
"%s %s -> %s (Ex: %d)"
|
sub_4290F9(2cad):
"invalid string position"
|
sub_42226C(2d5e):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.LockServiceDatabase
NTDLL.RtlGetLastWin32Error
KERNEL32.LocalAlloc
ADVAPI32.QueryServiceLockStatusA
KERNEL32.LocalFree
ADVAPI32.ChangeServiceConfig2A
ADVAPI32.UnlockServiceDatabase
ADVAPI32.CloseServiceHandle
|
sub_4032A3(2eb9):
KERNEL32.GetModuleFileNameA
WS2_32.send
WS2_32.closesocket
"rb"
|
sub_424A42(2fa0):
KERNEL32.lstrcpyA
KERNEL32.lstrcatA
"\\"
"%s"
"6atSs0dyCWF.6N5aw.affEY1"
": "
" "
|
sub_41EAD6(3061):
KERNEL32.ExitThread
"firewall set portopening TCP %d FD"
"netsh"
"open"
|
sub_4053EE(30c9):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetFileAttributesA
KERNEL32.SetFileAttributesA
KERNEL32.CopyFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.lstrcmpiA
KERNEL32.DeleteFileA
"Administrator\\\\%s$"
"C:\\WINDOWS\\system32$"
"IPC$"
"PRINT$"
"S$"
"NETLOGON$"
"B$"
"C$"
"D$"
"E$"
"F$"
"G$"
"H$"
"I$"
"J$"
"K$"
"L$"
"M$"
"N$"
"O$"
"P$"
"Q$"
"R$"
"T$"
"U$"
"V$"
"W$"
"X$"
"Y$"
"Z$"
"C:\\WINNT$"
"D:\\WINDOWS$"
"C:\\WINNT\\system32$"
"D:\\WINNT\\system32$"
"D:\\WINDOWS\\system32$"
"E:\\WINNT\\system32$"
"E:\\WINDOWS\\system32$"
"C$\\DOCUME~1\\ADMINI~1\\"
"D$\\DOCUME~1\\ADMINI~1\\"
"C$\\DOCUME~1\\ADMINI~1$"
"D$\\DOCUME~1\\ADMINI~1$"
"ADMINISTRADOR$"
"ADMINISTRATOR$"
"PIPE\\"
"PIPE$"
"WINDOWS$"
"drivec$"
"%s%d%d%d%d%d.exe"
"%s\\%s\\%s"
"%s %s: -> [%s\\%s, %s/%s] (CreatedServic"...
"mflX2.QU4VY."
"(Blank)"
"(Blank)"
"%s %s: -> [%s\\%s, %s/%s] (NetSchedJobAd"...
|
sub_42003F(31b4):
KERNEL32.OpenProcess
KERNEL32.TerminateProcess
KERNEL32.CloseHandle
|
sub_401A77(31e8):
KERNEL32.GetTickCount
"%c%c%c%c%c%c"
|
sub_41E17C(3264):
KERNEL32.GetTickCount
KERNEL32.Sleep
KERNEL32.ExitThread
"AsQfy.K1uah0"
"YhzCK13CaOG0"
"%s %s -> %s"
|
sub_420A75(34b2):
KERNEL32.lstrcmpiA
KERNEL32.Sleep
"+"
"topic"
"%s"
|
sub_402A86(379a):
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
|
sub_407FB9(37c7):
WS2_32.send
|
sub_42222E(3851):
KERNEL32.CreateThread
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
KERNEL32.ExitThread
|
sub_41F46D(38ae):
KERNEL32.lstrcpyA
SHLWAPI.PathRemoveFileSpecA
NTDLL.RtlGetLastWin32Error
KERNEL32.CreateProcessA
KERNEL32.GetTickCount
KERNEL32.WaitForSingleObject
KERNEL32.lstrcatA
KERNEL32.CloseHandle
"YdidB16dnMQ."
"Al./N0Kenp20"
"%s Couldn't parse path, %s <%d>"
"%s Couldn't parse path, %s <%d>"
"YdidB16dnMQ."
"Al./N0Kenp20"
"QvDsp/rBQ6w0"
"%s %s to create proc: \"%s\", %s: <%d>"
"QvDsp/rBQ6w0"
"%s %s to create proc: \"%s\", %s: <%d>"
"Al./N0Kenp20"
"%s Created proc: \"%s\", PID: <%d>"
" hour"
" hours"
" %d%s"
" %.2d:%.2d"
"/iHFN/l6B5X/"
"SFe3H0kCLgx0"
"%s Procs %s: \"%s\", Total %s Time: %s."
|
sub_426C22(398c):
USER32.EnumWindows
|
sub_41CE5F(3a6c):
"KC4L5.sAVS3."
"%s %s\r\n"
|
sub_407FFA(3ac0):
WS2_32.send
|
sub_428046(3ae1):
KERNEL32.RemoveDirectoryA
KERNEL32.lstrcpyA
KERNEL32.lstrcatA
KERNEL32.FindFirstFileA
KERNEL32.lstrcmpiA
KERNEL32.SetFileAttributesA
KERNEL32.DeleteFileA
KERNEL32.FindNextFileA
KERNEL32.FindClose
"\\*.*"
"\\"
".."
|
sub_4021D4(3b1d):
WS2_32.ntohl
|
sub_402AD7(3c64):
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
|
sub_42660A(3f40):
KERNEL32.lstrcpyA
KERNEL32.CreateThread
|
sub_41BB45(406c):
KERNEL32.QueryPerformanceCounter
KERNEL32.QueryPerformanceFrequency
KERNEL32.GetTickCount
|
sub_405B7C(4089):
KERNEL32.WriteFile
|
sub_407252(40b7):
WS2_32.inet_ntoa
KERNEL32.CreateThread
KERNEL32.Sleep
KERNEL32.CloseHandle
WS2_32.ntohl
"KbwMi16jFhl/"
"tArXm0mtxpp."
"mflX2.QU4VY."
"%s %s%s: (%s), Start%s: (%d)"
|
sub_431BB3(4106):
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
|
sub_41CFAE(410c):
"5H5BR.qp/sm1"
"%s %s\r\n"
|
sub_41D17C(4236):
KERNEL32.GetComputerNameA
"YdidB16dnMQ."
|
sub_402646(430d):
KERNEL32.GetTickCount
NTDLL.RtlEnterCriticalSection
WS2_32.inet_ntoa
NTDLL.RtlLeaveCriticalSection
KERNEL32.Sleep
KERNEL32.ExitThread
"Ide74/6o6/B."
"KbwMi16jFhl/"
"mflX2.QU4VY."
"%s %s%s: %s:%d open."
"d1"
|
sub_41D5E0(446e):
KERNEL32.GetTickCount
"abcdefghijklmnopqrstuvwxyz1234567890abc"...
"|%d|%c%c%c%c%c%c%c%c%c"
"%c%c%c%c%c%c%c%c%c"
|
sub_4274B2(44cd):
KERNEL32.Sleep
"AsQfy.K1uah0"
"sSOce0JbTXI/"
"%s %s (%s) with (%d) pack(s)"
|
sub_4292A4(4529):
KERNEL32.LocalFree
|
sub_424627(45b4):
KERNEL32.lstrcpyA
KERNEL32.lstrcatA
KERNEL32.LoadLibraryA
"/"
|
sub_42C63D(45c9):
KERNEL32.GetVersionExA
KERNEL32.GetEnvironmentVariableA
KERNEL32.GetModuleFileNameA
"__MSVCRT_HEAP_SELECT"
"__GLOBAL_HEAP_SELECTED"
|
sub_41E8A9(4603):
KERNEL32.lstrcpyA
":*:Enabled:"
"SYSTEM"
"SYSTEM\\CurrentControlSet\\Services\\Share"...
"SYSTEM\\CurrentControlSet\\Services\\Share"...
|
sub_4305E8(4634):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_40A14F(4676):
WS2_32.ntohs
WSOCK32.setsockopt
WS2_32.bind
WS2_32.listen
|
sub_40A86F(468c):
KERNEL32.lstrcpyA
|
sub_42358B(4a32):
"O.sxv.ze9bK1GOISY.dO.Vn1"
"TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
"%s %s %d %s"
"IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
"%s (%s) %s"
|
sub_4051C0(4ba2):
ADVAPI32.OpenSCManagerA
ADVAPI32.CreateServiceA
ADVAPI32.StartServiceA
KERNEL32.Sleep
ADVAPI32.DeleteService
ADVAPI32.CloseServiceHandle
NTDLL.RtlGetLastWin32Error
ADVAPI32.OpenServiceA
"ServicesActive"
"%s\\%s\\%s"
"%d%d%d%d%d"
|
sub_423850(4bb2):
KERNEL32.lstrcpyA
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegEnumKeyExA
KERNEL32.lstrcatA
ADVAPI32.RegQueryValueExA
"Software\\Microsoft\\Internet Account Man"...
"Software\\Microsoft\\Internet Account Man"...
"\\"
"HTTPMail UserName"
"Hotmail"
"POP3 User Name"
"POP3 Server"
"POP3 Pass2"
|
sub_41BA39(4d6c):
KERNEL32.QueryPerformanceCounter
KERNEL32.QueryPerformanceFrequency
|
sub_41FB92(4d93):
KERNEL32.OpenProcess
NTDLL.RtlGetLastWin32Error
KERNEL32.lstrcatA
KERNEL32.lstrcmpiA
KERNEL32.CloseHandle
"%s"
"YdidB16dnMQ."
