0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.74
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Shiz-JT [Trj] | 20200313 | 18.4.3895.0 |
| Baidu | Win32.Trojan-Spy.Shiz.b | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200313 | 2013.8.14.323 |
| McAfee | BackDoor-FDOB!982EE80B3DD6 | 20200312 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b3d603 | 20200313 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| ALYac | Gen:Variant.Ulise.39843 |
| APEX | Malicious |
| AVG | Win32:Shiz-JT [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Ulise.39843 |
| AhnLab-V3 | Trojan/Win32.Gen.C1571325 |
| Antiy-AVL | Trojan/Win32.Unknown |
| Arcabit | Trojan.Ulise.D9BA3 |
| Avast | Win32:Shiz-JT [Trj] |
| Avira | TR/Hijacker.Gen |
| Baidu | Win32.Trojan-Spy.Shiz.b |
| BitDefender | Gen:Variant.Ulise.39843 |
| BitDefenderTheta | AI:Packer.A5EC50951E |
| Bkav | W32.AIDetectVM.malware |
| CAT-QuickHeal | Trojan.Beaugrit.S16628 |
| ClamAV | Win.Trojan.Generic-6323528-0 |
| Comodo | TrojWare.Win32.Spy.Shiz.ZV@6ldvxf |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cylance | Unsafe |
| Cyren | W32/Shiz.R.gen!Eldorado |
| DrWeb | Trojan.PWS.Ibank.323 |
| ESET-NOD32 | a variant of Win32/Spy.Shiz.NBX |
| Emsisoft | Gen:Variant.Ulise.39843 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Shiz.R.gen!Eldorado |
| F-Secure | Trojan.TR/Hijacker.Gen |
| FireEye | Generic.mg.982ee80b3dd6df39 |
| Fortinet | W32/Shiz.NBX!tr |
| GData | Gen:Variant.Ulise.39843 |
| Ikarus | Backdoor.Win32.Simda |
| Invincea | heuristic |
| Jiangmin | Backdoor.Generic.axsv |
| K7AntiVirus | Spyware ( 004cadd91 ) |
| K7GW | Spyware ( 004cadd91 ) |
| Kaspersky | HEUR:Backdoor.Win32.Generic |
| MAX | malware (ai score=89) |
| Malwarebytes | Trojan.Banker |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | BackDoor-FDOB!982EE80B3DD6 |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.bh |
| MicroWorld-eScan | Gen:Variant.Ulise.39843 |
| Microsoft | Backdoor:Win32/Simda.gen!B |
| NANO-Antivirus | Trojan.Win32.Ibank.esrglb |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM20.1.D9EB.Malware.Gen |
| Rising | Backdoor.Generic!8.CE (TFE:dGZlOgPVgBt2iNDDHA) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Mal/Emogen-Y |
| Symantec | ML.Attribute.HighConfidence |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2011-08-02 17:26:00
PE Imphash
173abfa8f7d7adac2a90a2e42625b7d9
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00002b14 | 0x00002c00 | 6.115647371012377 |
| .rdata | 0x00004000 | 0x00001bf8 | 0x00001c00 | 6.098143094424814 |
| .data | 0x00006000 | 0x0005711c | 0x00053800 | 6.759145336421315 |
| .reloc | 0x0005e000 | 0x0000099c | 0x00000a00 | 6.07318440201103 |
Imports
Library MSVCRT.dll:
• 0x40412c wcsstr
• 0x404130 _snwprintf
• 0x404134 strstr
• 0x404138 _snprintf
• 0x40413c _except_handler3
• 0x404140 memset
• 0x404144 memcpy
Library SHLWAPI.dll:
• 0x40416c PathAddBackslashA
• 0x404170 StrStrIA
• 0x404174 PathFileExistsA
• 0x404178 PathAppendA
Library ntdll.dll:
• 0x404190 RtlAdjustPrivilege
• 0x404194 RtlImageNtHeader
• 0x404198 RtlCreateUserThread
Library KERNEL32.dll:
• 0x404028 GetSystemTimeAsFileTime
• 0x40402c GetModuleFileNameW
• 0x404030 SetCurrentDirectoryA
• 0x404034 MoveFileA
• 0x404038 DeviceIoControl
• 0x40403c ExitProcess
• 0x404040 GlobalAddAtomA
• 0x404044 GlobalFindAtomA
• 0x404048 CopyFileA
• 0x40404c GetCurrentProcessId
• 0x404050 InterlockedDecrement
• 0x404054 CreateFileW
• 0x404058 GetVersionExA
• 0x40405c FreeLibrary
• 0x404060 IsDebuggerPresent
• 0x404064 GetTickCount
• 0x404068 GetVolumeInformationA
• 0x40406c GetEnvironmentVariableA
• 0x404070 GetModuleFileNameA
• 0x404074 CreateFileA
• 0x404078 SetFilePointer
• 0x40407c MoveFileExA
• 0x404080 lstrcpynA
• 0x404084 SetEndOfFile
• 0x404088 UnlockFile
• 0x40408c LockFile
• 0x404090 SetFileTime
• 0x404094 WriteFile
• 0x404098 IsBadWritePtr
• 0x40409c ReadFile
• 0x4040a0 GetFileSizeEx
• 0x4040a4 GetLastError
• 0x4040a8 SetFileAttributesA
• 0x4040ac GetTempFileNameA
• 0x4040b0 GetFileTime
• 0x4040b4 GetTempPathA
• 0x4040b8 DeleteFileA
• 0x4040bc GetProcAddress
• 0x4040c0 GetModuleHandleA
• 0x4040c4 HeapAlloc
• 0x4040c8 HeapFree
• 0x4040cc GetProcessHeap
• 0x4040d0 HeapValidate
• 0x4040d4 GetCurrentProcess
• 0x4040d8 Sleep
• 0x4040dc FlushInstructionCache
• 0x4040e0 VirtualAlloc
• 0x4040e4 VirtualQuery
• 0x4040e8 Process32First
• 0x4040ec VirtualFree
• 0x4040f0 CreateRemoteThread
• 0x4040f4 OpenProcess
• 0x4040f8 CreateProcessA
• 0x4040fc Module32First
• 0x404100 GetHandleInformation
• 0x404104 VirtualAllocEx
• 0x404108 LoadLibraryA
• 0x40410c Process32Next
• 0x404110 CreateToolhelp32Snapshot
• 0x404114 Module32Next
• 0x404118 CloseHandle
• 0x40411c WriteProcessMemory
• 0x404120 SwitchToThread
• 0x404124 GetSystemWindowsDirectoryA
Library ADVAPI32.dll:
• 0x404000 RegCreateKeyExA
• 0x404004 RegSetValueExA
• 0x404008 RegQueryValueExA
• 0x40400c RegOpenKeyExA
• 0x404010 RegFlushKey
• 0x404014 RegCloseKey
• 0x404018 OpenProcessToken
• 0x40401c GetTokenInformation
• 0x404020 GetUserNameA
Library ole32.dll:
• 0x4041a0 CoUninitialize
• 0x4041a4 CoCreateInstance
• 0x4041a8 CoInitializeSecurity
• 0x4041ac CoInitializeEx
Library OLEAUT32.dll:
• 0x40414c SysFreeString
• 0x404150 SysAllocString
• 0x404154 VariantClear
• 0x404158 VariantInit
L!This program cannot be run in DOS mode.
`%{`%{`%{i]a%{
b%{i]u%{`%z%{
Sa%{Rich`%{
`.rdata
@.data
.reloc
3WhxD@
_^[]_^
SSShD@
SSSSEPSSQ
URh,E@
@:u+W?
3_6MQh
U SV3Wu;
3EEEEEEj
EPhp @
_^[]UV39u
SVW3j@ESP];!
