sub_outside():
KERNEL32.GetStdHandle
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.GetLocalTime
WS2_32.WSACleanup
WS2_32.socket
WSOCK32.setsockopt
WSOCK32.recv
WS2_32.getsockname
WS2_32.htons
WS2_32.gethostname
WS2_32.inet_ntoa
KERNEL32.GetModuleFileNameA
KERNEL32.CreateMutexA
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
KERNEL32.CreateProcessA
KERNEL32.CreateEventA
KERNEL32.SetEvent
ADVAPI32.SetServiceStatus
ADVAPI32.RegisterServiceCtrlHandlerA
KERNEL32.InterlockedExchange
KERNEL32.HeapDestroy
NTDLL.RtlReAllocateHeap
NTDLL.RtlSizeHeap
KERNEL32.HeapValidate
KERNEL32.CreateFileA
KERNEL32.TlsFree
KERNEL32.GetSystemTimeAsFileTime
NTDLL.RtlDeleteCriticalSection
KERNEL32.GetFileType
KERNEL32.Sleep
KERNEL32.GetTempPathA
KERNEL32.GetTempFileNameA
KERNEL32.CopyFileA
KERNEL32.SetFileAttributesA
KERNEL32.DeleteFileA
KERNEL32.InterlockedExchangeAdd
KERNEL32.ExitProcess
KERNEL32.WaitForSingleObject
WS2_32.WSAGetLastError
KERNEL32.GetFileAttributesA
KERNEL32.ResetEvent
KERNEL32.WriteConsoleA
KERNEL32.TlsSetValue
KERNEL32.GetStartupInfoA
KERNEL32.GetModuleHandleA
|
sub_40103C(0126):
KERNEL32.InitializeCriticalSection
|
sub_409240(0126):
KERNEL32.GetSystemTimeAsFileTime
|
sub_441FBD(0126):
KERNEL32.InitializeCriticalSection
|
sub_442018(0126):
KERNEL32.InitializeCriticalSection
|
sub_401097(0126):
KERNEL32.InitializeCriticalSection
|
sub_401165(0126):
KERNEL32.InitializeCriticalSection
|
sub_4420E6(0126):
KERNEL32.InitializeCriticalSection
|
sub_44A1C1(0126):
KERNEL32.GetSystemTimeAsFileTime
|
sub_4023DC(0194):
KERNEL32.CreateFileMappingA
NTDLL.RtlGetLastWin32Error
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_44335D(0194):
KERNEL32.CreateFileMappingA
NTDLL.RtlGetLastWin32Error
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_442B2D(0368):
"PktRecv(): invalid signature (%i)\n"
"PktRecv(): packetId: 0x%03x\n"
"protorecv(): data size: %i (of %i)\n"
|
sub_401BAC(0368):
"PktRecv(): invalid signature (%i)\n"
"PktRecv(): packetId: 0x%03x\n"
"protorecv(): data size: %i (of %i)\n"
|
sub_401048(0639):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_441FC9(0639):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_403B86(09d4):
NTDLL.RtlEnterCriticalSection
WS2_32.inet_ntoa
NTDLL.RtlLeaveCriticalSection
"authorized IP #%i [%s]\n"
|
sub_444B07(09d4):
NTDLL.RtlEnterCriticalSection
WS2_32.inet_ntoa
NTDLL.RtlLeaveCriticalSection
"authorized IP #%i [%s]\n"
|
sub_409090(0e13):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
NTDLL.RtlRestoreLastWin32Error
|
sub_44A011(0e13):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
NTDLL.RtlRestoreLastWin32Error
|
sub_44273F(10cf):
WS2_32.inet_addr
WS2_32.gethostbyname
|
sub_4017BE(10cf):
WS2_32.inet_addr
WS2_32.gethostbyname
|
sub_40A8D0(113e):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_44B851(113e):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_4491C1(12b2):
"Handshake: bad packed (%i)\n"
|
sub_401001(13bb):
KERNEL32.GetTickCount
|
sub_441F82(13bb):
KERNEL32.GetTickCount
|
sub_4092A0(1975):
KERNEL32.GetStartupInfoA
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.GetCurrentProcess
KERNEL32.DuplicateHandle
KERNEL32.LockResource
|
sub_44A221(1975):
KERNEL32.GetStartupInfoA
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.GetCurrentProcess
KERNEL32.DuplicateHandle
KERNEL32.LockResource
|
sub_449411(1d0d):
NTDLL.RtlUnwind
|
sub_44A191(1ec1):
KERNEL32.DeleteFileA
NTDLL.RtlGetLastWin32Error
|
sub_409210(1ec1):
KERNEL32.DeleteFileA
NTDLL.RtlGetLastWin32Error
|
sub_401607(2114):
WS2_32.listen
|
sub_442588(2114):
WS2_32.listen
|
sub_4087C0(213e):
NTDLL.RtlLeaveCriticalSection
|
sub_449741(213e):
NTDLL.RtlLeaveCriticalSection
|
sub_4086E0(230b):
NTDLL.RtlDeleteCriticalSection
|
sub_449661(230b):
NTDLL.RtlDeleteCriticalSection
|
sub_40B250(241a):
"0123456789abcdef"
"0123456789ABCDEF"
|
sub_44C1D1(241a):
"0123456789abcdef"
"0123456789ABCDEF"
|
sub_407870(28bc):
KERNEL32.TlsSetValue
|
sub_4030A4(28f5):
IPHLPAPI.GetIpForwardTable
|
sub_444025(28f5):
IPHLPAPI.GetIpForwardTable
|
sub_445DD7(2921):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.CloseServiceHandle
ADVAPI32.QueryServiceStatus
ADVAPI32.StartServiceA
NTDLL.RtlGetLastWin32Error
"NTS"
"NTS"
|
sub_404E56(2921):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.CloseServiceHandle
ADVAPI32.QueryServiceStatus
ADVAPI32.StartServiceA
NTDLL.RtlGetLastWin32Error
"NTS"
"NTS"
|
sub_446D40(29d7):
KERNEL32.GetTickCount
|
sub_405DBF(29d7):
KERNEL32.GetTickCount
|
sub_44B2F1(2a22):
" "
"00000000000000000000000000000000"
"00000000000000000000000000000000"
"00000000000000000000000000000000"
" "
|
sub_40A370(2a22):
" "
"00000000000000000000000000000000"
"00000000000000000000000000000000"
"00000000000000000000000000000000"
" "
|
sub_4055DB(2c2a):
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
","
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
|
sub_44655C(2c2a):
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
","
"Userinit"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
|
sub_446108(2c38):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
"SYSTEM\\CurrentControlSet\\Services\\"
"NTS"
"Type"
"Start"
"ErrorControl"
"ErrorControl"
"LocalSystem"
"ObjectName"
"Network Translation Service"
"Network Translation Service"
"DisplayName"
"Provides hardware-to-software binary ne"...