"%s: <%d>"
"%s / %s\n"
|
sub_42C185(4f5e):
NTDLL.RtlLeaveCriticalSection
|
sub_42C133(4f5e):
NTDLL.RtlEnterCriticalSection
|
sub_421277(501e):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
|
sub_41E3FB(5096):
KERNEL32.lstrcmpiA
"10"
"172"
"16"
"192"
"168"
"90"
|
sub_421A4D(534a):
"erased"
"fFEC81UzNT81"
"erased"
"fFEC81UzNT81"
"erased"
"erased"
"fFEC81UzNT81"
"%s Total shares %s: [%d]"
"created"
"jVATg1988z81"
"Unloading"
"jVATg1988z81"
"%s No shares %s."
" Total shares [%s: %d]"
"jVATg1988z81"
"%s Total shares [%s: %d]"
|
sub_420C63(53b4):
KERNEL32.lstrcmpiA
|
sub_41C46E(541d):
KERNEL32.lstrcpyA
|
sub_430CCF(547a):
KERNEL32.LCMapStringW
KERNEL32.LCMapStringA
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_408B6A(54c5):
WS2_32.socket
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.connect
KERNEL32.Sleep
"RFB %03d.%03d\n"
"VxPpy0owQ7D/"
"%s"
"%s%d%d%d%d%d.exe"
"2/Afm0dt3o6."
"AQQ27.7qQv10"
"JsuAH.0.mmW0zbFKT0RKhRb0"
"Lvk.H/hddio0"
"uFbSS0Cbo8C."
"VgH9X1u/wAY0"
"w50OJ.ac8AK0"
".9ftY1N2T/m."
"7Zfry0IUSmE1"
"%s %s %s %s %d >> %s %s %s %s %s >> %s "...
"2/Afm0dt3o6."
"AQQ27.7qQv10"
"JsuAH.0.mmW0zbFKT0RKhRb0"
"Lvk.H/hddio0"
"uFbSS0Cbo8C."
"EiH0f1GakFP0"
"VgH9X1u/wAY0"
"w50OJ.ac8AK0"
".9ftY1N2T/m."
"7Zfry0IUSmE1"
"%s %s %s %s %d >> %s %s %s %s %s >> %s "...
"VNC%d.%d: %s - %s"
"%s"
"%s%d%d%d%d%d.exe"
"2/Afm0dt3o6."
"AQQ27.7qQv10"
"JsuAH.0.mmW0zbFKT0RKhRb0"
"Lvk.H/hddio0"
"uFbSS0Cbo8C."
"VgH9X1u/wAY0"
"w50OJ.ac8AK0"
".9ftY1N2T/m."
"7Zfry0IUSmE1"
"%s %s %s %s %d >> %s %s %s %s %s >> %s "...
"2/Afm0dt3o6."
"AQQ27.7qQv10"
"JsuAH.0.mmW0zbFKT0RKhRb0"
"Lvk.H/hddio0"
"uFbSS0Cbo8C."
"EiH0f1GakFP0"
"VgH9X1u/wAY0"
"w50OJ.ac8AK0"
".9ftY1N2T/m."
"7Zfry0IUSmE1"
"%s %s %s %s %d >> %s %s %s %s %s >> %s "...
|
sub_41FF76(5525):
KERNEL32.GetCurrentThread
ADVAPI32.OpenThreadToken
KERNEL32.GetCurrentProcess
ADVAPI32.OpenProcessToken
ADVAPI32.LookupPrivilegeValueA
ADVAPI32.AdjustTokenPrivileges
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
"SeDebugPrivilege"
|
sub_431058(552e):
".\\"
|
sub_42C610(5645):
KERNEL32.GetModuleHandleA
|
sub_424699(574a):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
"mozcrt19.dll"
"nspr4.dll"
"plds4.dll"
"nssutil3.dll"
"sqlite3.dll"
"plds4.dll"
"softokn3.dll"
"NSS_Init"
"NSS_Shutdown"
"PK11_GetInternalKeySlot"
"PK11_Authenticate"
"PK11SDR_Decrypt"
"PK11_CheckUserPassword"
"PL_Base64Decode"
|
sub_41BC85(5868):
KERNEL32.Sleep
|
sub_42D621(58ed):
KERNEL32.VirtualAlloc
|
sub_428D2F(5a83):
KERNEL32.Sleep
|
sub_402842(5b15):
KERNEL32.FreeLibrary
|
sub_42FA30(5bc4):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
|
sub_423650(5dea):
KERNEL32.ExitThread
"O.sxv.ze9bK1GOISY.dO.Vn1"
"%s Threads List:"
"%d. %s"
"O.sxv.ze9bK1GOISY.dO.Vn1"
"%s End of list."
|
sub_41BC58(5f63):
KERNEL32.Sleep
KERNEL32.ExitThread
|
sub_423463(5fd4):
WS2_32.closesocket
KERNEL32.TerminateThread
|
sub_41C68F(6088):
KERNEL32.lstrcmpiA
|
sub_42562E(60a4):
"uhdhC1pCV9i/"
"%s %s."
|
sub_4320EB(61dc):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_4063FA(645a):
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.socket
WS2_32.connect
WSOCK32.recv
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
"%s%d%d%d%d%d.exe"
"AQQ27.7qQv10"
"JsuAH.0.mmW0zbFKT0RKhRb0"
"VxPpy0owQ7D/"
"Lvk.H/hddio0"
"uFbSS0Cbo8C."
"VgH9X1u/wAY0"
"w50OJ.ac8AK0"
".9ftY1N2T/m."
"%s %s %s %d >> %s %s %s %s %s >> %s %s "...
"AQQ27.7qQv10"
"JsuAH.0.mmW0zbFKT0RKhRb0"
"VxPpy0owQ7D/"
"Lvk.H/hddio0"
"uFbSS0Cbo8C."
"EiH0f1GakFP0"
"VgH9X1u/wAY0"
"w50OJ.ac8AK0"
".9ftY1N2T/m."
"%s %s %s %d >> %s %s %s %s %s >> %s %s "...
"%s\r\n"
|
sub_42CF38(64eb):
KERNEL32.VirtualAlloc
|
sub_405C6A(6706):
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.ReadFile
KERNEL32.CloseHandle
KERNEL32.CreateEventA
NTDLL.RtlGetLastWin32Error
KERNEL32.WaitForSingleObject
KERNEL32.Sleep
"\\\\%s\\IPC$"
"\\\\%s\\pipe\\trkwks"
"\\\\%s\\IPC$"
"\\\\%s\\pipe\\srvsvc"
"\\\\%s\\IPC$"
"\\\\%s\\pipe\\srvsvc"
"mflX2.QU4VY."
"%s %s -> %s (Ex: %d)"
|
sub_4325F8(676a):
KERNEL32.GetOEMCP
KERNEL32.GetCPInfo
|
sub_429011(6846):
"string too long"
|
sub_4196C2(6879):
KERNEL32.lstrcmpiA
|
sub_41C9BC(69b2):
WS2_32.shutdown
WS2_32.closesocket
"..."
|
sub_427E13(6bae):
IPHLPAPI.GetIpNetTable
IPHLPAPI.DeleteIpNetEntry
|
sub_407F80(6bb8):
WSOCK32.recv
|
sub_401990(6d7f):
KERNEL32.GetTickCount
"mflX2.QU4VY."
"%s (Stats):"
" (%s: %d),"
" (EFTPD): (%d), Total -> (%d in %s)"
|
sub_428B36(6d86):
KERNEL32.Sleep
|
sub_4229BF(6de4):
KERNEL32.ExitThread
"AsQfy.K1uah0"
"XWzwO1PqcgT16N5aw.affEY1"
"%s %s"
|
sub_4253C0(6e75):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"DigitalProductId"
|
sub_424C9C(7169):
KERNEL32.lstrcpyA
"SOFTWARE\\Clients\\StartMenuInternet\\fire"...
|
sub_433556(72a2):
KERNEL32.FlushFileBuffers
NTDLL.RtlGetLastWin32Error
|
sub_41D70C(72a4):
KERNEL32.GetTickCount
"abcdefghijklmnopqrstuvwxyz1234567890abc"...
"|%d|%s%c%c%c%c%c%c%c%c%c"
"%s%c%c%c%c%c%c%c%c%c"
|
sub_42A705(7322):
KERNEL32.GetLocalTime
KERNEL32.GetSystemTime
KERNEL32.GetTimeZoneInformation
|
sub_41C6FF(756f):
"ty2nT0oI2YK/"
"%s Login List:"
"<%i> %s!%s@%s"
"<%i> "
"ty2nT0oI2YK/"
"%s Login List complete."
|
sub_42E485(7611):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_4284AE(772a):
WS2_32.connect
WS2_32.select
|
sub_41DAA5(7787):
KERNEL32.Sleep
KERNEL32.ExitThread
"AsQfy.K1uah0"
"YhzCK13CaOG0"
"%s %s -> %s"
|
sub_427931(78f9):
KERNEL32.lstrcatA
KERNEL32.lstrcpyA
|
sub_41E4D1(7918):
KERNEL32.CloseHandle
|
sub_409EB3(7919):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
KERNEL32.MultiByteToWideChar
"netapi32.dll"
"NetValidateName"
"\\\\%s\\IPC$"
"\\\\%s"
|
sub_426402(79a5):
KERNEL32.GetTickCount
WS2_32.send
WSOCK32.recv
WS2_32.closesocket
"7LybP1GuNfm0"
"%s %s\n"
"TuGNF.mQSDR0"
"%s %s\n%s %s \"mail.gmail.com\" \"127.0.0.1"...
|
sub_41EF29(79ec):
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Module32First
KERNEL32.lstrcmpiA
KERNEL32.SetFileAttributesA
KERNEL32.OpenProcess
KERNEL32.TerminateProcess
KERNEL32.Sleep
KERNEL32.DeleteFileA
KERNEL32.Module32Next
KERNEL32.CloseHandle
"Al./N0Kenp20"
"%s Terminated and deleted %s"
|
sub_41CA64(7a24):
WSOCK32.recv
KERNEL32.GetTickCount
|
sub_4289AF(7b73):
KERNEL32.ExitThread
"AsQfy.K1uah0"
"vfEsO.QcgDt."