3SQ]EEE
MQURSSSSSSSPED
SVW3h$
KTEPQh
URUPWQR
@(E;|}uCPURh
t,MQWE
E_^[]U
U$VW=t@@
EPMQURV
t:UREPMQV
3EEEEEEEj
EPhp @
SVW3h
mE_^[]UjhR@
3QSSj&S
u;t2hM@
;t"]SE
SSShM@
TX\`dhlp
t0SDPj
^[]U`S3VSh
]]]E^DE
tAW=@@
SMQj(URV
MUSEPMj
SW=x@@
_[^]U4
W}}}}}
URhpN@
URURPA(=
uyMQhN@
RPA *}'E
QHWP3E5LA@
S3VWD$
D$ D$$D$(D$,j
P3hp @
0@:uD$0P
;t hE@
t)D$0HH
@:u|$0+OO
T$0RhN@
L$4Q$@
t$0PYL$
Q-;tDV
VD$4%3
L$4Q$H
;t hE@
L$0Qqh
U@+f=`A@
t=ehN@
fu@hN@
fu@hN@
UE}]MQ|E
x[h(O@
usEUR3u
URh8C@
P;|>h,O@
MU=XA@
uEEEPMU
EQ}UEq
EPRQOD
T$0RD$4
QSt$ t$$
T$,RVWS
u/MQREPj
SVW=p@@
Nwt\=>
tU=dotNh
3_^[]UVE
yd?BcsV
9F+Jb{h!kcF
iMX7e{
NKagj(hOTmR Mr
MuCuDY6Ag
2zQGWvB)
ADj\8PmC(
Ij5*WA z:L
&>Mb=LkI
<Gh^PF
*7R/mufO*}
mSwOR5o
L_}zi6
,RCfm&
\NOLLYDBG
wireshark.exe
dumpcap.exe
idag.exe
vmwaretray.exe
\\?\globalroot\systemroot\system32\vmx_fb.dll
SystemDrive
software\microsoft\windows nt\currentversion\winlogon
software\microsoft\windows\currentversion\run
userinit
\\?\globalroot\systemroot\system32\drivers\ntfs.sys
ntdll.dll
RtlUniform
kernel32.dll
IsWow64Process
kernel
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
server
idontknow
administrator
666666
12345678
soccer
abc123
password1
football1
fuckyou
monkey
iloveyou1
superman1
slipknot1
jordan23
princess1
liverpool1
monkey1
baseball1
123abc
qwerty1
blink182
myspace1
user111
098765
qweryuiopas
qwerty
111111
password
123456
Windows Defender
MpClient.dll
WDEnable
\\.\KmxAgent
____AVP.Root
\\.\pipe\acsipc_server
\AVG\AVG9\dfncfg.dat
\AVG\AVG9\dfmcfg.dat
\PrevxCSI\csidb.csi
BL09n@:
j`4bOND
PTue Aug 2 12:53:17 20112
winlogon.exe
explorer.exe
\apppatch\
svchost.exe
Tue Aug 2 12:53:17 20111
user32.dll
HARDWARE\DESCRIPTION\System
SystemBiosVersion
test_item.exe
SANDBOX
MALNETVM
VIRUSCLONE
test user
\sand-box\
\cwsandbox\
\sandbox\
_snprintf
strstr
_snwprintf
wcsstr
MSVCRT.dll
SHGetFolderPathA
SHELL32.dll
PathFileExistsA
StrStrIA
PathAddBackslashA
PathAppendA
SHLWAPI.dll
RtlImageNtHeader
RtlCreateUserThread
RtlAdjustPrivilege
ntdll.dll
IsDebuggerPresent
GetTickCount
GetVolumeInformationA
GetEnvironmentVariableA
GetModuleFileNameA
CreateFileA
SetFilePointer
MoveFileExA
lstrcpynA
SetEndOfFile
UnlockFile
LockFile
SetFileTime
WriteFile
IsBadWritePtr
ReadFile
GetFileSizeEx
GetLastError
SetFileAttributesA
GetTempFileNameA
GetFileTime
GetTempPathA
DeleteFileA
GetProcAddress
GetModuleHandleA
HeapAlloc
HeapFree
GetProcessHeap
HeapValidate
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
VirtualQuery
Process32First
VirtualFree
CreateRemoteThread
OpenProcess
CreateProcessA
Module32First
GetHandleInformation
VirtualAllocEx
LoadLibraryA
Process32Next
CreateToolhelp32Snapshot
Module32Next
CloseHandle
WriteProcessMemory
SwitchToThread
GetSystemWindowsDirectoryA
FreeLibrary
GetSystemTimeAsFileTime
GetModuleFileNameW
SetCurrentDirectoryA
MoveFileA
DeviceIoControl
ExitProcess
GlobalAddAtomA
GlobalFindAtomA
CopyFileA
GetCurrentProcessId
InterlockedDecrement
CreateFileW
GetVersionExA
KERNEL32.dll
FindWindowA
CharUpperA
PostMessageA
USER32.dll
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegFlushKey
RegCloseKey
OpenProcessToken
GetTokenInformation
GetUserNameA
ADVAPI32.dll
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity
ole32.dll
OLEAUT32.dll
_except_handler3
memset
memcpy
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
L!This program cannot be run in DOS mode.
`.data
.reloc
EZXE_]
F<W|0xu
D0|L7$U
;sz;rv3;.E
E;s[SVQ
3VEEEEEEE=h]
E^]U83VWE
EEEEEEh]
wPhJaPej@h
WTU}uMu
D0,~*HM
M}uM(Ju
uFP+V4RP;
h[Au0PV
EPIMQV
EEEEh]
E}uMMq(
PR[_hmPj
L!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
SWWWWjPWW
WWSVjPWW
t WWVh
t<WWVh'
3VVVVjWVV
3VVVVjWVV
EEEEEEE
;}r^3j
EEEEEEE
WStS_^E
E3EEEEEEj
;}r_3j
]EEEEEE
3t^VVVVjWVV
_^[]U,
_^[]_^
[]UDSVW
WSPQRN
K_^3[]
Ju_^3[]
\}tX]EU
JU:t.O3
x[_3^]
T8u_^[]
SVW rf}
+E3t0M
9u_^[]
QUVUKOu
3Jt-SVx#33
D$<L$<
D$<D$<y
IJuD$<@D$<
QSRVPt
MUP<6WQSRE
MUPWQSR
QPR3_^[]
USQPPR N
MESVQU
EMRUPQVR
u&ESWPM
UEQMRPWQE
Mv:u}$
MUPQVWRE
MUPQVWR't
F;ur_^3[]
WWWWURWWP
u'URUEPMQj
@u+;ru
^u4MQh
u'MQMUREPj
u'URUEPMQj
@uVW+OO
MQMUREPj
E]UQEPh
^UHSV5P
PSEu<WP
fD$8SP\$<p
L$0QVD$8(
L$\T$`D$d
T$8L$TQRhZ
]EMfU9]
VWUEPMQjh
@u}Gkd+
WURUPj
SSV]Sj
URPXQV
URPXQV
URPXQV
EPQXRV
URPXQV
URPXQV
URPXQV
3+P3+P39X
URPXQV
@u+EEE
URPXQV
^[]U8E
]EEEEEE
;}ra3j
]EEEEEE
EEEEEE
;urj3j
EEEEEE
EEEEEE
;}rj3j
]3EEEEEEEj
Ut[Vh
}tXM3It.$
<>http
}UFJ;r
}tZU3t.
<>http
VU}EF;r
3_[UVu
EEE1X_
,_^[]U8
URWVuSV$E
u3;t Uh
u8V$t.