"Provides hardware-to-software binary ne"...
"Description"
"C:\\WINDOWS\\nts.exe"
"C:\\WINDOWS\\nts.exe"
"ImagePath"
|
sub_405187(2c38):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
"SYSTEM\\CurrentControlSet\\Services\\"
"NTS"
"Type"
"Start"
"ErrorControl"
"ErrorControl"
"LocalSystem"
"ObjectName"
"Network Translation Service"
"Network Translation Service"
"DisplayName"
"Provides hardware-to-software binary ne"...
"Provides hardware-to-software binary ne"...
"Description"
"C:\\WINDOWS\\nts.exe"
"C:\\WINDOWS\\nts.exe"
"ImagePath"
|
sub_44BE31(2c80):
"(null)"
|
sub_40AEB0(2c80):
"(null)"
|
sub_447672(2cc8):
KERNEL32.InitializeCriticalSection
KERNEL32.GetCommandLineA
KERNEL32.lstrcmpi
KERNEL32.Sleep
KERNEL32.SetFileAttributesA
KERNEL32.CopyFileA
KERNEL32.GetFileAttributesA
KERNEL32.DeleteFileA
KERNEL32.WaitForSingleObject
"NTS"
"*update"
"ShutdownMutexCreate()=%i, h=%i\r\n"
"waiting 10 secs -- shutdown...\r\n"
"C:\\WINDOWS\\nts.exe"
"copying...\n"
"C:\\WINDOWS\\nts.exe"
"C:\\WINDOWS\\nts.exe"
"C:\\WINDOWS\\nts.exe"
"cmdline: <%s>\n"
"CreateProcess() failed %%-(\n"
"initializing winsock library...\n"
"removing: <%s>\n"
"C:\\WINDOWS\\nts.exe"
"C:\\WINDOWS\\nts.exe"
"**"
"*** waiting...\n"
"*** waiting complete...\n"
"no registered service, "
"C:\\WINDOWS\\nts.exe"
"register it and restart\n"
"DON'T register it\n"
"registered service is here...\n"
"registered service is not running.\n"
"installing service, res="
"%i\n"
"starting service...\n"
"registered service is not running, unre"...
"C:\\WINDOWS\\nts.exe"
"installing service...\n"
"service installed ok...\n"
"C:\\WINDOWS\\nts.exe"
"**"
"starting service...\n"
"C:\\WINDOWS\\nts.exe"
"**"
"initializing service startup sequence.."...
"not daemonized...\n"
|
sub_4066F1(2cc8):
KERNEL32.InitializeCriticalSection
KERNEL32.GetCommandLineA
KERNEL32.lstrcmpi
KERNEL32.Sleep
KERNEL32.SetFileAttributesA
KERNEL32.CopyFileA
KERNEL32.GetFileAttributesA
KERNEL32.DeleteFileA
KERNEL32.WaitForSingleObject
"NTS"
"*update"
"ShutdownMutexCreate()=%i, h=%i\r\n"
"waiting 10 secs -- shutdown...\r\n"
"C:\\WINDOWS\\nts.exe"
"copying...\n"
"C:\\WINDOWS\\nts.exe"
"C:\\WINDOWS\\nts.exe"
"C:\\WINDOWS\\nts.exe"
"cmdline: <%s>\n"
"CreateProcess() failed %%-(\n"
"initializing winsock library...\n"
"removing: <%s>\n"
"C:\\WINDOWS\\nts.exe"
"C:\\WINDOWS\\nts.exe"
"**"
"*** waiting...\n"
"*** waiting complete...\n"
"no registered service, "
"C:\\WINDOWS\\nts.exe"
"register it and restart\n"
"DON'T register it\n"
"registered service is here...\n"
"registered service is not running.\n"
"installing service, res="
"%i\n"
"starting service...\n"
"registered service is not running, unre"...