"%s %s (%s)"
|
sub_4029DF(7bbf):
KERNEL32.UnmapViewOfFile
KERNEL32.CloseHandle
|
sub_41DA00(7c79):
KERNEL32.GetTickCount
USER32.FindWindowA
KERNEL32.lstrcatA
"mIRC"
"M|"
"P|"
|
sub_426AA3(7ee7):
WS2_32.closesocket
|
sub_420FC9(8057):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegCloseKey
|
sub_40285A(80fc):
KERNEL32.LocalFree
"CURRENT_USER"
|
sub_435A15(8107):
KERNEL32.CompareStringW
KERNEL32.CompareStringA
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
|
sub_43340D(81be):
KERNEL32.GetStringTypeW
KERNEL32.GetStringTypeA
KERNEL32.MultiByteToWideChar
|
sub_41B12F(822d):
"invalid vector subscript"
|
sub_4261D4(8474):
WS2_32.socket
WS2_32.ntohs
WS2_32.inet_addr
WS2_32.gethostbyname
WS2_32.connect
WS2_32.closesocket
|
sub_4276F7(8491):
KERNEL32.GetFileAttributesA
|
sub_4022B8(8512):
WS2_32.inet_ntoa
KERNEL32.lstrcmpiA
WS2_32.socket
WS2_32.ntohs
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
|
sub_42C7E2(8555):
NTDLL.RtlAllocateHeap
|
sub_42F84D(8591):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_40238D(8768):
WS2_32.socket
WS2_32.ntohs
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
|
sub_42C855(87ad):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_415440(87c0):
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02"...
|
sub_420CC8(8926):
"zyVGp1MxObt0"
"bw/Ij0rhPgj1"
"FuV1H.fi8SC/"
"KC4L5.sAVS3."
"302"
"332"
"366"
"005"
"376"
"422"
"433"
|
sub_42ABFC(8af0):
NTDLL.RtlUnwind
|
sub_434C2F(8bd2):
KERNEL32.IsBadCodePtr
|
sub_41EDC3(8c55):
KERNEL32.OpenProcess
KERNEL32.ReadProcessMemory
KERNEL32.Sleep
KERNEL32.CloseHandle
"Al./N0Kenp20"
"%s Found string \"%s\" in \"%s\" File \"%s\""
|
sub_421F40(8d2f):
KERNEL32.Sleep
KERNEL32.ExitThread
WS2_32.WSACleanup
KERNEL32.ExitProcess
ADVAPI32.SetServiceStatus
NTDLL.RtlGetLastWin32Error
"System shutting down."
|
sub_404105(8d44):
WS2_32.socket
WS2_32.ntohs
WS2_32.inet_addr
WS2_32.connect
WS2_32.send
WSOCK32.recv
WS2_32.closesocket
"mflX2.QU4VY."
"%s %s -> %s (Ex: %d)"
|
sub_43234B(8e73):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
|
sub_421DCA(8f2a):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
NTDLL.RtlGetLastWin32Error
ADVAPI32.ControlService
ADVAPI32.CloseServiceHandle
"fFEC81UzNT81"
"ServicesActive"
"%s The %s service does not exist."
"%s %s service stopped."
"%s The %s service was not started."
"%s No services stopped."
"%s Total services stopped: %d"
|
sub_403247(8f5e):
WS2_32.socket
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.connect
WS2_32.closesocket
|
sub_424FC9(8f7c):
"SOFTWARE\\Mozilla\\Mozilla Firefox"
"SOFTWARE\\mozilla.org\\Mozilla"
"CurrentVersion"
|
sub_407E1C(8f9b):
KERNEL32.GetLogicalDriveStringsA
KERNEL32.GetDriveTypeA
"xLpyR1aNPGm0"
"%s Infected USB drive: %s"
|
sub_430A86(905b):
KERNEL32.GetCurrentProcess
KERNEL32.TerminateProcess
KERNEL32.ExitProcess
|
sub_419A4B(90ef):
"\r\n\r\n"
|
sub_4209F2(917f):
KERNEL32.lstrcmpiA
|
sub_428597(9225):
KERNEL32.GetTickCount
WS2_32.ntohs
WS2_32.socket
WS2_32.closesocket
WS2_32.ntohl
WS2_32.sendto
KERNEL32.Sleep
" "
"%s%d "
|
sub_41E326(92db):
WS2_32.inet_addr
WS2_32.gethostbyname
|
sub_42630C(930e):
KERNEL32.lstrcmpiA
WS2_32.send
" "
"spxMr/G/vBI0"
"/2nRu.KpKNx/"
"%s %s\n"
"433"
"432"
"TuGNF.mQSDR0"
"%s %s\n"
|
sub_420399(933a):
KERNEL32.lstrcpyA
KERNEL32.lstrcmpiA
KERNEL32.GetSystemDirectoryA
KERNEL32.CreateFileA
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
WSOCK32.recv
WS2_32.closesocket
WS2_32.ntohl
WS2_32.send
"+"
"sHKtk1e/Nl8/jLZte1JtI/t1"
"Xiw8.1HHX7d1"
"deHZI/SA//o0"
"%s!%s@%s"
"ZcM1..nUM3N0OE819.1TEYD."
"Xiw8.1HHX7d1"
"%s %s [%s!%s@%s] (Pass Tried -> %s)"
"%s %s"
"ty2nT0oI2YK/"
"mKK0/.MVScP.hwHKV/Er1cB0ZvOBu/66U/i/nNp"...
"mKK0/.MVScP.hwHKV/Er1cB0ZvOBu/66U/i/nNp"...
"/qvP40nD9F2/"
"/qvP40nD9F2/"
"Xiw8.1HHX7d1"
"%s Version request from: %s!%s@%s"
"Xiw8.1HHX7d1"
"%s DCC request from: %s!%s@%s"
"SEND"
"YdidB16dnMQ."
"RcCSh.AdUKf1"
"%s %s unable to write file to disk."
"YdidB16dnMQ."
"RcCSh.AdUKf1"
"%s %s opening file for writing."
"VV3AJ1ywFkC.XzinP/s/R0A."
"RcCSh.AdUKf1"
"%s %s <%d>"
"VV3AJ1ywFkC.XzinP/s/R0A."
"RcCSh.AdUKf1"
"%s %s <%d>"
"%s"
"Transfer complete from IP: %s, File: %s"...
"RcCSh.AdUKf1"
"%s %s"
"Xiw8.1HHX7d1"
"%s Ping request from: %s!%s@%s"
|
sub_401B6E(9369):
WS2_32.inet_addr
WS2_32.ntohs
WS2_32.socket
WS2_32.connect
WSOCK32.recv
WS2_32.send
KERNEL32.Sleep
WS2_32.closesocket
"%s%d%d%d%d%d.exe"
"AQQ27.7qQv10"
"JsuAH.0.mmW0zbFKT0RKhRb0"
"VxPpy0owQ7D/"
"Lvk.H/hddio0"
"uFbSS0Cbo8C."
"VgH9X1u/wAY0"
"w50OJ.ac8AK0"
".9ftY1N2T/m."
"%s %s %s %d >> %s %s %s %s %s >> %s %s "...
"AQQ27.7qQv10"
"JsuAH.0.mmW0zbFKT0RKhRb0"
"VxPpy0owQ7D/"
"Lvk.H/hddio0"
"uFbSS0Cbo8C."
"EiH0f1GakFP0"
"VgH9X1u/wAY0"
"w50OJ.ac8AK0"
".9ftY1N2T/m."
"%s %s %s %d >> %s %s %s %s %s >> %s %s "...