URUPMQVh
MQMREPVh
}7@}2j
GN_^[]Qh
NVPL$0QR
3fD$(D$*PfT$,
3EEEPS
UQ3E9E
tE;tASj
S-%50R
SVW3VEPE
PEMQSRP
@:u+V@3;t'x
@:u^E;t
RUEPSQR
@:u+V@3;t'x
@:u^E;t
3SRfMS
@:u3fE
SVW=XR
%_^[]UQS
]_^[Y]
u_^[Y]
MQPjE3@fE
^USVWh,
^ ^$fN
SSQSVR
D$0D$4D$8D$<
D$@D$DD$HD$L
D$@t$(t$$D$
AJu\$(L$
D$$SPS
;|$ u1|$
D$$SPS
3C\$(L$,
2_^[]U4
t$(t$$D$
AJu\$(L$
D$$SPS
;|$ u1|$
D$$SPS
3C\$(L$,
2_^[]U,
E};}u4}
tuEVPEV
_^[U4l
EEEEEEEPj
\$PD$T
j@T$HSRK
PSjj$S\$(D$TD
RD$DPSSSSSSS$
D$(D$,D$0$
PSjj$S\$8
PSSSSSSS$
;tD$(T$,=\Q
O9W=PMOAUWEEPMUw
u2_^[]
G8W._^[]
p;}^[3_f
+QM+RPQj
U4SVWj
QWj Wf}
PW_^[]
T$$RSD$,<
QT$8R||$
RD$8P:|$
PL$8QE
RD$8PE
SB6tTj
tg;u29
PQr_^[]
PQ_^[]
PQr_^[]
PQ_^[]
PQr_^[]
PQ_^[]
PQr_^[]
PQ_^[]
PQr_^[]
PQ_^[]
t5t1>0u,F
t5t1>0u,F
EEEEPE
_3^_^%L
S3VW9]
3EEEEEEj
;}r[3j
]EEEEEE
E4M0U,PE(QM$RU PE
M4U0E,QM(RU$PE QM
r3@tGEPVE<
r3@tCMQVE<
:U@VEPVE<
t#MQWE
PE+QM+S+P+
UEMRUPQR
]EUMh
RU+QM+RPQS
_^[]ULS
E?M};}
VuWV+RU+PSQR
_^[]U<S]
taURjSE<
F(MQjS
t;j8Ej
WPP(^]U
S3VW]]9]
WPP/C;]~}t
EM+|+MjVEM
taURjVE<
MUEMQjV
EMU|Pj
EM+E+MjVE
t(DHLE
t(DHLU
EMUEPj
PP_^[]
E^]US]
3WWj1P
L$lQj<P
T$0RWD$8<
uuD$ P'V\$ D$
D$$L$,T$ h
Vj'j#SPh
UQSVWEPh
<_^[]SVW
LSVWPQj
RJjV%PjV
t';t#j
u3_^[]
UQSVWj
E_^[]U,
u4V7t#S
;u0;t&5P
A A$A(A,_^[]
;r_^3[]
+_0^[]
A+_0^[]
+_0^[]
+_2^[]
0Nu;tLu2t
_^[UVu
@u+;u-t)t%3
BA;|[_3^]
UQSVW}
33M<-u
G<0|4<9
IF;r_^UE
?:tD;r_^[]
;:tXU;r_^[]
VPC$s(EH
UQSV9}
MA@M;M
3U;s^;s
>:tHU;r_^[]
u>2u08F
t5MQP*t
t/EPh@
DF^US]
3t9VW{
u*t"SW
tIE;v:PE
:u!E++R
MWQS#T
UDSVW}
=POSTu
=GET u
QRVD$$PD$
T$ RZ
T$$D$ RPu
WPV|$
G _^[]
_^[]_^[]
_^[]UU
Wt%t!t
G0;rRSV
QRD$0P
RD$8PD$
T$0+T$4t$
D$$VPS(N
_(+_,;s
3G$G(G,_^[]j
_^[]UVW}
@0;r_^]
Vs^]Vj
Eu@,Eu;
#_^3[]
u3Bk,R<
t"WWWW~
Ik,QW;
L$ QRt$@
uPG(PoK
D$0t?O
D$0L$,PQ
G +G$M
EPQj-^ R
t/=POSTu
}M}}9}
URVj"PE
EMQURj
MQWj)R
UuWPEQMRPh
@u+P={
U8S3VW=pQ
EEEEEEj
;ur[3j
]EEEEEE
U8S3VW=pQ
EEEEEEj
;ur[3j
]EEEEEE
Wu43D$
D$ D$$D$(D$,D$0D$4D$
Wu43D$
D$ D$$D$(D$,D$0D$4D$
WPQRSu
WPQRSbu
t[H$@ ;u"E
38 t%>
u38 t-$
URUPMQSh
@:u+V@3;t'x
@:u^E;t
3SRfM3
@:u3fE
totktg}
<#t/<
t'<*tP
CFG;u3;u
;t8;us+
@uMQ+RUPE
tdSVW]tGE
VR+PQV
u_^[h
UtSVWD$(P
QRWWSSP
D$DL$HD$\
fT$f <
WjBD$`(
L$h\$p\$t\$x\$|$
T$HSL$\QPRSD$(D$$VP
SSW6BM
T$BfD$@\$,
SPVD$4
SL$ Qj
SSV\$0
Sj(SPVD$0
SL$$Qj(T$dRV
Sj(SPV
\$ 9\$
t@;t<j
SWSPVD$0
SL$$QWRV
@u+PSD$ MT$
3QQ3PW
@u|$ +OO
3QQ3PV
T$ RVSW
3EEEVPE
@u+t4E
U<SVWj,D$ j
QQQQjWQQ
Mu_[t#EPVE
^]VB^]U0
DFu_^]U
u'MQMUREPj
u'URUEPMQj
SVW3hh
@u+S[u
VW3u5tds
_^U<SVW
E3EEEEEEj
;}r[3j
]EEEEEE
E3EEEEEEj
;}r[3j
]EEEEEE
E3EEEEEEj
;}r[3j
]EEEEEE
EPEQURWVP
@u+3@t(x
URUPMQWVR
@u+3@t(x
@uM+PE
SVWh$5
S%_^[U0
VPuuuuE
|U SS4
EPEMQURh
tyE$trj
M QWVS
t#E PSE
EPV&Vj
E_^[]$
^]_[3^]U
@SVWe3
;}rn]3E
]3EEEEEE
@uS+W^_
@u+tt0
t#URVE
MQURUMQj
@u+PVX
t#URSE
PEVuPEQSWRh
@u+Eo_
t#URVE
t#EPVE
t#MQVE
t#URVE
t#EPVE
t EPVE
t MQVE
t URVE
t EPVE
t MQVE
t URVE
t EPVE
t MQVE
t URVE
t EPVE
t MQVE
t URVE
t EPVE
t MQVE
t URVE
t EPVE
t MQVE
u9PPPh@
t#MQVE
t#URVE
_^3]UQVj
t#EPVE
SVW3Wj
9txQhPX
SVW3D$
t$0t$4t$dt$h$
t$Lt$P
;tZD$@P$
QT$`RD$0PW
L$$3L$
D$ PWt$(
t$8t$<t$Tt$Xt$tt$x$
;tQL$xQT$lRD$PPL$8QS
W<D:PPD$
t$Dt$Ht$|$
t$lt$pt$\t$`
D$4;tUT$PRL$dQT$xRL$DQP
;t(?SV
@uSV+W
UMQPPPh
@u+t"|
MQRURh?
@u+@PEVj
P_^[]U
EMPQDh
FMu_[^]
EEEEEEEF
V$PQj R
t:F(~2N
_^3[]3h
F4F(F,
j P}~$
<Nt <Ft
B;U|_^[]U SV~4
t2F(~*N
_^[]VW
;u_^3_^U
Vtct_WS
tEWSV
WV#WV|R
=GET t
=POSTu
E3EEEEEEj
;}r_3j
EEEEEE
=GET t
=POSTu
E3EEEEEEj
;}r[3j
]EEEEEE
E3EEEEEEj
;}r[3j
]EEEEEE
E 3EEEEEEEj
;ur^3j
EEEEEEE
VWPQSR
E3EEEEEEEj
;ur^3j
EEEEEEE
_^W3_UE
[]_2[]U,
L$8D$(}]
RD$@PS
8D$9u|$
D$;HD$
QT$@RS
~AD$8P
T$4D$,|$,t$4
j@L$\Q
uvT$XR
T$0D$4|$(t$4L$0
RD$LPW
QT$<RV
RD$LPW
u'MQMUREPj
u'URUEPMQj
MSVWPPQh
t#URVE
_^[]Ujh
MEPj@j
hPVFE3E
tPVF39
$PVF39
PVFMQV
EPj@QW:
URj@VS
UMQRVS
t#EPVE
Nu)9uu
V3tbSVVVVjPVV
<#t3<
t+<*t[
BFG;uE
r^_3[]
u)3t#U
F;r^3[]
33fEEfMEPMQU
t U+fE$fEM
tj;uad
@uVW+OO
@uW+OO
@u+PSr3h
@uVW+OO
@uVWh\
@uSVWh\
|_^3[]
t'VMQPE
jdUQVhx
@uVWh`
EEEUEEEfEU
EEEUEEEfEU
t#EPVE
@uSVW+OO
EEEUEEEfEU
EEEUEEEfEU
EEEUEEEfEU
3EEEEEEEfEEE
EEEUEEEfEU
3EEEEEEEfEEE
@uSVW+O$
3FVRhd
|_^3[]
@uVW+OO
SVW=XR
l$_^[]U
@u|$(+OO
@u|$(+OO
@u|$(+OO
@u|$(+OO
@u+P$t
PD$02D$
SP\$$x
@u+P$$
_^[]US]
up3;tNVVShP
P_^3[]
t#URVE
?POSTuZ
t#EPVE
@u|$(+OO
@u|$(+OO
PL$,Q5
@u|$(+OO
@u|$(+OO
@u+P$t
_^]Qhh
@uVWhl
@u+PV3h
@uSVWhl
|_^3[]
t'VMQPE
^]UQSVW=XR
a_^3[]U
@uSVW+O$
3FVRhd
|_^3[]
@uSVWhp
UQSVW=XR
_^3[]U
@uVW+OO
^]_[3^]U3$9E
3EEEEE
@uSVWht
|_^3[]
t'VMQPE
3SVWD$
3VVVVjWVV
P3St$ t$$
VVSt$(
3QQQ3PS
@uSVWhx
@u+PVs3
@uSVWhx
|_^3[]
UQSVW=XR
_^3[]U
SV3Wt$
D$ PWt$(t$,
SD$(D$$j
3QQQ3PW
_^[]U$
@u+PS$
@uSVWh|
|_^3[]
UQSVW=XR
_^3[]U
@u+PVe_^[]
@u+PRmc_^[]U
@uSVWh
|_^3[]
3^]3]UQSVW=XR
_^3[]U
uEVPPPh
@uSVW+O$
3FVRhd
|_^3[]
3^]UQS
UQSVW=XR
a_^3[]U
@uSVWh
|_^3[]
@uVW+OO
@uW+O$
@uSVWh
|_^3[]
@uVW+OO
_^t9HH
@u+PQI_^[]U
@uVW+OO
@u+PV7Eh
@uSVWh
|_^3[]
Hjd?UQS
@uSVWh
|_^3[]
Hjd?U,
.iniPj
@u+PRb<h@
_^3[]U
@u+PQ9_^[]U
@u+PV:8_^[]
@u+PV*6j
t#EPVE
@u+PS2E@E;E
u[E<C3
@u+PRT1hp
UQSVW=XR
a_^3[]U
UQSVW=XR
a_^3[]U$SVWPj
8ADVAu
E_^[]U(SVu
;t@EPMQUREPS
MQPPPh
@u+t |
@u+@PESj
URMEPh?