"C:\\WINDOWS\\nts.exe"
"installing service...\n"
"service installed ok...\n"
"C:\\WINDOWS\\nts.exe"
"**"
"starting service...\n"
"C:\\WINDOWS\\nts.exe"
"**"
"initializing service startup sequence.."...
"not daemonized...\n"
|
sub_446780(2d1b):
":*:Enabled:"
"NTS"
"SYSTEM\\CurrentControlSet\\Services\\Share"...
|
sub_4057FF(2d1b):
":*:Enabled:"
"NTS"
"SYSTEM\\CurrentControlSet\\Services\\Share"...
|
sub_404967(2dbc):
KERNEL32.InterlockedExchange
KERNEL32.CloseHandle
KERNEL32.Sleep
"listener...\n"
"SOCKS port: %i\n"
"NATPMP: forwarded to: %i\n"
"starting COMM thread...\n"
|
sub_44BA31(351c):
KERNEL32.SetStdHandle
|
sub_40AAB0(351c):
KERNEL32.SetStdHandle
|
sub_406485(3695):
KERNEL32.ResetEvent
KERNEL32.WaitForSingleObject
KERNEL32.Sleep
"old DLL found; waiting for e"...
"iexplore.exe"
"winlogon.exe"
"explorer.exe"
"waiting for event...\n"
"dying\n"
"InjectionThread complete\n"
|
sub_4098B0(377c):
KERNEL32.VirtualAlloc
KERNEL32.VirtualQuery
|
sub_44A831(377c):
KERNEL32.VirtualAlloc
KERNEL32.VirtualQuery
|
sub_4466F5(3821):
"*"
"writing to HKLM/autorun key...\n"
"Network Translation Service"
"Software\\Microsoft\\Windows\\CurrentVersi"...
"writing to HKCU/autorun key...\n"
"Network Translation Service"
"Software\\Microsoft\\Windows\\CurrentVersi"...
|
sub_405774(3821):
"*"
"writing to HKLM/autorun key...\n"
"Network Translation Service"
"Software\\Microsoft\\Windows\\CurrentVersi"...
"writing to HKCU/autorun key...\n"
"Network Translation Service"
"Software\\Microsoft\\Windows\\CurrentVersi"...
|
sub_404CB8(3b59):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.CloseServiceHandle
"NTS"
|
sub_445C39(3b59):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.CloseServiceHandle
"NTS"
|
sub_407910(3fa8):
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
KERNEL32.ResumeThread
|
sub_448891(3fa8):
KERNEL32.CreateThread
NTDLL.RtlGetLastWin32Error
KERNEL32.ResumeThread
|
sub_44D811(3fc4):
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error
|
sub_40C890(3fc4):
KERNEL32.ReadFile
NTDLL.RtlGetLastWin32Error
|
sub_403723(3fd1):
KERNEL32.CreateProcessA
KERNEL32.CloseHandle
"\""
"C:\\WINDOWS\\nts.exe"
"\""
" "
|
sub_4446A4(3fd1):
KERNEL32.CreateProcessA
KERNEL32.CloseHandle
"\""
"C:\\WINDOWS\\nts.exe"
"\""
" "
|
sub_445FED(426b):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.DeleteService
ADVAPI32.CloseServiceHandle
"NTS"
|
sub_40506C(426b):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.DeleteService
ADVAPI32.CloseServiceHandle
"NTS"
|
sub_406422(4377):
KERNEL32.ResetEvent
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
|
sub_4473A3(4377):
KERNEL32.ResetEvent
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
|
sub_442708(44c4):
WS2_32.send
|
sub_44265D(44c4):
WSOCK32.recv
|
sub_401787(44c4):
WS2_32.send
|
sub_4016DC(44c4):
WSOCK32.recv
|
sub_407AA0(46cf):
KERNEL32.GetStartupInfoA
KERNEL32.GetModuleHandleA
|
sub_442443(48c7):
WS2_32.closesocket
|
sub_4014C2(48c7):
WS2_32.closesocket
|
sub_404D73(4bc0):
ADVAPI32.ChangeServiceConfigA
NTDLL.RtlGetLastWin32Error
ADVAPI32.ChangeServiceConfig2A
"C:\\WINDOWS\\nts.exe"
|
sub_445CF4(4bc0):
ADVAPI32.ChangeServiceConfigA
NTDLL.RtlGetLastWin32Error
ADVAPI32.ChangeServiceConfig2A
"C:\\WINDOWS\\nts.exe"
|
sub_403FEA(4bda):
KERNEL32.ExitProcess
KERNEL32.Sleep
|
sub_40400E(4d2e):
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
KERNEL32.Sleep
"Srv: waiting %i seconds...\n"
"\r \r"
|
sub_4061E6(4d3a):
KERNEL32.OpenProcess
KERNEL32.WaitForSingleObject
KERNEL32.GetExitCodeThread
KERNEL32.CloseHandle
"process opened.\n"
"thread injected (%i).\n"
"thread complete (%i).\n"
"DLL injected!\n"
|
sub_447167(4d3a):
KERNEL32.OpenProcess
KERNEL32.WaitForSingleObject
KERNEL32.GetExitCodeThread
KERNEL32.CloseHandle
"process opened.\n"
"thread injected (%i).\n"
"thread complete (%i).\n"
"DLL injected!\n"
|
sub_40399A(51ed):
KERNEL32.GetTempPathA
KERNEL32.GetTempFileNameA
KERNEL32.CopyFileA
KERNEL32.SetFileAttributesA
KERNEL32.Sleep
KERNEL32.InterlockedExchange
KERNEL32.DeleteFileA
"UPDATE URL: <%s>\n"
"msss"
"msssx"
"*update \""
"\" \""
"\""
"running %s (%s)...\r\n"
|
sub_4091A0(53e7):
KERNEL32.UnhandledExceptionFilter
|
sub_44A121(53e7):
KERNEL32.UnhandledExceptionFilter
|
sub_44B991(572f):
KERNEL32.SetStdHandle
|
sub_40AA10(572f):
KERNEL32.SetStdHandle
|
sub_405C80(5849):
KERNEL32.ResetEvent
KERNEL32.SetEvent
"DLLTestThread: pulsing...\n"
|
sub_404162(5c38):
KERNEL32.CloseHandle
|
sub_402896(5ca1):
WS2_32.inet_addr
" |
sub_443817(5ca1):
WS2_32.inet_addr
" |
sub_4464C6(5e2d):
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
|
sub_405545(5e2d):
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
"StartupPrograms"
"System\\CurrentControlSet\\Control\\Termin"...