"%s\r\n"
|
sub_4216DB(93e6):
WS2_32.ntohs
WS2_32.socket
WS2_32.bind
KERNEL32.ExitThread
WS2_32.listen
WS2_32.accept
KERNEL32.CreateThread
|
sub_4228EE(93f0):
"AsQfy.K1uah0"
"BjAtz/qyRS11"
"%s %s @ (%iKB/s)"
"%s"
|
sub_41714C(9421):
KERNEL32.lstrlenA
KERNEL32.lstrcpyA
|
sub_42AB28(9438):
KERNEL32.TlsSetValue
|
sub_40126C(94d6):
"CCCC"
|
sub_41C9EE(959c):
"vozbG0sSsoM1"
"%s %s\r\n"
"vozbG0sSsoM1"
"%s\r\n"
|
sub_41729C(9600):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
NTDLL.RtlGetLastWin32Error
KERNEL32.LoadLibraryA
WININET.InternetOpenA
"kernel32.dll"
"SetErrorMode"
"CreateToolhelp32Snapshot"
"Process32First"
"GetDiskFreeSpaceExA"
"GetLogicalDriveStringsA"
"SearchPathA"
"QueryPerformanceCounter"
"QueryPerformanceFrequency"
"GetComputerNameA"
"RegisterServiceProcess"
"user32.dll"
"CloseWindow"
"SendMessageA"
"FindWindowA"
"IsWindow"
"GetClipboardData"
"CloseClipboard"
"EnumWindows"
"GetWindowThreadProcessId"
"ShowWindow"
"IsWindowVisible"
"advapi32.dll"
"RegCreateKeyExA"
"RegSetValueExA"
"RegQueryValueExA"
"RegDeleteValueA"
"RegCloseKey"
"RegQueryInfoKeyA"
"OpenThreadToken"
"OpenProcessToken"
"LookupPrivilegeValueA"
"AdjustTokenPrivileges"
"OpenSCManagerA"
"OpenServiceA"
"ControlService"
"CloseServiceHandle"
"EnumServicesStatusA"
"IsValidSecurityDescriptor"
"CreateServiceA"
"StartServiceCtrlDispatcherA"
"ImpersonateLoggedOnUser"
"LockServiceDatabase"
"QueryServiceLockStatusA"
"ChangeServiceConfig2A"
"UnlockServiceDatabase"
"RegisterServiceCtrlHandlerA"
"SetServiceStatus"
"GetUserNameA"
"ClearEventLogA"
"gdi32.dll"
"CreateDCA"
"CreateDIBSection"
"CreateCompatibleDC"
"GetDIBColorTable"
"SelectObject"
"BitBlt"
"DeleteDC"
"DeleteObject"
"ws2_32.dll"
"WSAStartup"
"WSASocketA"
"WSAAsyncSelect"
"__WSAFDIsSet"
"WSAIoctl"
"WSAGetLastError"
"WSACleanup"
"socket"
"ioctlsocket"
"connect"
"inet_ntoa"
"inet_addr"
"htons"
"htonl"
"ntohs"
"ntohl"
"send"
"sendto"
"recv"
"recvfrom"
"bind"
"select"
"listen"
"accept"
"setsockopt"
"getsockname"
"gethostname"
"getpeername"
"closesocket"
"shutdown"
"wininet.dll"
"InternetGetConnectedState"
"InternetGetConnectedStateEx"
"HttpOpenRequestA"
"HttpSendRequestA"
"FtpGetFileA"
"FtpPutFileA"
"InternetConnectA"
"InternetOpenUrlA"
"InternetCrackUrlA"
"InternetReadFile"
"InternetCloseHandle"
"Mozilla/5.0"
"icmp.dll"
"IcmpCreateFile"
"IcmpCloseHandle"
"IcmpSendEcho"
"netapi32.dll"
"NetShareAdd"
"NetShareDel"
"NetShareEnum"
"NetScheduleJobAdd"
"NetApiBufferFree"
"NetRemoteTOD"
"NetUserAdd"
"NetUserDel"
"NetUserEnum"
"NetUserGetInfo"
"NetMessageBufferSend"
"dnsapi.dll"
"DnsFlushResolverCache"
"DnsFlushResolverCacheEntry_A"
"iphlpapi.dll"
"DeleteIpNetEntry"
"GetIfTable"
"GetTcpTable"
"GetUdpTable"
"GetNetworkParams"
"mpr.dll"
"WNetAddConnection2A"
"WNetAddConnection2W"
"WNetCancelConnection2A"
"WNetCancelConnection2W"
"shell32.dll"
"SHChangeNotify"
"odbc32.dll"
"SQLDriverConnect"
"SQLAllocHandle"
"psapi.dll"
"GetModuleFileNameExA"
"GetModuleBaseNameA"
"EnumProcessModules"
"GetProcessMemoryInfo"
"pstorec.dll"
"PStoreCreateInstance"
"shlwapi.dll"
"PathRemoveFileSpecA"
|
sub_41BAC3(96a1):
NTDLL.RtlGetLastWin32Error
"YdidB16dnMQ."
"%s <%d>"
"s"
|
sub_41D3AF(9761):
KERNEL32.GetLocaleInfoA
KERNEL32.GetVersionExA
"%d.%d"
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2K3"
"Vista"
"2K8"
"7"
|
sub_42207E(9788):
ADVAPI32.RegisterServiceCtrlHandlerA
ADVAPI32.SetServiceStatus
KERNEL32.CreateThread
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
|
sub_401642(981b):
WS2_32.ntohl
WS2_32.send
|
sub_4181F4(99ff):
WININET.InternetOpenUrlA
KERNEL32.CreateFileA
WININET.InternetCloseHandle
KERNEL32.ExitThread
KERNEL32.GetTickCount
WININET.InternetReadFile
KERNEL32.WriteFile
KERNEL32.CloseHandle
SHLWAPI.PathRemoveFileSpecA
NTDLL.RtlGetLastWin32Error
KERNEL32.CreateProcessA
KERNEL32.WaitForSingleObject
KERNEL32.Sleep
WS2_32.WSACleanup
KERNEL32.ExitProcess
"HuuDG/YQZDz/"
"%s Couldn't open file for writing: %s."
"6HWiy/OAtg9.6N5aw.affEY1"
"6HWiy/OAtg9.6N5aw.affEY1"
"HuuDG/YQZDz/"
"6HWiy/OAtg9.6N5aw.affEY1"
"RY6IQ0UDbPh/"
"8CBGO/rJRYr."
"%s %s %s: %.1fKB to: %s @ %.1fKB/sec."
"6HWiy/OAtg9.6N5aw.affEY1"
"RY6IQ0UDbPh/"
"8CBGO/rJRYr."
"%s %s %s: %.1fKB to: %s @ %.1fKB/sec."
"YdidB16dnMQ."
"%s Couldn't parse path, %s: <%d>"
"%s Couldn't parse path, %s: <%d>"
"YdidB16dnMQ."
"QvDsp/rBQ6w0"
"%s %s to create process: \"%s\", %s: <%d>"...
"QvDsp/rBQ6w0"
"%s %s to create process: \"%s\", %s: <%d>"...
"%s Created process: \"%s\", PID: <%d>"
"%s Created process: \"%s\", PID: <%d>"
" hour"
" hours"
" %d%s"
" %.2d:%.2d"
"%s Process %s: \"%s\", Total %s Time: %s."...
"/iHFN/l6B5X/"
"SFe3H0kCLgx0"
"/iHFN/l6B5X/"
"SFe3H0kCLgx0"
"3Un9W.TEMuX.5ythl/YiVnR/J9IiO.VPA7i1"
"YdidB16dnMQ."
"%s %s %s: %s executing file: %s."
"QvDsp/rBQ6w0"
"w3NKI.gUvJx/"
"6HWiy/OAtg9.6N5aw.affEY1"
"QvDsp/rBQ6w0"
"w3NKI.gUvJx/"
"6HWiy/OAtg9.6N5aw.affEY1"
"HuuDG/YQZDz/"
"6HWiy/OAtg9.6N5aw.affEY1"
"nD4Qz/y5xMl0RNAQI05pV11/XzinP/s/R0A."
"%s %s <%d>"
"6HWiy/OAtg9.6N5aw.affEY1"
"nD4Qz/y5xMl0RNAQI05pV11/XzinP/s/R0A."
"%s %s <%d>"
|
sub_420018(9a64):
ADVAPI32.AdjustTokenPrivileges
KERNEL32.CloseHandle
|
sub_420E3E(9a77):
"REG_BINARY"
"REG_EXPAND_SZ"
"REG_SZ"
"REG_DWORD"
"UNKNOWN"
"REG_QWORD"
"REG_MULTI_SZ"
"REG_DWORD_BIG_ENDIAN"
|
sub_4155B9(9b03):
"7LybP1GuNfm0"
"391mY/LxL28."
"5H5BR.qp/sm1"
"yJmlc1btsF10"
"zyVGp1MxObt0"
"g7/IV/gks9L1"
"TuGNF.mQSDR0"
"bw/Ij0rhPgj1"
"FuV1H.fi8SC/"
"lCX/m/HdpWr1"
"vozbG0sSsoM1"
"KC4L5.sAVS3."
"wK12F0ZBpla/"
"spxMr/G/vBI0"
"/2nRu.KpKNx/"
"7LybP1GuNfm0"
"yJmlc1btsF10"
"zyVGp1MxObt0"
"g7/IV/gks9L1"
"TuGNF.mQSDR0"
"lCX/m/HdpWr1"
"vozbG0sSsoM1"
"KC4L5.sAVS3."
"d/Jst/MFgyQ."
"eRWc30Qfw.P0"
"86tb/1FSpjg0"
"PlsYM/aEe6v1"
"deHZI/SA//o0"
"Ob4iQ/KJ5ue."
"NFKNL0nQigY0"
"e0idD0RDw2U/"
"EUIOR0ay2w7."
"PDazX1oDSOh0"
"uc6Wg1OvWVt1"
"dJ9OW/uMRBD."
"P00Ls0K4t.N1"
"l3nYW.D7Tfl."
"Qc9zS1zGZff0"
"WpuWr.6YFRU/"
"4RmBz/FCic21"
"SC.Co/swLK/."
"LeEs11vPbnf0"
"lbJVg0r.qMb."
"A52N11SVYFw0"
"Hj6vo0JRP9Q0"
"r7WRs/qHek.0"
"DuzCb0KgSsv0"
"dQJSO.47pdb/"
"K9V/U/KkuTM/"
"7yfnz0PW11s1"
"nQ.As1Z1SIt/"
"QRn4z10ge1I1"
"iEguD0V/.5/."
"fc9Kk1jX11G."
"DnjQ8/ze3ZW/"
"EWqxA//oC1T."
"JIAtz0xSuMp1"
"VI0QA1mvfro1"
"W3GP6.13AcY1"
"e8qiq0Hukv9/"
"18Rjk.sa2JE/"
"lJ/am/kZRtP1"
"XZArU0aMxhi."
"rA7E2/hHXPf0"
"Rp4sR11CvR1/"
"ZqrVt0t6nmZ."
"1ShtA0bzFwk1"
"AZcsP.hkiLO."
"FEpMF/ZswFD/"
"sUd8h/rsu8j1"
"j2yYw.J09XC/"
"43uCS0rkQUx."
"jC8j0.blHIr0"
"PIYGC.BgPyH."
"7bQzU.aQz2u."
"saR5v0JloIc0"
"x43Mx/eGeDu."
"IsoPF.PU4tY0"
"98mu./nEdn7."
"vDIrQ.MJcpx1"
"Sad25/hP/R91"
"Vsz2x/xqJP5/"
"i7Atf.8/tag1"
"dO5oA/0U5m7."
"s3dY//JZo6r/"
"kE3L20Ufrlq0"
"VP1WE/JVQbn."