@uM+@PWj
SVW3h$
EPQRWV
URUPWQR
;|}u[(j
SVWEPh
EMQVURj
t)t%Vj
_^3[]_^[]U
URtPEPW
tEW5\3?
u[_^]U
URtPEPW
tEW4[3?
u[_^]U
t.u:ERPltEP
RV [=P
3EEEEEEEj
E]UXVE
VE3SSE
SSVQRSSW
};tuh
3PSPPPQW
?[_3^]
fEBME6
SVW3h
mE_^[]U4
VW3EPWWj
uzMQURPEP
uc9}t^uti=U
tIEMQURj
_^]UQE
|_^[]U
MEUEE(|
G@;|ME
3A}u]=
]f:M}U
]uu_^[]U SV3H
DU@fDU3
Mu_^[]
S3V]]9,
_^[]UQj
u3]UQj
;F u!N$t
f9UuHEH49Mv=j
2UQS3W8^$u
t#EPWE
;t-MQWE
S3VW^P^X^T^L^D^d^H;u
_^[]SSj
E;t-];t
E_^[]_FT
^3[]U S3W^P^X^T^L^D^d^H;
u2F<PN0QFDPV,R;u}SSSW
~P3_[]
EPMQUR
F<^0^4^8~P3_[]
_[]U$S3
EP^P^X^T^L^d^HF,
EPMQUR
^0^4^8F<3[]UE
Wt=F`~\;sr+;v
oFL_[]
7FL_[]
t,W~Pt#EPWE
UQSVW^hS
t&t!WS;u#
E_Fd^3[]_^
{PSXCT
{L{d{H{\{`
C0UEC0
x9SLKD
K(_^[]
USVW=P
3;t+hp@
^$^(^P
u,8^$u'E
;t#VSP
T$LRQPD$
L$\QWh
u_^2[]
P.@/H<H@HDP,
fP0fP2@4
fp0fp2fp4^:t
H8[f@6
[UQSVhP
MQVLR4
EF0W~,EG
CPCTEt
_^[ULSVW=
;|++Fd+
Vh;|*+Fl+
~%FtNp
VPFxQFl
MVfFEFEN&F
Ou_^[]
EM;thu
?;u_[^]
9 t5V$
W9;t7E
QRt 6?;u;u
G6;u_^[]
u[^V7>
QPV]8W
M;~n;~
QR@u*G
RPt&9w
V _^[]
;UuM^;|
SWPQ_[]j(
;u^US]
VPQK|W
fEfuf}u
UUEEM;M}
EEfMfM
UUfEfE
MMfUfU
EEfMfM
E9E}3MM
MMUUE;E}
UUfEfE
MMfUfU
EEfMfM
UUfEfE
U9U}5EE
MMUUE;E}
UUfEfE
MMfUfU
EEfMfM
UUfEfE
U9U}3EE
fMfuf}
QPV{t@u
U0SV5R
EUPURQ
@uM+QE
j({$C(
f{*C,C0C4`v
CL{P{TV
RPWW j(CX
C)_^[]
r.N;s!
}RFB u
USVWjA
fP,H0P4
*fffff
;t9p$u
HLVW0u
3@fEfUu
HXVW0u
@u+@fEu
SVW3h<
`WQ\Ws
@uT+OO
@u+@PLQPRj
S33_^[]
j,\QRp
@PQPRj
33_^[]
MQWRW@P}}
2_^[]E
UIPSE5
Mu!E;s
ME@E }}}NEj
_^[]_^
@u+@PDQPRj
UPQR\h
MQWSP.UR<P
U$SVWj
V_^[]j
E3F,^+Tv
VMQUREPE
RPQ0F\WP
NXWQ[VLWRQW
R_^[]j
Ft^x_^[]
Ft^x_^[]
Nx_^[]j
EMPEQMPQV_^[]j
fUfMfU
QRV_^[]j
URV_^[]j
_^[]fU
VXFLRPM
]t8E;|
FLPWNF\PWu\O
FLPV\RPEnF\P
}SWNSxFPNT]
VLFXRP
NXSQ{VXWRq~\
3FPFT8Ev
3P]MQE,tq
URMQW}Uge
MUB~4x
A~0UR@
3P]=MQEqtpEU
MQMQR}Ud
MQMQR}Uc
EGu]}G
t%;~!]
U;t UREPW}
ERQWPVM9RQWPVS
-RQWPVv
tY}MQP
QLURCE_^[]
fMfMfMfMfEfM
fuf}fEu
;r'J;s
;r,J;s!
;r,J;s!
SV3tG\
@;r1Q;s#$
@Q;rIM
@;r,Q;s
@Q;rIM
@;r3Q;s%
@Q;rIEH
4fVI"T6
CE_^[]
r.J;s!
uJ~F=U
u[URPj
u{UR3VPVO
QSP_^[]
6_^2[]
QPVt@u
333;;s&K
;|_^[]
@A;ru$N
+U S]$~1V
+U S]$~/
333;3s)8C
3~;+Wd$
F@;|_^[]
A;rU$J
+U W}$~5S
+U W}$~3
333;:s,8B
F@;|_^[]
A;rU$J
+U W}$~3S
+U W}$~1
333; s)8G
GW;}rEM U$
~C4vSu
@W} M
E;shd$
;]ruE$
z_^[]
~<V4X;s%:]
f<{fx;r}
~M;sdE
f~;ur} EM$
@W} u 4F
;]rE$M
z_^[]
] ;sP2M
;]ru}E$
m_^[]
~:V4;s#:]
~;ur} EM$
@W} u
;]rE$M
E ~ S]
P,SWx,:
:X/u\tHf
f;X0uKf
f;X2u>f
f;X4u1
_[F|05
VUUUm
B<J<tI
_PVR_U
p2_^[]
Eu3~$}u
s?E3~$}u
S3;tkW=
t F ;t
^$_[U4S
fuIf9G
u+8F/t&
M3Ef;O
uf;srM3ME
@E;|_^[]
EMu_^[]UdE
F4E3E9E
#u#}#EMMM
#]E#E#UMMME
;E|EMU
{g_tBE
MUPEQRPbE
P]V[^[]
KXQ]V[^[]
SPQVt%F4+
F0W;~8M
SQPVxt
VPQK|W
fEfuf}u
UUEEM;M}
UEEMMUUEE
U9U}3EE
MMUUE;E}
MUUEEMMUU
M9M}5UU
PoE_^]
MMUUE;E}
MUUEEMMUU
M9M}3UU
EUREPV}U
MMMM9M
3It-It%
EM#E#U
E#]3M#EM
Ht9Ht.
t"3~03I
;|_^[]
USVWhP
P,S,P0S0P4S4@8QC8
V2W8Tv
i3_^]E
xi3_^]_^]U
hrL=8}
5hL=8}
3:_3^J
U;Us$E
M}!w U
MUUE;Er
+EEM;M
)2_^[]
3fu&fE
URMQURMQ
ERUQMRPQRS
O_^2[]
MMUUE;E}
E9E}3MM
UREPUREP
f;Et@;
EQMRUPQRPS
ulMUQREE
EEMMU;U}
E9E}5MM
UQSVWE
_f2^[]
UREPUREPE
MUPEQMRUPQRS
EEMMU;U}
U9U}3EE
UQSVWE
^F^[]F$
^[]UQ=]
Ht-HuF93
#__{UQSVWj
V_^[]J;s!
uL~H=U
F(9F$u
wN(V Wh
GLHGT7G
WXF(N h
G8F(N RP
G@F(N RP
V(PF R
9W8tG9W@tB9WDt=;t9
V3;t`P
;tY9p tT9p$tOp
_^U3V;
S^(>N(*
u0F([3^]
[F(3^]
*t(Et#It
N$PF(P
N$PF(P
N$PF(P
N$PF(P
F(N$RP3q
F,NLVD
F<3fDJNLFDWT
~l~\~t~h~HV|FxF`_U
WlG|O8SV
Gp;U}+\
]U_4#]
(Ot^[;v
}^<+^tFlN,+
];r^F8W
VLFD)~p)~l
3#FTFH
N<;sj~l
_[]UQSVu
FlN\EVlFt
Nl>N\G
V\NlF,+-
Nl>N\G
s"QFt]
rjFHNXVl~4N8
3#FTND#V@FHf
zNl#N4V@
JNHVDf~lf<Jt
PhF`~`
fNlf+Np
)FtNt]
rZHF`$
~lVlN8
^HNXND3#FT^4FH
FlNHVDf
VlNXF`
3#FTFH`VlF8
3Vl+RP3
Fl>F\G
D_^3[]
rIFHNXVl~4N8
3#FTND#V@FHf
zNl#N4V@
JNHVDf~lf<JN`Vp
NxVd^`tO;
sGVlN,+
fVlf+VdFxf+
^lVl;w>FHNX^4N8
3#FTNDFH
FlNHVDf
Nl>N\G
f_^3[]
3Vl+RP3
Fl>F\G
NlNtNhl~h
tFVlF8D
FlUNlF8
3Vl+RP3
Fl>F\G
USVW~t
3+PQ3?