|
sub_44BC01(6826):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
|
sub_40AC80(6826):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
|
sub_407220(6b36):
KERNEL32.WriteConsoleA
|
sub_4085B0(6bae):
KERNEL32.HeapCreate
|
sub_449531(6bae):
KERNEL32.HeapCreate
|
sub_449761(6dab):
"hjltzL"
|
sub_4087E0(6dab):
"hjltzL"
|
sub_405B2A(6e18):
KERNEL32.CreateProcessA
KERNEL32.CloseHandle
"\""
"C:\\WINDOWS\\nts.exe"
"\" "
|
sub_446AAB(6e18):
KERNEL32.CreateProcessA
KERNEL32.CloseHandle
"\""
"C:\\WINDOWS\\nts.exe"
"\" "
|
sub_44A691(6f0a):
KERNEL32.GetCommandLineA
KERNEL32.GetModuleFileNameA
|
sub_409710(6f0a):
KERNEL32.GetCommandLineA
KERNEL32.GetModuleFileNameA
|
sub_405BE3(6fec):
KERNEL32.GetFileAttributesA
KERNEL32.Sleep
"ServiceFixerThread started.\n"
"C:\\WINDOWS\\nts.exe"
"**"
|
sub_40356A(70b2):
KERNEL32.Sleep
KERNEL32.InterlockedExchange
|
sub_4434E3(7590):
KERNEL32.GetTickCount
KERNEL32.Sleep
"."
|
sub_402562(7590):
KERNEL32.GetTickCount
KERNEL32.Sleep
"."
|
sub_44630F(75be):
KERNEL32.CompareStringA
|
sub_402511(75be):
KERNEL32.CompareStringA
|
sub_443492(75be):
KERNEL32.CompareStringA
|
sub_40538E(75be):
KERNEL32.CompareStringA
|
sub_44352A(7718):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
"http://"
"HTTP discovery request: [%s:%i]...\n"
"GET %s HTTP/1.1\r\nHOST: %s:%i\r\nACCEPT-LA"...
"HTTP discovery request [%s:%i]: receive"...
"\n"
"200"
|
sub_4025A9(7718):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
"http://"
"HTTP discovery request: [%s:%i]...\n"
"GET %s HTTP/1.1\r\nHOST: %s:%i\r\nACCEPT-LA"...
"HTTP discovery request [%s:%i]: receive"...
"\n"
"200"
|
sub_4040C3(786d):
ADVAPI32.GetUserNameA
KERNEL32.lstrcmpi
"SYSTEM"
|
sub_445044(786d):
ADVAPI32.GetUserNameA
KERNEL32.lstrcmpi
"SYSTEM"
|
sub_406677(78a9):
KERNEL32.CreateEventA
KERNEL32.WaitForSingleObject
KERNEL32.CloseHandle
KERNEL32.Sleep
|
sub_4433CA(7bd4):
KERNEL32.OpenFileMappingA
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
KERNEL32.CloseHandle
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_402449(7bd4):
KERNEL32.OpenFileMappingA
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
KERNEL32.CloseHandle
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_44226D(7dbe):
WS2_32.WSAStartup
"WinSock 1.1 initialized.\n"
"WinSock 2.x initialized.\n"
|
sub_4012EC(7dbe):
WS2_32.WSAStartup
"WinSock 1.1 initialized.\n"
"WinSock 2.x initialized.\n"
|
sub_446A4A(7e45):
ADVAPI32.StartServiceCtrlDispatcherA
|
sub_405AC9(7e45):
ADVAPI32.StartServiceCtrlDispatcherA
|
sub_44703D(8069):
KERNEL32.VirtualAllocEx
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.WriteProcessMemory
KERNEL32.CreateRemoteThread
"VirtualAllocEx() ok\n"
"kernel32.dll"
"LoadLibraryA"
"ExitThread"
"GetLastError"
"WriteProcessMemory() ok\n"
"<%s>\n"
|
sub_4060BC(8069):
KERNEL32.VirtualAllocEx
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.WriteProcessMemory
KERNEL32.CreateRemoteThread