"UaxWg1w8vSP0QRn4z10ge1I1"
"qbwGd0CFxf./"
"2mo7G0.B0qj/"
"47Ff/020f.0."
"HyOMe/iovtV."
"CwXYh0RYoUv1"
"eAvYh.IC0dc0"
"uz3rf.VTKug1"
"MAEyv0BdSGj0"
"I3nCG.v5U4g."
"9bWj..lZ2My0"
"rioCl1kzTWO0"
".SWwg1hqeiI1"
"g3obv.r6j7H/"
"M5sPX.Qp7Lx."
"ITx.N.WPAmx."
"LNdk50vzCqW0"
"9lJBH07crkD."
"ajTtz06Ztse1"
"uN3hk0sn58o/"
"QRn4z10ge1I1"
"bVUSO0ed3MW/"
"M1d.716Jg1r1"
"6x2Ka0buUbB."
"uQYiL.iYvpI."
"4QyYH1q/2ps1"
"ZGidU12tiV0/"
"HGCRW.CWUF5."
"gzTlE.nhywf/"
"TVJrO1uBGtg1"
"l80re/UvCUe1"
"VXA.u/cDD7S0"
"h1cMQ0wQw5C."
"SXYtb1.EEjQ."
"vB1r0/N.Arr0"
"8Im6i..C829."
"tIYj208FHvN."
"5nG/N0ZJh2i1"
"mdf9n0kzPX60"
"/ATfv.jgK0X1"
"fu6k10iRsc/1"
".lUua.bruje0"
"kzqSH/dhRIc."
"/uYcs/BEKWP0"
"WWFBf.0ptzE."
"fhzdV1OotFg0"
"Umk7x0PwyW9/QRn4z10ge1I1"
"HPmCH0PbQ800"
"uFbSS0Cbo8C."
"NoaZx1Alvg/0"
"7FUgU.N0U2m1"
"w3dWL/46o0u0"
"/uBQS.HZPkh1"
"6x7zf1EztnY."
"7otcU0FiC6V0"
"FyFlU0jI3XH."
"dnjYk0fWkI.."
"xMz20//gJkQ/"
"nHr6r0qsk450"
"X.62C.3LDCP/"
"wt4Rn/WGL6V."
"iMvbW1SHwxQ0"
"4h4m/.Q.GUy."
"pSern1AAGh6."
"XkG84.cESgs."
"UyfOG.DvVnY0"
"p06vq/BFBMo."
"3VVsV1VuRUA/"
"w1w2V121JSP."
"Vz62d1m0Yya/"
"F4c9z1UBCg80"
"2YClO0SRxpi/"
"h3YH9.Xq.S2."
"IwBKf0O1Om6/QRn4z10ge1I1"
"KmdIe1UwntQ/"
"UPx0W/cz2EI0QRn4z10ge1I1"
"V6jBH0k4u/d."
"B2smo.WHkeW.QRn4z10ge1I1"
"vXG7N.qBMG90aA/Td0EX07M1"
"Em42x.1IsZI1"
"ERNNi/HM17T1QRn4z10ge1I1"
"q5l5f.2TO.60"
"jBKL4/FbWCF1"
"W3GP6.13AcY1"
"M08SE.Kt9tD1"
"3eowX/2OCnG/"
"s3dY//JZo6r/"
"UWher1DAGD80"
"pNb.a/Bfzu60"
"Zu2s6.O7.yt/"
"4hftZ/6HOlR/"
"yqrdP.9rF4U0"
"1UyIs15KH.n1"
"9lJBH07crkD."
"D0roN.CTDg0."
"fr8ri0f9NfZ."
"wbZcx0/Dknt."
"NyJsR1cV5CH0"
"/I6sD/4CTzn0"
"WRlth/n3Uh.1"
"yQJsn0wtUtn1"
"ty2nT0oI2YK/"
"O.sxv.ze9bK1GOISY.dO.Vn1"
"fFEC81UzNT81"
"jVATg1988z81"
"pRTtT0s3aG916N5aw.affEY1"
"Hm1H.049e4O/"
"wj27.1Belx20"
"Al./N0Kenp20"
"6h4NN1IGJm60"
"Ur6ne.MOT50."
"mflX2.QU4VY."
"xLpyR1aNPGm0"
"WPUkb.0uIoa/OFUur11TNYw0"
"C4dD9.nojvO1"
"jt17J1ImTVD1"
"LTLec18US5q0"
"6atSs0dyCWF.6N5aw.affEY1"
"7.PaK0OnymN/7Razv/1FefF."
"WHdAg1glAgf."
"lmecq0yGcoK/"
"RcCSh.AdUKf1"
"XU6CU1p.SN6.6N5aw.affEY1"
"HuuDG/YQZDz/"
"6HWiy/OAtg9.6N5aw.affEY1"
"PTaMI1/.aGV/"
"uhdhC1pCV9i/"
"WUlZR.X7XjB0"
"BjAtz/qyRS11"
"BVYGm.aFzkh0"
"Lcgg60QK2mf0"
"YhzCK13CaOG0"
"aXauo.rLGgX0"
"XWzwO1PqcgT16N5aw.affEY1"
"vfEsO.QcgDt."
"sSOce0JbTXI/"
"Xiw8.1HHX7d1"
"QSOZ9.vFVWu0"
"5OkE/1AWBZq/"
"/iHFN/l6B5X/"
"AsQfy.K1uah0"
"bNJcZ.ziG1m0"
"SFe3H0kCLgx0"
"YdidB16dnMQ."
"QvDsp/rBQ6w0"
"VV3AJ1ywFkC.XzinP/s/R0A."
"nD4Qz/y5xMl0RNAQI05pV11/XzinP/s/R0A."
"RY6IQ0UDbPh/"
"w3NKI.gUvJx/"
"RY6IQ0UDbPh/LL/Dw.r3B9K/"
"RY6IQ0UDbPh/N2NHs/pc9zb/8Wb3v063Ds00"
"8CBGO/rJRYr."
"KbwMi16jFhl/"
"Ide74/6o6/B."
"Y2LM40Nv3Ya/p4MrM1AZiAp1eUok8/eobtx1"
"7Zfry0IUSmE1"
".9ftY1N2T/m."
"VxPpy0owQ7D/"
"w50OJ.ac8AK0"
"VgH9X1u/wAY0"
"EiH0f1GakFP0"
"uFbSS0Cbo8C."
"Lvk.H/hddio0"
"JsuAH.0.mmW0zbFKT0RKhRb0"
"AQQ27.7qQv10"
"2/Afm0dt3o6."
"/qvP40nD9F2/"
"mKK0/.MVScP.hwHKV/Er1cB0ZvOBu/66U/i/nNp"...
"sHKtk1e/Nl8/jLZte1JtI/t1"
"ZcM1..nUM3N0OE819.1TEYD."
"5.Xnq0cowXs0"
"8Y4sz09fDH50tccap0cH5OH0/mDXM1sxCV2/iNR"...
"RNYAA0crTPO0yYB2h.Fe8bw.iRLzu0EdQ3j/1D6"...
"EUIOR0ay2w7."
"TFEE90W.vdG1u8Ajp1eidrT.d2k2X/no6gm/"
"IBtOx1/HOfe0Hcxmb/oUlVg00eWuQ.F61Hj/"
"TpzyK0MOE8.0jTPEZ1dC0uG0"
"4Ezrg1ye5hp1O2jqY1BhtQc.jTPEZ1dC0uG0"
"JQrlp/UXr08/qqduw/ZeDHN/N/Wda.tYScO0znN"...
"4Ezrg1ye5hp1AUz6N/Zzkas/bbUvL0k.zqt1cpO"...
"2MS3c.kJTeK0"
"OGyZo1/qmpy1"
"n/i4//27pnT0"
"xg4wO0Gh6FY0p9CIj.BYYVY."
"tArXm0mtxpp."
"Q3BEf.grJCN1aA/Td0EX07M1"
"P/JS70EukYp0"
"u/DnE/tzo8s.OMQDW1DERIa/"
"2n67H0PEVch1"
"5v1zc1EfRZg.tccap0cH5OH0NHckR.k9Wj.1"
"6f3aL1m.YdX05ythl/YiVnR/jSlje0VWu/50peq"...
"3Un9W.TEMuX.5ythl/YiVnR/J9IiO.VPA7i1"
"7NmRu1oWjRG0Md/AN15kOfy.nR01m1pzFKu1"
"NEuF//6QYOi/Md/AN15kOfy.nR01m1pzFKu1"
"nxruJ.vIib6/"
"5GCpx/gYCn21N1Zsj.w3Ty30"
"fOaBg1ACVfo/osdpb1E0v95."
"pImgT12pvEE."
"jgYqN0dmziR12zQe40gFoLm.rilJR.uuL/I0"
"aQeJV.nJvIi.y8Ri./b5L.q."
|
sub_422394(9c01):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.lstrcpyA
KERNEL32.CreateProcessA
KERNEL32.Sleep
KERNEL32.CloseHandle
WS2_32.WSACleanup
KERNEL32.ExitProcess
KERNEL32.CreateThread
KERNEL32.WaitForSingleObject
|
sub_420EA3(9c70):
ADVAPI32.RegDeleteKeyA
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegEnumKeyExA
ADVAPI32.RegDeleteValueA
ADVAPI32.RegCloseKey
|
sub_41EB23(9cc5):
DNSAPI.DnsFlushResolverCache
KERNEL32.GetVersionExA
ADVAPI32.OpenEventLogA
ADVAPI32.ClearEventLogA
ADVAPI32.CloseEventLog
KERNEL32.Sleep
"application"
"system"
|
sub_41E96A(9d8e):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.ExitThread
"firewall set portopening TCP 445 NB"
"netsh"
"open"
"firewall set portopening TCP 139 NB"
"firewall set portopening TCP 1013 BS"
"firewall set portopening TCP 9999 PORT1"...