Fl>F\G
Em@@E;E|u
UEM@@ME;
r$E@;F
RSWjEFE;u
GE;s3+M
OM;s0+
|E@E;E
;Er_^[]
PG|,QR
PEQRPhH[
UEM@@ME;
GE;s3+M
OM;s0+
PQSRN}
|E@E;E
;Er_^[]
PG|,QR
PEQRPhH[
UEM@@ME;
GE;s1+U
GE;s)+
U;UrE@E;E
;Er_^[]
PG|,QR
PEQRPhH[
UEM@@ME;
3EEfBff
GE;s1+U
GE;s)+
U;UrE@E;E
;Er_^[]
PG|,QR
PEQRPhH[
UEM@@ME;
3EEfBff
uS4u;sg
;r[_^]
E;s4+U
RPSQR3
UM;slJ
H9EuwE
;EsoMI
;ErMAM;M
M;s0d$
;Er_^[]
?_^3[]
PG|,QR
PEQRPhH[
UEM@@ME;
3U~\d$
u#UB;V
uS4u;sh
;r[_^]
E;s4+U
UM;smJ
H9EuvE
;EsnMI
;ErMAM;M
;Er_^[]
?_^3[]
PG|,QR
PEQRPhH[
UEM@@ME;
3U~\d$
u#UB;V
PG|,QR
PEQRPhH[
UEM@@ME;
;]r_[]
PG|,QR
PEQRPhH[
UEM@@ME;
;]r_[]
PG|,QR
PEQRPhH[
UEM@@ME;
r$E@;F
PG|,QR
PEQRPhH[
UEM@@ME;
r$E@;F
fEC,fuEu
_^2[]
H H(H,H0H8H<J
HlHPHL
O$PG(PF4
^P^SW3;u
_(9_$u
G(O Vh
W(G$VRG
^_[US]
Wu)N$S
F0F,V(+{
F(;r)K
V4P+QR6
+WPF4P6
~0_N,^3[]
^09F0u
N,_^3[]
UEMRPQ
Oh;O\sPI
fLWpGhOh
3fTOpGh9Ghr
+OhfTOpGhB
E;r+Oh
WhMfLWpGh}
G`POpQj
GlOlGP
RW`GXPQOd
QDWpPj
OHtE;s'
OHt@;s"}
U+UOD;vI+
M+MW@M
}+9Mt$U
t,N$t%@4t
V(F$QRF
?}tTM\
J}u_^[]U Vu3
4Bft5f
DU@fDU3
Mu_^[]
IRj_[]
@PAQBR
U]tz+4@m
+;~PffH
+;~VffH
^8^<^@@Jt
_^3[_^[
F$V(RLu
[_2[UU
C$S(KuT{(
U<SVWM
H4UPLM
HPUMHT
HXEx<E
u^;s?+
U9Us?;us:U
Ex<_^X8Q
EEEEEEEE3t
FfDMLM@;r
3t&f<F
FfDUTU@;r
tEHt Exc
U<_^[]
#u#u;u
;Us"tU
UVWS|$
+t~:D5
uX[_^]
name.key
\secrets.key
sign.key
kernel32.dll
CreateFileW
\explorer.exe
GetFileAttributesW
user32.dll
GetWindowTextA
OLLYDBG
wireshark.exe
dumpcap.exe
idag.exe
vmwaretray.exe
\\?\globalroot\systemroot\system32\vmx_fb.dll
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
SystemDrive
Software\Microsoft\Windows NT\CurrentVersion
InstallDate
SYSTEM
%s!%s!%08X
software\microsoft\windows nt\currentversion\winlogon
software\microsoft\windows\currentversion\run
userinit
software\microsoft
Global\
\svchost.exe
iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.exe|
\winlogon.exe
sysinfo.log
scr.bmp
minidump.bin
%d.%d.%d.%d
%dd %dh %dm
CLOSED
LISTEN
SYN_SENT
SYN_RCVD
FIN_WAIT1
FIN_WAIT2
CLOSE_WAIT
CLOSING
LAST_ACK
TIME_WAIT
DELETE_TCB
netstat
{Proto
Local address
Remote address
taskmgr
Process name
[System Process]
netuser
Software\Microsoft\Internet Explorer\TypedURLs
IE history:
DAN NLD NLB ENU ENG ENA ENC ENZ ENI FIN FRA FRB FRC FRS DEU DES DEA ISL ITA ITS NOR NON PTB PTG SVE ESP ESM ESN TRK PLK CSY SKY HUN RUS GRE ALL
{BotVer:
{Process:
{Username:
PROCESSOR_IDENTIFIER
{Processor:
{Language:
%dx%d@%d
{Screen:
dd:MMM:yyyy
{Date:
HH:mm:ss
{Local time:
%c%d:%02d
{GMT:
{Uptime:
{Windows directory:
{Administrator:
links.log
\History.IE5\index.dat
\Opera\Opera\typed_history.xml
avast.com
kaspersky
eset.com
antivir
virustotal
virusinfo
z-oleg.com
kltest.org.ru
trendsecure
anti-malware
.comodo.com
google.com
Dnsapi.dll
DnsQuery_A
DnsQuery_UTF8
DnsQuery_W
Query_Main
ws2_32.dll
getaddrinfo
gethostbyname
inet_addr
qwrtpsdfghjklzxcvbnm
eyuioa
1676d5775e05c50b46baa5579d4fc7
!verif
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
/login.php
6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9
6d3ad29879a90b4dd1b4f76e82166ca3
data.txt
ntdll.dll
ZwQuerySystemInformation
Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}
Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
Global\HighMemoryEvent_%08x
explorer.exe
Shell_TrayWnd
00000000000888888888@@@@@@@@HHHHHHHHPPPPPPXXXXXXXXXXXX`````hhhhhhhhhhpppppppppxxxxxxxxxx
000000000000000000000000@@@@@@@@@@@@@@@@PPPPPPPPPPPPPXXXXXXXXXXXhhhhhhhhhhhpppppppppxxxxxxxxxxxx
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
taskmgr
default
DefWindowProcW
DefWindowProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefMDIChildProcW
DefMDIChildProcA
CallWindowProcW
CallWindowProcA
RegisterClassW
RegisterClassA
RegisterClassExA
RegisterClassExW
PeekMessageW
PeekMessageA
OpenInputDesktop
OpenDesktopA
OpenDesktopW
SwitchDesktop
MessageBeep
FlashWindowEx
GetCursorPos
SetCursorPos
GetMessagePos
SetCapture
ReleaseCapture
GetCapture
Winmm.dll
PlaySoundW
PlaySoundA
sndPlaySoundW
sndPlaySoundA
Kernel32.dll
Gdi32.dll
SetDIBitsToDevice
SetThreadDesktop
static
Content-Length
http://
NSS layer
https://
Referer
Content-Type
HTTP/1.