"VirtualAllocEx() ok\n"
"kernel32.dll"
"LoadLibraryA"
"ExitThread"
"GetLastError"
"WriteProcessMemory() ok\n"
"<%s>\n"
|
sub_405870(80ab):
KERNEL32.LocalAlloc
ADVAPI32.InitializeSecurityDescriptor
ADVAPI32.SetSecurityDescriptorDacl
KERNEL32.CreateEventA
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
KERNEL32.WaitForMultipleObjects
KERNEL32.WaitForSingleObject
"{6EA9B038-C801-4F76-805F-E41ACF9ED164}"
"EVENT CREATON ERROR: %i\n"
"WAITING FOR STOP EVENT!\n"
|
sub_4467F1(80ab):
KERNEL32.LocalAlloc
ADVAPI32.InitializeSecurityDescriptor
ADVAPI32.SetSecurityDescriptorDacl
KERNEL32.CreateEventA
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
KERNEL32.WaitForMultipleObjects
KERNEL32.WaitForSingleObject
"{6EA9B038-C801-4F76-805F-E41ACF9ED164}"
"EVENT CREATON ERROR: %i\n"
"WAITING FOR STOP EVENT!\n"
|
sub_401621(852f):
WS2_32.accept
|
sub_4425A2(852f):
WS2_32.accept
|
sub_4053DF(85c6):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
"RegRead(): opened %s\n"
"RegRead(): read %i bytes from %s (%s)\n"
"RegRead(): can't read key %s\n"
|
sub_446360(85c6):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
"RegRead(): opened %s\n"
"RegRead(): read %i bytes from %s (%s)\n"
"RegRead(): can't read key %s\n"
|
sub_40225E(867d):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegDeleteKeyA
ADVAPI32.RegCloseKey
|
sub_4431DF(867d):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegDeleteKeyA
ADVAPI32.RegCloseKey
|
sub_44BC61(86b5):
NTDLL.RtlLeaveCriticalSection
|
sub_40ACE0(86b5):
NTDLL.RtlLeaveCriticalSection
|
sub_408490(8af0):
NTDLL.RtlUnwind
|
sub_404D02(8d8e):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.CloseServiceHandle
ADVAPI32.QueryServiceStatus
"NTS"
|
sub_445C83(8d8e):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.CloseServiceHandle
ADVAPI32.QueryServiceStatus
"NTS"
|
sub_403322(8da5):
WS2_32.htons
WS2_32.inet_ntoa
WS2_32.socket
WS2_32.bind
WS2_32.sendto
WS2_32.closesocket
WSOCK32.setsockopt
WSOCK32.recvfrom
WS2_32.WSAGetLastError
"router ip: [%s]\n"
"sending NAT-PMP fwd request #%i...\n"
"setsockopt NAT-PMP fwd request #%i...\n"
"receiving NAT-PMP fwd request #%i...\n"
"NAT-PMP fwd request #%i - ok\n"
"NAT-PMP request #%i - port: [%i]\n"
|
sub_4442A3(8da5):
WS2_32.htons
WS2_32.inet_ntoa
WS2_32.socket
WS2_32.bind
WS2_32.sendto
WS2_32.closesocket
WSOCK32.setsockopt
WSOCK32.recvfrom
WS2_32.WSAGetLastError
"router ip: [%s]\n"
"sending NAT-PMP fwd request #%i...\n"
"setsockopt NAT-PMP fwd request #%i...\n"
"receiving NAT-PMP fwd request #%i...\n"
"NAT-PMP fwd request #%i - ok\n"
"NAT-PMP request #%i - port: [%i]\n"
|
sub_4499E1(8eb3):
KERNEL32.CreateFileA
"CONOUT$"
|
sub_408A60(8eb3):
KERNEL32.CreateFileA
"CONOUT$"
|
sub_402296(8f38):
KERNEL32.GetModuleFileNameA
":*:Enabled:"
"NTS"
"SYSTEM\\CurrentControlSet\\Services\\Share"...
|
sub_443217(8f38):
KERNEL32.GetModuleFileNameA
":*:Enabled:"
"NTS"
"SYSTEM\\CurrentControlSet\\Services\\Share"...