"firewall set portopening TCP 9991 PORT2"...
"firewall add allowedprogram \"%s\" workst"...
"firewall set allowedprogram \"%s\" workst"...
|
sub_434BF7(9ed0):
KERNEL32.IsBadReadPtr
|
sub_434C13(9ed0):
KERNEL32.IsBadWritePtr
|
sub_41557B(9f48):
"%s"
|
sub_41553D(9f48):
"+%s"
|
sub_42D9F6(9fe3):
KERNEL32.InitializeCriticalSection
|
sub_401766(a2f7):
WS2_32.send
|
sub_4221D8(a315):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.StartServiceA
ADVAPI32.CloseServiceHandle
|
sub_420BF0(a3e7):
KERNEL32.CreateThread
KERNEL32.Sleep
|
sub_405990(a5c8):
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
"\\\\%s"
"%s\\IPC$"
|
sub_4323AA(a636):
NTDLL.RtlLeaveCriticalSection
|
sub_417010(a6a6):
KERNEL32.lstrlenA
KERNEL32.lstrcpyA
|
sub_427F4E(a6ea):
KERNEL32.OpenProcess
ADVAPI32.OpenProcessToken
ADVAPI32.ImpersonateLoggedOnUser
KERNEL32.CloseHandle
|
sub_4066B3(a761):
KERNEL32.CreateFileA
KERNEL32.CloseHandle
KERNEL32.TransactNamedPipe
KERNEL32.CreateThread
KERNEL32.Sleep
"\\\\%s\\PIPE"
"\\\\%s\\PIPE\\BROWSER"
"mflX2.QU4VY."
"%s %s -> %s (Ex: %d)"
|
sub_4259A3(a952):
"OpenSSL/0.9.6"
"Apache/1.3"
"Serv-U FTP Server"
"OpenSSH_2"
|
sub_421387(ab8f):
ADVAPI32.RegCreateKeyExA
KERNEL32.lstrcpyA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
|
sub_427BB8(ab9f):
KERNEL32.GetTempPathA
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.SetFileAttributesA
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.CloseHandle
SHELL32.ShellExecuteA
"%s\\%s%i%i%i%i.bat"
"@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nping "...
"@echo off\r\n:Repeat\r\ndel \"%s\">nul\r\nif ex"...
|
sub_41C0D4(acf7):
IPHLPAPI.GetIfTable
|
sub_42B82A(aeff):
KERNEL32.RaiseException
|
sub_42C5D1(af5c):
KERNEL32.ExitProcess
|
sub_41CFD5(b09e):
"5H5BR.qp/sm1"
|
sub_42105D(b0ae):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryInfoKeyA
ADVAPI32.RegEnumKeyExA
ADVAPI32.RegEnumValueA
KERNEL32.lstrcmpiA
ADVAPI32.RegCloseKey
"(%.2d) %s\\%s"
"(Default)"
"(%.2d) %s\\%s (%s)"
|
sub_421783(b0e8):
"HKLM"
"HKCU"
"fFEC81UzNT81"
"jVATg1988z81"
"%s Set \"%s\\%s\\%s\" to \"%d\"."
"HKLM"
"HKCU"
"fFEC81UzNT81"
"jVATg1988z81"
"%s Failed to set \"%s\\%s\\%s\" to \"%d\"."
"HKLM"
"HKCU"
"fFEC81UzNT81"
"jVATg1988z81"
"%s Set \"%s\\%s\\%s\" to \"%s\"."
"HKLM"
"HKCU"
"fFEC81UzNT81"
"jVATg1988z81"
"%s Failed to set \"%s\\%s\\%s\" to \"%s\"."
"Secured"
"jVATg1988z81"
"%s Failed to %s Registry, (%.2d/%.2d)"
"fFEC81UzNT81"
"Secure"
"jVATg1988z81"
"%s Registry %s, (%.2d/%.2d)"
"fFEC81UzNT81"
|
sub_401AF0(b0ee):
KERNEL32.GetTickCount
"%s%c%c%c%c%c"
|
sub_432431(b1ba):
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_40A708(b276):
KERNEL32.GetModuleHandleA
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
KERNEL32.GetTickCount
KERNEL32.IsDebuggerPresent
"KERNEL32.DLL"
"IsDebuggerPresent"
"DAEMON"
"SOFTWARE\\VMware, Inc.\\VMware Tools"
"InstallPath"
"ShowTray"
|
sub_4331E9(b27a):
KERNEL32.WideCharToMultiByte
|
sub_4215AD(b29e):
WS2_32.select
WSOCK32.recv
WS2_32.socket
WS2_32.connect
WS2_32.send
WS2_32.closesocket
|
sub_43220E(b65f):
KERNEL32.SetStdHandle
|
sub_42BE29(b6e7):
": "
"\n"
|
sub_41E501(b783):
KERNEL32.WriteFile
|
sub_4027F3(b890):
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
"ntdll.dll"
"RtlInitUnicodeString"
|
sub_42A954(b9f9):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_433252(b9f9):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_41E380(ba19):
WS2_32.inet_ntoa
KERNEL32.lstrcpyA
WS2_32.gethostbyaddr
"@"
"Couldn't resolve"
|
sub_41DC43(bb56):
KERNEL32.Sleep
KERNEL32.ExitThread
"AsQfy.K1uah0"
"YhzCK13CaOG0"
"%s %s -> %s"
|
sub_427FA1(bba8):
ADVAPI32.OpenSCManagerA
ADVAPI32.EnumServicesStatusA
NTDLL.RtlGetLastWin32Error
KERNEL32.lstrcmpiA
ADVAPI32.CloseServiceHandle
|
sub_40A5FF(bc3c):
KERNEL32.GetModuleFileNameA
|
sub_42F62C(bd4c):
KERNEL32.GetStartupInfoA
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.SetHandleCount
|
sub_41F02F(bee1):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
KERNEL32.lstrcmpiA
WS2_32.inet_addr
KERNEL32.Process32Next
KERNEL32.CloseHandle
KERNEL32.ExitThread
"\\"
"Al./N0Kenp20"
"%s Killing %s"
"Al./N0Kenp20"
"%s Matched and killing %s"
"Al./N0Kenp20"
"%s Running AVScan on %s"
"Al./N0Kenp20"
"%s bkill shutdown for wride."
"Al./N0Kenp20"
"%s bkill shutdown for wride."
|
sub_41D000(c0ed):
"yJmlc1btsF10"
"%s %s\r\n"
|
sub_41D04A(c1b9):
"lCX/m/HdpWr1"
"lCX/m/HdpWr1"
|
sub_422D47(c1cb):
KERNEL32.GetTickCount
NTDLL.RtlGetLastWin32Error
KERNEL32.ExitThread
WS2_32.ntohs
WS2_32.inet_addr
WS2_32.ntohl
KERNEL32.Sleep
WS2_32.closesocket
"VV3AJ1ywFkC.XzinP/s/R0A."
"BVYGm.aFzkh0"
"%s %s <%d>."
"%s"
"VV3AJ1ywFkC.XzinP/s/R0A."
"BVYGm.aFzkh0"
"%s %s <%d>."
"%s"
"BVYGm.aFzkh0"
"%s Invalid target IP."
"%s"
"/uBQS.HZPkh1"
"6x7zf1EztnY."
"FyFlU0jI3XH."
"7otcU0FiC6V0"
"AsQfy.K1uah0"
"BVYGm.aFzkh0"
"%s %s with %s to IP: %s. Sent: %d packe"...
"%s"
"BVYGm.aFzkh0"
"%s Error sending packets to IP: %s. Pac"...
"%s"
|
sub_42817F(c25c):
WININET.InternetCrackUrlA
WININET.InternetConnectA
WININET.HttpOpenRequestA
WININET.HttpSendRequestA
WININET.InternetCloseHandle
KERNEL32.ExitThread
"*/*"
"QSOZ9.vFVWu0"
"%s URL visited."
"%s Failed to get requested URL from HTT"...
"QSOZ9.vFVWu0"
"%s Invalid URL."
"QSOZ9.vFVWu0"
"%s Could not open a connection."
"QSOZ9.vFVWu0"
"%s Failed to connect to HTTP server."
"%s"
|
sub_426698(c2de):
KERNEL32.GetTickCount
KERNEL32.lstrcpyA
"abcdefghijklmnopqrstuvwxyz1234567890-|`"...
"abcdefghijklmnopqrstuvwxyz1234567890-|`"...
"abcdefghijklmnopqrstuvwxyz1234567890-|`"...