Transfer-Encoding
chunked
Connection
Proxy-Connection
identity
Accept-Encoding
If-Modified-Since
nspr4.dll
PR_Write
PR_Read
PR_Close
PR_OpenTCPSocket
PR_GetError
PR_SetError
PR_GetNameForIdentity
UserAgent
[[[URL: %s
Process: %s
User-agent: %s]]]
Accept-Encoding:
Crypt32.dll
CertVerifyCertificateChainPolicy
Wininet.dll
HttpSendRequestA
HttpSendRequestW
HttpSendRequestExA
HttpSendRequestExW
InternetQueryDataAvailable
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetCloseHandle
set_url
data_before
data_end
data_inject
data_after
microsoft.public.win32.programmer.kernel
\iexplore.exe
keygrab
%02u.bmp
***************************
***************************
[/pst]
GetClipboardData
\\.\PhysicalDrive%u
AppEvents
Console
Control Panel
Environment
Identities
Software
System
/topic.php
keylog.txt
passwords.txt
%s%u.zip
-----------------------------
Content-Disposition: form-data; name="pcname"
-----------------------------
Content-Disposition: form-data; name="file"; filename="report"
Content-Type: text/plain
RtlUniform
TranslateMessage
GetMessageA
GetMessageW
as743vgk0odastr
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: http://www.google.com
Content-Type: multipart/form-data; boundary=---------------------------%s
www.bing.com
www.microsoft.com
Content-Length:
RtlFreeHeap
id=1&post=%u
frd.exe
!kill_os
&ret_val=ok
/faq.php
!activebc
&activebc=ok
!deactivebc
&deactivebc=ok
&load=ok
!inject
&inject=ok
!new_config
&config=ok
id=%s&ver=4.2.5&up=%u&os=%03u&rights=%s<ime=%s%d&token=%d
\chrome.exe
--no-sandbox
\java.exe
\javaw.exe
\javaws.exe
\opera.exe
\firefox.exe
\maxthon.exe
\avant.exe
\mnp.exe
\safari.exe
\netscape.exe
\tbb-firefox.exe
\frd.exe
\isclient.exe
\ipc_full.exe
\intpro.exe
\cbsmain.dll
\clmain.exe
\core.exe
\rundll32.exe
\notepad.exe
%s.dbf
%s.DBF
j_username=
j_password=
pass.log
command=auth_loginByPassword&back_command=&back_custom1=&
edClientLogin=
edUserLogin=
edPassword=
&LOGIN_AUTHORIZATION_CODE=
action=auth&np=&login=
CryptoPluginId=AGAVA&Sign
login=
password=
&ctl00%24MainMenu%24Login1%24UserName=
&ctl00%24MainMenu%24Login1%24Password=
advapi32.dll
CryptEncrypt
WSASend
WSARecv
name=%s&port=%u
/home.php
A B V G D E E J Z I Y K L M N O P R S T U F H C CHSHSH Y E YUYAA B V H G D E JE J Z Y I YI J K L M N O P R S T U F X C CH SH SH YU YA
path.txt
keys.zip
Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
%s\%02d.bmp
Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
\private\
private.txt
\public\
public.txt
\*.key
\self.cer
\@rand
\ABONENTS*
crypto
self.cer
self.pub
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
ctunnel.exe
ctunnel.zip
path_ctunnel.txt
found.
header.key
keys99
\header.key
masks2.key
\masks2.key
masks.key
\masks.key
\name.key
primary2.key
\primary2.key
primary.key
\primary.key
keys99.zip
path99.txt
\crypto\
\micros~\crypto\
\maxthon3\public\
\microsoft\crypto\
\crypto pro\
\progra~1\crypto~1\
\temporary internet files\
:\users\public
\ryptopro
\cryptokit\
:\progra~1\common~1\crypto~1
bsi.dll
&cvv=&
&cvv2=
&cvv2=&
&cvc=&
&domain=letitbit.net&
cc.txt
Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}
prv_key.pfx
sign.cer
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
FAKTURA
sks2xyz.dll
vb_pfx_import
Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}
BEGIN SIGNATURE
END SIGNATURE
secret.key
pubkeys.key
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}
path1.txt
inter.zip
interpro.ini
DefaultPrivateDir
General
Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}
cbsmain.dll
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
&txtSubId=
&txtPin=
ebank.laiki.com
pass.txt
Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}
OFFSHORE
w.qiwi.ru
phone=
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}
FilialRCon.dll
RCN_R50Buffer
ISClient.cfg
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}
rfk.zip
client.zip
path_client.txt
\SIGN1\
path_keys.txt
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}
RSTYLE
Agava_Client.exe
UseToken
Containers
KeysDiskPath
Agava_Client.ini
Agava_keys
keys_path.txt
stf.zip
mespro.dll
AddPSEPrivateKeyEx
core.exe
data\id.dbf
\data\id.dbf
keys%i.zip
path%i.txt
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}
login.yota.ru
IDToken1=
IDToken2=
YotaConfirmForm%5Bpassword%5D
pass2.txt
Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}
IsWow64Process
*SYSTEM*
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
kernel
waveOutOpen
winmm.dll
1234567890QWERTYUIOPASDFGHJKLZXCVBNM
ct_init: length != 256
ct_init: dist != 256
ct_init: 256+dist != 512
inconsistent bit counts
not enough codes
too many codes
bad compressed size
ct_tally: bad match
bad d_code
invalid length
output buffer too small for in-memory compression
bad pack level
insufficient lookahead
no future
wild scan
more < 2
RFB 003.006
LibVNCServer 0.9.7
unknown
%s (%s)
My Documents
Network Favorites
%02d/%02d/%04d %02d:%02d
No authentication mode is registered!
Your viewer cannot handle required authentication methods
password check failed!
SCardConnectA
SCardEstablishContext
SCardFreeMemory
SCardDisconnect
SCardListReadersA
SCardReleaseContext
WinSCard.dll
IsNetworkAlive
SensApi.dll
GetTcpTable
IPHLPAPI.DLL
MiniDumpWriteDump
dbghelp.dll
strstr
calloc
malloc
_snprintf
_strrev
strtol
isdigit
sprintf
strncpy
fwrite
realloc
fclose
isprint
strchr
MSVCRT.dll
GetModuleFileNameExA
PSAPI.DLL
NetApiBufferFree
NetQueryDisplayInformation
NETAPI32.dll
DnsFlushResolverCache
DNSAPI.dll
HttpQueryInfoA
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetSetStatusCallback
InternetQueryOptionA
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetCheckConnectionA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
WININET.dll
WS2_32.dll
SHGetFolderPathA
ShellExecuteA
ExtractIconExA
SHFileOperationA
SHGetSpecialFolderPathA
SHELL32.dll
StrStrIA
PathFileExistsA
PathFindFileNameA
PathAddBackslashA
StrStrIW
StrToIntA
PathMakeSystemFolderA
PathAppendA
StrCmpNIA
StrNCatA
StrStrA
StrChrIA
SHLWAPI.dll
RtlImageNtHeader
RtlCreateUserThread
ntdll.dll
GetVolumeInformationA
GetSystemWindowsDirectoryA
GetModuleFileNameA
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
IsDebuggerPresent
GetTickCount
GetEnvironmentVariableA
GetCurrentProcess
AddVectoredExceptionHandler
GetCurrentThreadId
GetCurrentProcessId
GetSystemDefaultLangID
Process32First
GetTimeFormatA
GetDateFormatA
OpenProcess
GetTimeZoneInformation
Process32Next
CreateToolhelp32Snapshot
WaitForSingleObject
LoadLibraryExA
ReleaseMutex
lstrcpynA
GetTempFileNameA
WaitForMultipleObjects
GetTempPathA
GetSystemTime
CreateFileA
SetFilePointer
MoveFileExA
SetEndOfFile
SetFilePointerEx
UnlockFile
LockFile
WriteFile
IsBadWritePtr
ReadFile
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
DeleteFileA
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
SetErrorMode
SetEvent
OpenMutexA
lstrcpyA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
GlobalLock
GlobalAlloc
CreateProcessA
MultiByteToWideChar
GlobalUnlock
GlobalFree
CreateThread
HeapCreate
lstrcmpiA
OpenEventA
lstrcmpiW
OpenFileMappingA
CreateMutexA
GetComputerNameA
lstrlenA
CreateEventA
GetVersionExA
ResetEvent
GetCommandLineA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
GetDriveTypeA
SetThreadPriority
SetCurrentDirectoryA
GetLogicalDriveStringsA
CopyFileA
GetCurrentDirectoryA
GetProcessHeap
HeapValidate
HeapSize
GetCommandLineW
ExitThread
MoveFileA
WinExec
TerminateThread
FindNextChangeNotification
FindFirstChangeNotificationA
lstrcmpA
CloseHandle
FlushInstructionCache
InterlockedExchange
VirtualAlloc
GetThreadPriority
VirtualProtect
WideCharToMultiByte
GetVersionExW
GetFileAttributesA
GetFileAttributesW
GetShortPathNameA
GetPrivateProfileStringA
VirtualQuery
VirtualFree
CreateRemoteThread
GetProcessTimes
Module32First
GetHandleInformation
VirtualAllocEx
LoadLibraryA
Module32Next
LocalFree
WriteProcessMemory
SwitchToThread
FileTimeToDosDateTime
GetFileSize
SystemTimeToFileTime
GetLocalTime
LocalAlloc
GetFileType
GetFileInformationByHandle
FindFirstFileW
FileTimeToSystemTime
CreateFileW
lstrlenW
FindNextFileW
KERNEL32.dll
CharUpperA
FindWindowA
GetSystemMetrics
SetCaretBlinkTime
SetThreadDesktop
GetThreadDesktop
ReleaseDC
GetShellWindow
GetWindow
DestroyIcon
SetClipboardData
OpenClipboard
GetDesktopWindow
EmptyClipboard
GetIconInfo
RegisterWindowMessageA
SendMessageA
WindowFromPoint
DrawIcon
CreateDesktopA
GetTopWindow
CloseClipboard
SendMessageW
IsWindowVisible
IsWindow
GetLastActivePopup
PostMessageW
IsIconic
MapVirtualKeyW
IsRectEmpty
GetClassLongA
GetWindowThreadProcessId
MapWindowPoints
PostMessageA
GetMenuItemInfoA
SetWindowPos
SendMessageTimeoutA
GetWindowLongA
GetAncestor
GetWindowInfo
GetParent
GetWindowRect
GetSystemMenu
DefWindowProcW
EndMenu
HiliteMenuItem
DefMDIChildProcA
GetCursor
GetMenuItemCount
DefMDIChildProcW
DestroyCursor
DefWindowProcA
GetMenuState
CopyIcon
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
GetSubMenu
SetKeyboardState
GetMenuItemID
OpenDesktopA
GetUserObjectInformationA
PrintWindow
WindowFromDC
SetLayeredWindowAttributes
EnumChildWindows
RedrawWindow
GetWindowRgn
SetClassLongA
SetWindowLongA
GetScrollBarInfo
MoveWindow
DialogBoxIndirectParamA
SetWindowTextA
ShowWindow
EndDialog
GetDlgItem
CreateWindowExA
GetWindowTextLengthA
GetClientRect
LoadIconA
AttachThreadInput
DestroyWindow
wsprintfA
PtInRect
GetFocus
RealChildWindowFromPoint
GetClassNameA
GetCursorPos
GetWindowTextW
GetOpenClipboardWindow
GetActiveWindow
GetWindowTextA
GetGUIThreadInfo
GetKeyboardState
ToAscii
FindWindowW
DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetWindowDC
USER32.dll
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GdiFlush
GetDIBits
CreateDIBSection
DeleteDC
CreateRectRgn
OffsetRgn
SelectClipRgn
SetViewportOrgEx
GetViewportOrgEx
BitBlt
GetClipRgn
GetObjectA
CreateFontIndirectA
GDI32.dll
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
RegCloseKey
RegSetValueExA
RegFlushKey
RegDeleteValueA
RegEnumKeyExA
RegNotifyChangeKeyValue
OpenProcessToken
GetTokenInformation
RegDeleteKeyA
ADVAPI32.dll
memcpy
memset
_except_handler3
>?456789:;<=
!"#$%&'()*+,-./0123
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
;3+#>6.&
'2, /+0&7!4-)1#
O/o _?