|
sub_405338(8f85):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
|
sub_402208(8f85):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
|
sub_4462B9(8f85):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
|
sub_443189(8f85):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
|
sub_40637D(9112):
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
KERNEL32.CloseHandle
KERNEL32.Process32Next
|
sub_4472FE(9112):
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
KERNEL32.CloseHandle
KERNEL32.Process32Next
|
sub_4496C1(9122):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
|
sub_408740(9122):
KERNEL32.InitializeCriticalSection
NTDLL.RtlEnterCriticalSection
|
sub_403113(92ea):
WS2_32.htons
WS2_32.inet_ntoa
WS2_32.socket
WS2_32.bind
WS2_32.sendto
WS2_32.closesocket
WSOCK32.setsockopt
WSOCK32.recvfrom
WS2_32.WSAGetLastError
"default gateway: [%s]\n"
"sending NAT-PMP request #%i...\n"
"setsockopt NAT-PMP request #%i...\n"
"receiving NAT-PMP request #%i...\n"
"NAT-PMP request #%i - ok\n"
"NAT-PMP request #%i - public IP: [%s]\n"
|
sub_444094(92ea):
WS2_32.htons
WS2_32.inet_ntoa
WS2_32.socket
WS2_32.bind
WS2_32.sendto
WS2_32.closesocket
WSOCK32.setsockopt
WSOCK32.recvfrom
WS2_32.WSAGetLastError
"default gateway: [%s]\n"
"sending NAT-PMP request #%i...\n"
"setsockopt NAT-PMP request #%i...\n"
"receiving NAT-PMP request #%i...\n"
"NAT-PMP request #%i - ok\n"
"NAT-PMP request #%i - public IP: [%s]\n"
|
sub_443427(93c2):
KERNEL32.OpenFileMappingA
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
KERNEL32.CloseHandle
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_4024A6(93c2):
KERNEL32.OpenFileMappingA
KERNEL32.MapViewOfFile
KERNEL32.UnmapViewOfFile
KERNEL32.CloseHandle
"{6EA9B038-C801-4F76-805F-E41ACF9ED165}"
|
sub_442694(95d9):
WSOCK32.recv
|
sub_401713(95d9):
WSOCK32.recv
|
sub_446D74(9711):
KERNEL32.CloseHandle
KERNEL32.FindResourceA
KERNEL32.SizeofResource
KERNEL32.LoadResource
KERNEL32.LockResource
KERNEL32.SetFileAttributesA
"#8001"
"resource here, size: %i\n"
"wb+"
"file <%s> NOT created\n"
"file <%s> created\n"
"file <%s> written, wsz=%i\n"
|
sub_405DF3(9711):
KERNEL32.CloseHandle
KERNEL32.FindResourceA
KERNEL32.SizeofResource
KERNEL32.LoadResource
KERNEL32.LockResource
KERNEL32.SetFileAttributesA
"#8001"
"resource here, size: %i\n"
"wb+"
"file <%s> NOT created\n"
"file <%s> created\n"
"file <%s> written, wsz=%i\n"
|
sub_4086A0(98ea):
KERNEL32.InitializeCriticalSection
|
sub_449621(98ea):
KERNEL32.InitializeCriticalSection
|
sub_401542(9964):
WS2_32.ioctlsocket
|
sub_4424C3(9964):
WS2_32.ioctlsocket
|
sub_4050B1(99ac):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
KERNEL32.lstrcmpi
ADVAPI32.RegCloseKey
"SYSTEM\\CurrentControlSet\\Services\\"
"NTS"
"ImagePath"
"C:\\WINDOWS\\nts.exe"
|
sub_446032(99ac):
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
KERNEL32.lstrcmpi
ADVAPI32.RegCloseKey
"SYSTEM\\CurrentControlSet\\Services\\"
"NTS"
"ImagePath"
"C:\\WINDOWS\\nts.exe"
|
sub_4450E3(9a44):
KERNEL32.CloseHandle
|
sub_4042CD(9aec):
WS2_32.inet_ntoa
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
WS2_32.htons
WS2_32.WSAGetLastError
KERNEL32.Sleep
"connection from [%s]\n"
"connection rejected (from [%s])\n"
"socks v%i [%s]\n"
"connecting to %s:%i\n"
"connection to %s:%i failed! %-( (%i)\n"
"transferring data...\n"
"data exchange complete\n"
"connection closed.\n"
|
sub_44722F(9b65):
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
KERNEL32.lstrcmpi
KERNEL32.CloseHandle
KERNEL32.Process32Next
"trying <%s> with <%s>\n"
"<%s>\n"
"trying <%s> with <%s> failed\n"
|
sub_4062AE(9b65):
KERNEL32.CreateToolhelp32Snapshot
KERNEL32.Process32First
KERNEL32.lstrcmpi
KERNEL32.CloseHandle
KERNEL32.Process32Next
"trying <%s> with <%s>\n"
"<%s>\n"
"trying <%s> with <%s> failed\n"
|
sub_446634(9cf3):
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
|
sub_4056B3(9cf3):
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
"load"
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVe"...
|
sub_443A83(a465):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WSOCK32.setsockopt
WS2_32.bind
WS2_32.sendto
WS2_32.closesocket
WSOCK32.recvfrom
WS2_32.WSAGetLastError
"239.255.255.250"
"239.255.255.250"
"shit!\n"
"xbind...\n"
"sending IUPnP discovery request #%i...\n"...
"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
"setsockopt IUPnP discovery request #%i."...
"receiving IUPnP discovery request #%i.."...
"IUPnP discovery request #%i -- checking"...
"schemas-upnp-org:service:WANIPConnectio"...
"IUPnP discovery request #%i: bad (0)..."...
"location"
"IUPnP discovery request #%i: bad (1)..."...
"IUPnP discovery request #%i: bad (2)..."...
"location: <%s>\n"
"IUPnP discovery request #%i: bad (3)..."...
"urn:schemas-upnp-org:service:WANIPConne"...
""
""
""
"http://"
"IUPnP discovery request #%i: ok.\n"
|
sub_402B02(a465):
WS2_32.inet_addr
WS2_32.htons
WS2_32.socket
WSOCK32.setsockopt
WS2_32.bind
WS2_32.sendto
WS2_32.closesocket
WSOCK32.recvfrom
WS2_32.WSAGetLastError
"239.255.255.250"
"239.255.255.250"
"shit!\n"
"xbind...\n"
"sending IUPnP discovery request #%i...\n"...