"abcdefghijklmnopqrstuvwxyz1234567890-|`"...
|
sub_433190(c338):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_418D49(c38b):
KERNEL32.ExitProcess
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
KERNEL32.SetErrorMode
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.lstrcpyA
ADVAPI32.StartServiceCtrlDispatcherA
"MessageBoxA"
"user32.dll"
|
sub_41D94F(c61c):
KERNEL32.GetTickCount
USER32.FindWindowA
KERNEL32.lstrcatA
"mIRC"
"M"
"P"
"%.2d"
|
sub_402BA8(c6e0):
KERNEL32.GetVersionExA
"SeSecurityPrivilege"
|
sub_41EBD7(c6f1):
KERNEL32.Sleep
KERNEL32.ExitThread
"shutdown"
"close error\n"
"closed %i\n"
"AsQfy.K1uah0"
"aXauo.rLGgX0"
"%s %s -> %s"
|
sub_42F12D(c703):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_42DA80(c70d):
NTDLL.RtlLeaveCriticalSection
|
sub_42549F(c83b):
KERNEL32.GetVersionExA
"%d.%d"
"95"
"NT"
"98"
"ME"
"2K"
"XP"
"2K3"
"Vista"
"2008"
"7"
"uhdhC1pCV9i/"
"%s Windows %s (%s) Key: %.29s"
"uhdhC1pCV9i/"
"%s Windows Key not found."
|
sub_425F31(c8f0):
KERNEL32.ExitThread
"www.schlund.net"
"www.utwente.nl"
"www.news.nl"
"www.volkskrant.nl"
"verio.fr"
"www.univ-angers.fr"
"www.uni-tuebingen.de"
"www.rollingstone.de"
"www.rtv.de"
"www.1und1.de"
"www.switch.ch"
"www.hon.ch"
"www.epfl.ch"
"www.supergames.cz"
"www.nintendo-europe.com"
"www.google.com"
"www.xo.net"
"www.stanford.edu"
"www.nocster.com"
"www.rit.edu"
"www.cogentco.com"
"www.burst.net"
"www.level3.com"
"www.above.net"
"www.easynews.com"
"www.apple.com"
"www.nintendo.com"
"gamearena.com.au"
"www.conexim.com.au"
"unimelb.edu.au"
"www.umin.ac.jp"
"www.lib.nthu.edu.tw"
"www.nthu.edu.tw"
"www.nintendo.co.jp"
"www.seiko-watch.co.jp"
"www.bandai.co.jp"
"www.pku.edu.cn"
"www.kaist.ac.kr"
"7.PaK0OnymN/7Razv/1FefF."
"%s ~ Europe[%d kbit/s] ~ USA[%d kbit/s]"...
|
sub_418EDB(c985):
KERNEL32.CreateMutexA
NTDLL.RtlGetLastWin32Error
KERNEL32.ExitProcess
KERNEL32.SetFileAttributesA
KERNEL32.DeleteFileA
KERNEL32.Sleep
KERNEL32.GetTickCount
KERNEL32.QueryPerformanceCounter
KERNEL32.QueryPerformanceFrequency
WS2_32.WSAStartup
KERNEL32.CreateThread
WS2_32.gethostname
WS2_32.gethostbyname
WS2_32.inet_ntoa
WS2_32.WSACleanup
KERNEL32.ReleaseMutex
KERNEL32.ExitThread
"gx000032"
"nxruJ.vIib6/"
"%s %s"
"ty2nT0oI2YK/"
"YdidB16dnMQ."
"aQeJV.nJvIi.y8Ri./b5L.q."
"ty2nT0oI2YK/"
"5GCpx/gYCn21N1Zsj.w3Ty30"
"fFEC81UzNT81"
"ty2nT0oI2YK/"
"r PRIVMSG $1 god damnit,hard bitchslaps"...
"slaps"
"r PRIVMSG $1 slaps for You!!"
"slap"
"r PRIVMSG $1 :."
"r $1 :."
"ctc2"
"r MODE $chan +o $1"
"ops"
"r MODE $chan +v $1"
"voice"
"r MODE $chan +h $1"
"halfop"
"r MODE $chan +b $1"
"ban"
"5000"
"WaitToKillServiceT"
"SYSTEM\\CurrentControlSet\\Control"
"SYSTEM\\CurrentControlSet\\Services\\Tcpip"...
"MaxUserPort"
"TcpTimedWaitDelay"
"StrictTimeWaitSeqCheck"
"Tcp1323Opts"
"GlobalMaxTcpWindowSize"
"EnablePMTUDiscovery"
"EnablePMTUBHDetect"
"SackOpts"
"DefaultTTL"
"LargeBufferSize"
"AllowUserRawAccess"
"TcpNumConnections"
"DisableRawSecurity"
"SYSTEM\\CurrentControlSet\\Services\\Afd\\P"...
"MaxConnectionsPer1_0Server"
"Software\\Microsoft\\Windows\\CurrentVersi"...
"MaxConnectionsPerServer"
"Software\\Microsoft\\Windows\\CurrentVersi"...
"SizReqBuf"
"SYSTEM\\CurrentControlSet\\Services\\Lanma"...
"SFCDisable"
"Software\\Policies\\Microsoft\\Windows NT\\"...
"SFCScan"
"Software\\Policies\\Microsoft\\Windows NT\\"...
"AutoShareServer"
"SYSTEM\\CurrentControlSet\\Services\\Lanma"...
"AutoShareWks"
"SYSTEM\\CurrentControlSet\\Services\\Lanma"...
"\\Device\\"
"TransportBindName"
"SYSTEM\\CurrentControlSet\\Services\\NetBT"...
"EnableFirewall"
"SYSTEM\\ControlSet001\\Services\\SharedAcc"...
"DoNotAllowExceptions"
"SYSTEM\\ControlSet001\\Services\\SharedAcc"...
"DisableNotifications"
"SYSTEM\\ControlSet001\\Services\\SharedAcc"...
"EnableFirewall"
"SYSTEM\\ControlSet001\\Services\\SharedAcc"...
"DoNotAllowExceptions"
"SYSTEM\\ControlSet001\\Services\\SharedAcc"...
"DisableNotifications"
"SYSTEM\\ControlSet001\\Services\\SharedAcc"...
"AntiVirusDisableNotify"
"SOFTWARE\\Microsoft\\Security Center"
"AntiVirusOverride"
"SOFTWARE\\Microsoft\\Security Center"
"FirewallDisableNotify"
"SOFTWARE\\Microsoft\\Security Center"
"FirewallOverride"
"SOFTWARE\\Microsoft\\Security Center"
"DontReportInfectionInformation"
"SOFTWARE\\Policies\\Microsoft\\MRT"
"TcpNumConnections"
|
sub_420094(ca12):
KERNEL32.lstrcpyA
KERNEL32.OpenProcess
KERNEL32.CloseHandle
"???"
"%s"
|
sub_41CAFB(ca31):
KERNEL32.lstrcmpiA
KERNEL32.lstrcpyA
"5H5BR.qp/sm1"
"yJmlc1btsF10"
"vozbG0sSsoM1"
"g7/IV/gks9L1"
"zyVGp1MxObt0"
"TuGNF.mQSDR0"
"%s %s\r\n"
|
sub_42251B(cb82):
WS2_32.gethostname
WS2_32.gethostbyname
KERNEL32.ExitThread
KERNEL32.QueryPerformanceFrequency
KERNEL32.QueryPerformanceCounter
KERNEL32.Sleep
"BjAtz/qyRS11"
"%s Can't Syn. Error: %d"
"BjAtz/qyRS11"
"%s Can't Syn. Error: %d"
"BjAtz/qyRS11"
"%s Error: %d"
|
sub_42B457(cba9):
NTDLL.RtlUnwind
|
sub_425156(cbb6):
KERNEL32.CreateFileA
KERNEL32.CreateFileMappingA
KERNEL32.CloseHandle
KERNEL32.MapViewOfFile
KERNEL32.Sleep
KERNEL32.UnmapViewOfFile
"Software\\Microsoft\\WAB\\WAB4\\Wab File Na"...
"%s"
"Software\\Microsoft\\MessengerService\\Lis"...
"Allow%d"
|
sub_41CD0E(cbcf):
KERNEL32.Sleep
"g7/IV/gks9L1"
"%s %s :%s\r\n"
|
sub_42CE87(cbe8):
NTDLL.RtlReAllocateHeap
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
NTDLL.RtlFreeHeap
|
sub_4245E7(cdbe):
KERNEL32.GetFileAttributesA
|
sub_42377D(ce1e):
KERNEL32.ExitThread
"6atSs0dyCWF.6N5aw.affEY1"
"%s Advapi.dll not loaded"
"%s PStore.dll not loaded"
|
sub_40532D(cf65):
KERNEL32.MultiByteToWideChar
|
sub_430B57(cfc1):
KERNEL32.UnhandledExceptionFilter
|
sub_42283A(cfea):
KERNEL32.ExitThread
"BjAtz/qyRS11"
"%s Can't Syn. Error: %d"
"%s"
|
sub_40242A(cfea):
WS2_32.inet_addr
NTDLL.RtlDeleteCriticalSection
KERNEL32.InitializeCriticalSectionAndSpinCount
NTDLL.RtlGetLastWin32Error
KERNEL32.CreateThread
KERNEL32.Sleep
WS2_32.inet_ntoa
KERNEL32.ExitThread
"mflX2.QU4VY."
"%s %s: <%d>"
"YdidB16dnMQ."
"YdidB16dnMQ."
"mflX2.QU4VY."
"%s %s:%d, Thread: %d, Sub-thread: %d."
"SFe3H0kCLgx0"
"%s %s at %s:%d after %d minute(s)."
|
sub_42625A(d15c):
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXWYZab"...
|
sub_42FBE4(d2f6):
KERNEL32.RaiseException
|
sub_42C104(d432):
NTDLL.RtlEnterCriticalSection
|
sub_42C156(d432):
NTDLL.RtlLeaveCriticalSection
|
sub_401E8E(d498):
KERNEL32.MultiByteToWideChar
KERNEL32.Sleep
|
sub_42E3B7(d530):
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
|
sub_42E41E(d557):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
NTDLL.RtlSetLastWin32Error
|
sub_402B2D(d55b):
KERNEL32.GetCurrentProcess
KERNEL32.CloseHandle
|
sub_4015C2(d5f8):
WS2_32.select
WS2_32.__WSAFDIsSet
WSOCK32.recv
|
sub_40797B(d742):
KERNEL32.SetErrorMode
KERNEL32.lstrcatA
KERNEL32.CreateDirectoryA
NTDLL.RtlGetLastWin32Error
KERNEL32.SetFileAttributesA
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.CloseHandle
KERNEL32.lstrlenA
KERNEL32.GetModuleFileNameA
KERNEL32.CopyFileA
"\\RECYCLER"
"\\S-%d-%d-%d%d-%d%d%d%d%d%d%d%d%d%d-%d%d"...