$Id: dbfopen.c,v 1.48 2003/03/10 14:51:27 warmerda Exp $
Desk_%u%x
-xFS]
!nuca?B
h2A co*SSFQ37
JD4?'
gTC/L7dkto
;EOUhq_
S@9':] " ^znztV=
'h?c ,Z
D"N47T0h|-
qX_Ro.)}eM2UY.
[rPfmV8Q
t[jq+a:U
k"_}1I{D7
n3r4Nnf
||~hYk
.Y+t~2MlUj
sI)79B
MSCTF.Shared.MAPPING.%x
.current
MSCTF.Shared.MUTEX.%x
0@0G0u0000000000
1,1=1J1U1d11111111#2@2G2s2}22222222'313;3n3x333333
4-4i444444&5x5555555
6C6|666666666666666
767F7L7x77777777
8 8&8_89!:J:U::
K88888s9999&:q::::
;4;v<======
0192222222222
3,333=3D3a3q3v33333333
4(4/444444444
5!5555555555
6)6W6^6h6666666
7+727<7F7Z7`777
8'8,8;8D8W8f8o8|8888888888
9'9D9M9U9[9`9k9r9{999999999999
:6:P:W:e:::::::;;;
<-<6<R<c<j<<<<<<<*=0=G=b=s=z======
>">^>e>>>>
?"?(?1?J?b???????????????
0"0L0\0p000
1 1'1_1r111111111
202@2O2_2e2q22222
3)3b3i333333333$4=4[4d4444444
5g5n55555
6F6X6j6z66666666
7!7I7w77777777
8&868V8c8j8x88889
:0:7:H:r:y::::::
;";q;;;;;;
<g<z<<<<<<<
=c=v=======[>b>s>>>>
? ?'?0?9???Q?~?????
!0(090J0Y000000&1-1>1O1^11111
2.252F2S222222G3Z3333333>4Q4{444444455H5r5y5555555555
6G6Z666666
7,7X777777#8_8888888
9 909\9999999!:(:\:b:m::::
;*;0;9;O;\;{;;;
<%<5<J<n<<<<<<4=C=X=e=|========
>&>2>>>J>V>b>n>z>>>>>>>>>>
?"?.?:?F?R?^?
0.0R0]0r0|000000000000000
1 1&1.181@1I1S1e11111
3X3_3333333
4"4:4U4^4v44444$575b5w555555*666
7$71777
8 8>8E8O8V8e8
8888888U9\9|9999
:0:>:::::
;\;c;;;;
<!<'<B<f<p<<<<<
0 040E0K0P0000000051{1111111
2H2f222222
3*313Q3b3r33333=4D4k4|44444`5g5555555
6/6>6L6S666666
7'7.7J7Q7~77777777#8H888
9D9999
:l:}:::/;6;u;4<x<
<<<<<<<
=#=0=a=f=u=========
>J>Q>[>v>{>>>>>>>>
? ?)?/?W?e?o??????????
0'0,060?0J0Q0V0t0000000
1+151?1X1^1n1x111111111
2*282Y2h2s2x222222
3 343<3A3F3L3S3u3333333333333333
4)4.464C4^4g4p44
5"5R5555555555 6'6N6X666R708A8M8k8p888U9
:%:1:G:M:S:[:
<1<9<D<N<T<\<b<k<q<z<<<<<<<<<<<<<<
=7=A=I=O=\=m=====(>2>;>A>T>Z>b>q>y>~>>>>>>>>
?.?B?I?N?f?w?}????????????
0)0/080W0d0o0u0000000000000
1#1(1;1E1L1R1^1e1k1r1x1
111112222
3)353>3D3R3|3333333
4"454D4c4i4p4z444444444
5$5*50585?5E5_5y555555
63696@6J6W6i6o66666666666666#7-747>7I7X7888
9;9L9S9\9o9z99999999
:#:F:`:s:z:::::::
;-;:;J;Y;a;p;};;;;d<h<l<p<t<x<<<<<<<
=8=?=F=_=l======
>(><>E>g>t>x>|>>>>>>><?B?H?a?l?w????????????
0<0D0Q0\0c000000
131L11111
2+2222U3h3
4$4(4,4044484<4@4D4H4j4r44444444
5j5t5555
646S6g6{66665888888
9/9<9N9f9s999999
:.:7:=:G:M:w::::::::::::
;$;*;C;T;a;s;{;;;;;;;;;;;;;;;
<;<J<b<o<<<<<<<
=;=J=b=o=======
>;>J>b>s>>>>>>>
?;?J?b?o???????
0;0J0b0s0000000
1%1.191H1\1c1k1r1z1111111111
2 2<2K2h22222
3%393?3J3U3a3h3}333333333
4(454H4U4h4u444444444 5/5E5U5u55555555555
6%6*606R6Y6k6z6666666666
7#7-72787b7i7}7777777+818H8\8888888888
9 9I9h99999
: :Y:^:d:i:s:y:
:::::::::::::
; ;);6;E;S;Y;c;};;;;;;;;;;;
< <(<5<:<@<I<N<T<d<s<<<<<<<<<<<<<<
='=7=<=G=W=\=g=w=|=============
>'>7><>G>W>\>g>w>|>>>>>>>>>>>>>
?'?7?<?G?W?\?g?w?|?????????????
0 00050@0P0U0`0p0u000000000000
1!1F1T1^1n1u11111
262V2x222222222
3.343:3?3D3W3f3y333333
484A4T4d4x44444444
5 5)505H5Y5d5j55555555555
6-686H6666666666
7*7@7F7f77777777
8-8C8M8S8g8888888P9i9
:1:K:f::!;;;;;
<3<E<L<W<<<<+=9=E=R=s=z=====
>#>*>9>N>>>>
?,?9?@?O?d???
>0t0000000
1 1c1l1r1z11111111111
2%2+2D2J2R2Z2i2n2t22222222
3e3333333333
4!4E4R4b4u4444444444
5+595F5L5U5[5`5m5z55555555555
6"6/6>6J6O6Y6`6g6u6666666666
7;7B7I7]7r7777777777777
8&8+83888Z8e8k8p8{8888888888
9'929<9K9^9q9z9999
:#:':H:q:::::::
;#;4;N;q;{;;;
<,<5<?<E<g<q<{<<<<<<<<
=%=:=r========
>$>8>>>T>{>>>>
?-?T??????
000000000
11111&222T2\2222222234444
5 525B5U5e5k5w555555588799::;;;;I<<p==/>>>>F?c?u??
00f1m11
2P2W2c2j22223444p5w55555
6"6D6f6667777/8R8j888
969s9~99999
; ;D;7<k<~<<<<<
=#=.=:=?=J=V=[=f=r=w=========
>;>B>>
?'?e?q??????