"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
"M-SEARCH * HTTP/1.1\r\nHost: 239.255.255."...
"setsockopt IUPnP discovery request #%i."...
"receiving IUPnP discovery request #%i.."...
"IUPnP discovery request #%i -- checking"...
"schemas-upnp-org:service:WANIPConnectio"...
"IUPnP discovery request #%i: bad (0)..."...
"location"
"IUPnP discovery request #%i: bad (1)..."...
"IUPnP discovery request #%i: bad (2)..."...
"location: <%s>\n"
"IUPnP discovery request #%i: bad (3)..."...
"urn:schemas-upnp-org:service:WANIPConne"...
""
""
""
"http://"
"IUPnP discovery request #%i: ok.\n"
|
sub_44A731(a608):
KERNEL32.GetEnvironmentStrings
KERNEL32.FreeEnvironmentStringsA
|
sub_4097B0(a608):
KERNEL32.GetEnvironmentStrings
KERNEL32.FreeEnvironmentStringsA
|
sub_444606(a7af):
KERNEL32.CloseHandle
|
sub_409100(aa28):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_44A081(aa28):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_401ADA(ab88):
"PktSend(%i): %i bytes\n"
|
sub_442A5B(ab88):
"PktSend(%i): %i bytes\n"
|
sub_403685(ad18):
KERNEL32.CloseHandle
|
sub_44C861(ae0a):
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.GetFileType
KERNEL32.CloseHandle
|
sub_40B8E0(ae0a):
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.GetFileType
KERNEL32.CloseHandle
|
sub_4425ED(b8a0):
WS2_32.accept
WS2_32.htons
|
sub_40166C(b8a0):
WS2_32.accept
WS2_32.htons
|
sub_44330B(b9ad):
KERNEL32.LocalAlloc
ADVAPI32.InitializeSecurityDescriptor
ADVAPI32.SetSecurityDescriptorDacl
|
sub_40238A(b9ad):
KERNEL32.LocalAlloc
ADVAPI32.InitializeSecurityDescriptor
ADVAPI32.SetSecurityDescriptorDacl
|
sub_408240(bafb):
"Handshake: bad packed (%i)\n"
|
sub_4085F0(bc2c):
NTDLL.RtlAllocateHeap
|
sub_449571(bc2c):
NTDLL.RtlAllocateHeap
|
sub_4495B1(bc2c):
NTDLL.RtlFreeHeap
|
sub_408630(bc2c):
NTDLL.RtlFreeHeap
|
sub_44CD71(c3e2):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_40BDF0(c3e2):
KERNEL32.SetFilePointer
NTDLL.RtlGetLastWin32Error
|
sub_4014CF(c461):
WS2_32.select
|
sub_442450(c461):
WS2_32.select
|
sub_403C3F(c5c5):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
KERNEL32.InterlockedExchange
WS2_32.inet_ntoa
KERNEL32.InterlockedExchangeAdd
KERNEL32.CloseHandle
"dep.mvl0an7.com"
"my port [%i]\n"
"SRV: [%s:%i]\n"
"SRV: connecting...\n"
"SRV: connecting failed.\n"
"SRV: handshaking...\n"
"SRV: rip? %i\n"
"SRV: handshaking failed.\n"
"SRV: ACK handshacking failed\n"
"* SRV: sending rejected IPs\n"
"SRV: ACK rejected IPs\n"
"SRV: ACK rejected IPs failed\n"
"SrvCommThread: done\n"
|
sub_44508F(c61e):
KERNEL32.CreateMutexA
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
"_win32__nts_um__"
|
sub_403604(c61e):
KERNEL32.CreateMutexA
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
"__win32__nts_sdm__"
|
sub_40410E(c61e):
KERNEL32.CreateMutexA
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
"_win32__nts_um__"
|
sub_444585(c61e):
KERNEL32.CreateMutexA
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
"__win32__nts_sdm__"
|
sub_44CC41(c81a):
"abort"
"arithmetic error"
"invalid executable code"
"interruption"
"invalid storage access"
"termination request"
"signal #"
" -- terminating\n"
|
sub_40BCC0(c81a):
"abort"
"arithmetic error"
"invalid executable code"
"interruption"
"invalid storage access"
"termination request"
"signal #"
" -- terminating\n"
|
sub_449D01(ca7c):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_408D80(ca7c):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_4036F6(caad):
KERNEL32.OpenMutexA
KERNEL32.CloseHandle
"_win32__nts_sm__"
|
sub_403658(caad):
KERNEL32.OpenMutexA
KERNEL32.CloseHandle
"__win32__nts_sdm__"
|
sub_444677(caad):
KERNEL32.OpenMutexA
KERNEL32.CloseHandle
"_win32__nts_sm__"
|
sub_4445D9(caad):
KERNEL32.OpenMutexA
KERNEL32.CloseHandle
"__win32__nts_sdm__"
|