"\\Desktop.ini"
"[.ShellClassInfo]\r\nCLSID={645FF040-5081"...
"%s%d%d%d%d%d.exe"
"[autorun]\r\nopen="
"\r\nicon=%SystemRoot%\\system32\\SHELL32.dl"...
"\r\nshell\\open\\default=1"
|
sub_421201(d743):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
|
sub_41D027(d79e):
"%s\r\n"
|
sub_409F99(d7be):
KERNEL32.Sleep
"mflX2.QU4VY."
"%s %s -> %s (Ex: %d)"
|
sub_422A87(d808):
WS2_32.gethostname
WS2_32.gethostbyname
NTDLL.RtlGetLastWin32Error
KERNEL32.ExitThread
KERNEL32.GetTickCount
WS2_32.inet_addr
WS2_32.ntohs
KERNEL32.Sleep
"XWzwO1PqcgT16N5aw.affEY1"
"%s Can't use raw opt: %d"
|
sub_432016(d8fa):
KERNEL32.SetUnhandledExceptionFilter
|
sub_4262C5(d935):
WS2_32.send
"\n"
|
sub_41D851(d97c):
"abcdefghijklmnopqrstuvwxyz1234567890abc"...
"%c%c%c%c%c%c%c%c%c"
|
sub_432E65(dcdc):
KERNEL32.GetEnvironmentStringsW
KERNEL32.GetEnvironmentStringsA
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
KERNEL32.FreeEnvironmentStringsA
|
sub_42D329(df93):
NTDLL.RtlAllocateHeap
KERNEL32.VirtualAlloc
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_4258D5(e38c):
"Mail"
"USER "
"PASS "
|
sub_430770(e39b):
"e+000"
|
sub_402CBA(e3b8):
KERNEL32.CreateThread
WS2_32.socket
WSOCK32.setsockopt
WS2_32.ioctlsocket
WS2_32.ntohs
WS2_32.bind
WS2_32.listen
WS2_32.select
WS2_32.__WSAFDIsSet
WS2_32.accept
WS2_32.send
WSOCK32.recv
WS2_32.closesocket
KERNEL32.lstrcmpiA
"220\r\n"
"%s %s"
"USER"
"331\r\n"
"PASS"
"230\r\n"
"PORT"
"%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
"%x%x\n"
"200\r\n"
"RETR"
"150\r\n"
"226\r\n"
"jt17J1ImTVD1"
"%s -> %s"
"jt17J1ImTVD1"
"%s -> %s"
"425\r\n"
"QUIT"
"221\r\n"
"503\r\n"
|
sub_435CBD(e51d):
KERNEL32.SetEnvironmentVariableA
|
sub_42AAB1(e651):
KERNEL32.CreateThread
KERNEL32.ResumeThread
NTDLL.RtlGetLastWin32Error
|
sub_427CE1(e66a):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.DeleteService
KERNEL32.ReleaseMutex
|
sub_42B019(e73e):
"COMSPEC"
|
sub_41CE86(ea00):
KERNEL32.Sleep
"zyVGp1MxObt0"
"%s %s :%s\r\n"
|
sub_41CF1A(ea00):
KERNEL32.Sleep
"g7/IV/gks9L1"
"%s %s :%s\r\n"
|
sub_42D46D(ea79):
KERNEL32.VirtualFree
NTDLL.RtlFreeHeap
|
sub_41DDA8(eab8):
NTDLL.RtlGetLastWin32Error
KERNEL32.ExitThread
KERNEL32.Sleep
"YhzCK13CaOG0"
"VV3AJ1ywFkC.XzinP/s/R0A."
"%s %s <%d>"
"VV3AJ1ywFkC.XzinP/s/R0A."
"%s %s <%d>"
"YhzCK13CaOG0"
"%s %s -> %s"
"AsQfy.K1uah0"
"AsQfy.K1uah0"
|
sub_41D529(eb8c):
KERNEL32.GetLocaleInfoA
KERNEL32.lstrcatA
|
sub_41C172(ec12):
WININET.InternetGetConnectedStateExA
"%sMB"
"%sGB"
"%sKB"
"Yes"
"No"
"Hm1H.049e4O/"
"%s (Connection): %s (%s), (IntIP): %s, "...
"(Bandwidth): Downloaded: %s, Uploaded: "...
|
sub_419B88(efd4):
":"
"http"
"ftp"
"/"
"@"
"@"
"http"
"ftp"
"@"
"@"
"http"
"ftp"
|
sub_423BB1(f019):
NTDLL.RtlGetLastWin32Error
KERNEL32.lstrlenA
KERNEL32.lstrcpyA
KERNEL32.lstrcmpA
KERNEL32.lstrcmpiA
KERNEL32.lstrcpynA
"ProtectedStorage"
"/iHFN/l6B5X/"
"6atSs0dyCWF.6N5aw.affEY1"
"6atSs0dyCWF.6N5aw.affEY1"
"YdidB16dnMQ."
"%s %s: <%d>"
"6atSs0dyCWF.6N5aw.affEY1"
"YdidB16dnMQ."
"%s %s: <%d>"
"6atSs0dyCWF.6N5aw.affEY1"
"%x"
"%ws"
"%s"
"5e7e8100"
":"
":"
":"
"e161255a"
"StringIndex"
"b9819c52"
"220d5cc1"
"%s No PStore entries found."
|
sub_41B932(f12a):
KERNEL32.QueryPerformanceCounter
KERNEL32.QueryPerformanceFrequency
"%0.2d:%0.2d:%0.2d"
"s"
"%d day%s %0.2d:%0.2d:%0.2d"
|
sub_41CDFA(f203):
KERNEL32.Sleep
"zyVGp1MxObt0"
|
sub_42770C(f536):
KERNEL32.GetFileAttributesA
|
sub_406D50(f5ef):
WS2_32.ntohs
WS2_32.socket
WS2_32.inet_ntoa
KERNEL32.lstrcmpiA
WS2_32.connect
KERNEL32.Sleep
WS2_32.closesocket
"tArXm0mtxpp."
"mflX2.QU4VY."
"%s %s single Ip: (%s) %s: (%d) open."
"KbwMi16jFhl/"
"KbwMi16jFhl/"
"%s (%s) -> IP: (%s)"
"%s (%s) -> IP: (%s)"
"%s (%s) -> IP: (%s)"
"%s (%s) -> IP: (%s)"
"%s (%s) -> IP: (%s)"
"%s (%s) -> IP: (%s)"
"%s (%s) -> IP: (%s)"
"%s (%s) -> IP: (%s)"
|
sub_41CD84(f641):
KERNEL32.Sleep
"zyVGp1MxObt0"
"%s %s :%s\r\n"
|
sub_418A0D(f717):
KERNEL32.GetTickCount
KERNEL32.Sleep
"vfEsO.QcgDt."
"%s -> Sending (%s:%d) (%d) connects(s) "...
"%s -> Sending (%s:%d) (%d) conn(s) for "...
"AsQfy.K1uah0"
"%s %s (%s:%d) Sent: (%d) conn(s) for (%"...
"vfEsO.QcgDt."
"vfEsO.QcgDt."
"%s Error: Out Of Mem!"
|
sub_41E539(f7e0):
KERNEL32.lstrcmpA
KERNEL32.Sleep
"%s"
"%s"
|
sub_42ABBB(f889):
KERNEL32.CloseHandle
KERNEL32.ExitThread
|
sub_4214B7(fa19):
WS2_32.select
WS2_32.__WSAFDIsSet
WSOCK32.recv
WS2_32.send
|
sub_4044F6(fa89):
WS2_32.socket
WS2_32.ntohs
WS2_32.connect
WS2_32.send
WSOCK32.recv
WS2_32.closesocket
KERNEL32.lstrcmpiA
KERNEL32.CreateFileA
KERNEL32.TransactNamedPipe
KERNEL32.CloseHandle
WS2_32.inet_addr
"*Service Pack 1*"
"*Service Pack 2*"
"Windows 5.1"
"Samba *"
"Windows 5.1"
"Windows Server 2003 *.*"
"Windows 2000 LAN Manager*"
|
sub_41B839(fbbe):
KERNEL32.SetErrorMode
KERNEL32.GetDiskFreeSpaceExA
|
sub_403B6C(fc06):
WS2_32.socket
WS2_32.ntohs
WS2_32.inet_addr
WS2_32.connect
WS2_32.send
WSOCK32.recv
WS2_32.closesocket
KERNEL32.Sleep
"mflX2.QU4VY."
"%s %s -> %s (Ex: %d)"
|
sub_432FD0(fc50):
KERNEL32.GetModuleFileNameA
KERNEL32.GetStdHandle
KERNEL32.WriteFile
""
"..."
"Runtime Error!\n\nProgram: "
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_41DA6B(fe50):
"TuGNF.mQSDR0"
"%s %s\r\n"
|
sub_434B89(fe6c):
KERNEL32.WideCharToMultiByte
|
sub_4338E9(fe8f):
KERNEL32.GetTimeZoneInformation
KERNEL32.WideCharToMultiByte
"TZ"
|
sub_426B7C(feb6):
KERNEL32.CreateFileMappingA
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
KERNEL32.CloseHandle
"mIRC32"
"%s"
|
sub_426AD6(feb6):
KERNEL32.CreateFileMappingA
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
KERNEL32.CloseHandle
"mIRC"
"%s"
|
sub_42AE50(ff6d):
KERNEL32.InterlockedIncrement
KERNEL32.InterlockedDecrement
|
sub_4276B6(ffc7):
" "
|
sub_42D4C3(ffe7):
KERNEL32.VirtualFree
|
sub_427E97(fff8):
KERNEL32.lstrcpyA
KERNEL32.OpenProcess
KERNEL32.lstrcmpiA
"unknown"
"Explorer.exe"
|