sub_404E08(cb84):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.CloseServiceHandle
"NTS"
|
sub_445D89(cb84):
ADVAPI32.OpenSCManagerA
ADVAPI32.OpenServiceA
ADVAPI32.CloseServiceHandle
"NTS"
|
sub_446FC3(ccbf):
ADVAPI32.LookupPrivilegeValueA
KERNEL32.GetCurrentProcess
ADVAPI32.OpenProcessToken
ADVAPI32.AdjustTokenPrivileges
NTDLL.RtlGetLastWin32Error
"SeDebugPrivilege"
|
sub_406042(ccbf):
ADVAPI32.LookupPrivilegeValueA
KERNEL32.GetCurrentProcess
ADVAPI32.OpenProcessToken
ADVAPI32.AdjustTokenPrivileges
NTDLL.RtlGetLastWin32Error
"SeDebugPrivilege"
|
sub_44B5F1(cf78):
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_40A670(cf78):
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
|
sub_405EFE(d442):
KERNEL32.GetTempPathA
KERNEL32.GetTempFileNameA
"r"
"old DLL: <%s>\n"
"nts_"
"000.tmp"
"checking DLL: <%s>\n"
" DLL found: <%s>\n"
"nts_"
"trying DLL: <%s>\n"
"DLL ok: <%s>\n"
"DLL not extracted.\n"
|
sub_446E7F(d442):
KERNEL32.GetTempPathA
KERNEL32.GetTempFileNameA
"r"
"old DLL: <%s>\n"
"nts_"
"000.tmp"
"checking DLL: <%s>\n"
" DLL found: <%s>\n"
"nts_"
"trying DLL: <%s>\n"
"DLL ok: <%s>\n"
"DLL not extracted.\n"
|
sub_441FF7(daa4):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_401076(daa4):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_40CC50(dc13):
NTDLL.RtlGetLastWin32Error
KERNEL32.SetEndOfFile
|
sub_44DBD1(dc13):
NTDLL.RtlGetLastWin32Error
KERNEL32.SetEndOfFile
|
sub_403838(dc53):
WININET.InternetOpenA
WININET.InternetOpenUrlA
WININET.InternetCloseHandle
NTDLL.RtlRestoreLastWin32Error
WININET.InternetReadFile
NTDLL.RtlGetLastWin32Error
KERNEL32.DeleteFileA
"msdownloader"
"InternetOpenUrl(): %i\n"
"wb"
"fopen(%s)...\n"
"downloaded failed: [%s] --> %s\r\n"
"downloaded [%s] --> %s\r\n"
|
sub_4447B9(dc53):
WININET.InternetOpenA
WININET.InternetOpenUrlA
WININET.InternetCloseHandle
NTDLL.RtlRestoreLastWin32Error
WININET.InternetReadFile
NTDLL.RtlGetLastWin32Error
KERNEL32.DeleteFileA
"msdownloader"
"InternetOpenUrl(): %i\n"
"wb"
"fopen(%s)...\n"
"downloaded failed: [%s] --> %s\r\n"
"downloaded [%s] --> %s\r\n"
|
sub_408FD0(e23b):
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
|
sub_449F51(e23b):
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
|
sub_40B000(e625):
"0123456789ABCDEF"
"0123456789abcdef"
|
sub_44BF81(e625):
"0123456789ABCDEF"
"0123456789abcdef"
|
sub_401359(e78e):
WS2_32.socket
WSOCK32.setsockopt
|
sub_4422DA(e78e):
WS2_32.socket
WSOCK32.setsockopt
|
sub_409190(e89a):
KERNEL32.ExitProcess
|
sub_44A111(e89a):
KERNEL32.ExitProcess
|
sub_405CF6(ebc7):
KERNEL32.CloseHandle
"DLLTestListenThread: binding...\n"
"DLLTestListenThread: listening...\n"
"DLLTestListenThread: accepting...\n"
"DLLTestListenThread: done...\n"
|
sub_4424E8(ef0c):
WS2_32.htons
WS2_32.connect
|
sub_4015B7(ef0c):
WS2_32.htons
WS2_32.bind
|
sub_442538(ef0c):
WS2_32.htons
WS2_32.bind
|
sub_401567(ef0c):
WS2_32.htons
WS2_32.connect
|
sub_404F2A(ef6f):
ADVAPI32.OpenSCManagerA
ADVAPI32.CreateServiceA
NTDLL.RtlGetLastWin32Error
ADVAPI32.CloseServiceHandle
KERNEL32.lstrcpyn
ADVAPI32.ChangeServiceConfig2A
"C:\\WINDOWS\\nts.exe"
"Network Translation Service"
"NTS"
"service registered\n"
"Provides hardware-to-software binary ne"...
|
sub_445EAB(ef6f):
ADVAPI32.OpenSCManagerA
ADVAPI32.CreateServiceA
NTDLL.RtlGetLastWin32Error
ADVAPI32.CloseServiceHandle
KERNEL32.lstrcpyn
ADVAPI32.ChangeServiceConfig2A
"C:\\WINDOWS\\nts.exe"
"Network Translation Service"
"NTS"
"service registered\n"
"Provides hardware-to-software binary ne"...
|
sub_40AD50(f5c4):
KERNEL32.SetConsoleCtrlHandler
|
sub_44BCD1(f5c4):
KERNEL32.SetConsoleCtrlHandler
|
sub_448921(f905):
KERNEL32.CloseHandle
KERNEL32.ExitThread
|
sub_4079A0(f905):
KERNEL32.CloseHandle
KERNEL32.ExitThread
|
sub_44A7F1(fb0d):
KERNEL32.GetCommandLineA
|
sub_409870(fb0d):
KERNEL32.GetCommandLineA
|