C0u000000
1Y1p1111111111 2$2?2F22222
3S3]3334l44$5+585?5X555555l6t6666
7D7o777.8~88888888
9)9J9]9x99
:&:M::::::
;6;];;;;;o<{<<<'===c===L>>>
? ?/?f?l?{???????????????
0#0/040?0K0P0[0g0l0000
1$1)1U1Z1s1111111111
2E2J2222273F3\3b3k3x33333
4>4E4t444
6*616?6R6j6p6w666666667H7X7a7h7x7777777778
9#9a:h::::T<[<h<o<<<
=y=======
>8>N>>>>
?5?E?Y?i?x????????
0.090E0Q0000002181B1_1f1m1|1111111111
2"252O2U2s222222
3%3+3^3i3n3333
4c44444
5(5k5}55555>6r666666666 7.747N7S7777
8i88888
9R9c9s9999999999
:Q:`:s:::::
;,;2;;;;;;
<8<?<G<m<t<z<<<<<<<<<<<
=p=t=x=|====[>p>>>>>>
?@??????
:0J0e0w000000
1*1w1~11111111111111
2;2B2H2R2X2h2p2v2|22222
3(3C3q3x333333333
4o444444
5Q5]5m555555555-6h666666
7\777777748A8G8M8R8d8{88888-949[9d9999
:n:s:::::>;C;;;;;;7<D<W<d<n<t<z<<<<<<<<<<
=3=:=g=s=======
>->4>[>a>>>>>
?^?e??????
*060000000&1Z1f1112292\222
3<3333/464t4444!5y555555+676G6O6U6`66
7T77777777
8(868;8M8{88888,9M9]9l9|9999999994:t::::::
;?;L;[;e;t;;;
<,<g<x<<<<<<
=7=F=Y=v={====
>@>h>o>>>>>>>>>>%?+?D?K?[?o???????
0*0A0G0V0h00000%111A1g1t111111111111111
2!2i2n2v2}22222222222222
3&333?3D3O3[3`3k3w3|333333333333
4&42474C4g4s444444444
5"5'525>5C5N5T5Y5^5c5{555555555555
6*6<6L6S6l6v66666
7Z7`7h77777
8-858:8M8T8^8{8888888
9Z9`9h9q99999
:#:,:d:z::::::::
;4;J;Q;_;p;;;;;;;;;
<%<z<<<<<<<<
=4=A=G=O=d=o=====
>+>@>F>e>n>>*?0?8?P?h??????
01060A0{000000
1z11111111
232T2a2g2o222222222
3.3C3J3T3^3c33333333*40494B4g4p4444444i5p555555555
6@6H6]6u6666666+777G7V7c7777777
8 8-878J8R8[8e8o88888888888
9'9,9B9L9j9{99999999
: :6:T:e:k:w:::::::::::
;$;:;P;f;|;;;;;;
<,<B<m<u<
=F=Q=|======
>)>T>_>>>>>>
?,?7?b?m?????
010J0T0j0|000000
1"121Q1`1y1111111111
2,262N2_2g2t22222222222
3;3I3_3s3y3333333
4T444444
5 5&5R5555555
6 6166666
7N7q777777777
8'8J8P8e8k88888888 9'9,939j9999999
:":D:K:U:_:e:q::::::::::
;B;|;;;;;
<<<]=e===
?L?d???????
0-0S0a0p0w000
3G3Z3`333333
4#4+44
525D5I5P5]5k5r555555
6+626Z6`6h666666666
7:7@7H7p7z777777777
8>8R8d8i8p8}8888888
9 9-92999Z9`9h999999::::::
; ;-;2;9;Z;`;h;;;;;;;;;;;
< <(<I<S<k<~<<<<<<<<<<<
=%===N=T=`=p======D>^>e>>>
?5?O?v?????
0/0V0000
1+1B1i1111
2/2F2m22222222
3'3,373C3H3S3_3d3o3{3333
4?4F4L4r44444<55555555
6k6w6~66666
8 8,8N8h8888888
9!969<9B9P9`9l9
999999999E:^:m::::::::::
;);W;^;h;;;;;;;
<+<2<<<F<f<l<y<<<<<
=4===B=T=u=~======
>)>6>V>[>x>
>>>>>???
0z071L1o1111111
2 2%2,2H2Q2V2\2g2p2v2222222
3I3P3h3t3{33333334>495V5]5555s6z66
:::;;;;;;;;"<3<9<><w<<<<<
=#=4=:=?=
=========->3>;>l>>>>>>>>>>
?"?3?9?>?????????
060B0P0X0a0g0n0s00000000000000
1+191A1J1P1W111111111
2!222R2f2l2q22222222
3 3'3-333J333333333
4'4;4M4R4X4]4b4444444$575=5B5y55555555555
6"6(616M6U6f6m6r6w6}6666
7"73797>7}777777777
8$8*8J8P8X8m8w8
888888888>9R9c9i9n999999999
:#:):.:g:q:y::::::::::-;3;a;g;n;x;;;;;;;;;!</<4<A<I<O<l<~<<<<<<<<<<
=%=Y=r=========
>[>b>h>p>>
*01000K1Q1Z1c11
2`2i2w22222222222
33333333
4,4@4q4w4
5M5S5[5w5555555
6"6X6c6z666666666666!7&757E7[7s77777777777
8 8&8.8R8`8f8k88888888
9.9M9_9p999999999
: :3:r:::::
;/;<;;;;;;;;h<<<<
=#=?=j=w========
>!>(>;>A>>>>>>>
?&?-?@?F???
!0U0000$11171R1`1f1k111111111
2$2:2@2H2W2`2j2p2222222222
363>3M3T3j3p3x3333333333
4#4*4=4D4L4f4n4}44444444444
595L5T5c5j5}55555555555
6#61676<6p6}66666666666
7"717;7E7K7b7p7v7{777777777
8-848J8P8X8a8p8y88888888
9!9*939B9S9Y9^99999999::@:I:R::::::
;!;/;>;M;Z;f;r;;;;;;;;;;
</<7<D<X<i<}<<<<<<<
=$=)=0=]=f=======
> >*>B>S>Y>r>y>>>>>
?#?)?/?<?H?V?b?t????
0@0J0b0s0000000
1'1.1;1S1]1d1i1x111
2!2j2}2222
3%323@3R3`3f3k33333333*404W4e4k4p44444444*50555
6c6v6|66666666
7*7R7c7i7n77777777
838M8W8h8o888888888
979@9N9_9f9{99999999%:2:=:G:L:e:v:::::::::
;E;X;_;l;;;;;;;;;;
<*<0<8<M<Z<_<q<<<<<<<<
= =(===J=q=v========@>I>W>h>o>>>>>>>>>>R?X?e?k?p?~????????????
0$0.0Z0m0|0000000000
1"1(121D1L1V1`1q1x11111111
2'222<2R2t2y2
2222222!3'3/3B3[33S44444444
5'535A5I5R5X5_5d5z55555555555555
6)616:6@6G6L6[6b6k6{666666666
7?7F7S7\7d7u7|7777777
8G8P8^8o8v88888888859B9M9W9\9u99999999999
:<:S:X:h::::::
;4;D;Y;i;;;;;;;
<(<-<8<=<H<M<X<]<h<m<x<}<<<<<<<
=5===N=U=j=p={=====
>&>->>>>>>>>>>
?2?F?L?Q?????????
0*0|000000000
14191?1D1I1
1111111
2+222e2v2222222222
3R3c3i3n333333333
4C4Q4W4\4444444444
5,5?5i5z5555555
6H6Y6l6{666666666
7-727B7R7^7r7}777777
8 8&8;8A8_8p8w8}88888
9+919W9b9l99999999
:S:]:e:v:}:::::::::;@;L;;;;;;;
<2<8<A<\<i<<<<
="=3=:=z======
>G>P>^>o>v>>>>>>>>>Y?f?t?|????????
0 0'090J0l0q00000000
1$1)1/14191k11111111
2N2V2`2x222222
3'383?3Z3`3r3333333
4!4(4:4K4j4r44444444444495>5M5\5r5555555/696A6R6Y6f6~666666666
7+7C7U7Z7`7e7j7777777
8$8)808]8r8888888
9)989B9L9d9u999999
: :&:;:A:_:p:w:}:::::
;";3;8;>;C;H;k;|;;;;;;;;
<*<0<8<M<Z<o<y<<<<<<
="=5=;=B=u=~==========
>2>C>I>N>>>>>>>>>>
?0?_?j?v??????
0/060K0Q0o0000000
1/1Q1\1f1|1111111
2 2.242B2I2R2[2x2
22222222
3(30393H3[3`3i3s3"43494>4y444444444
5%5,535s5}55555555"6>6[66666666
7x7777
8$828C8I8N88888888888B9r999999999
:::::::
; ;+;8;b;s;y;~;;;;;
<%<,<><O<X<d<t<<<<<<
= =&=;=A=_=p=w=}=====
> >A>L>V>l>>>>>>>>>
?-?2?8?=?B?r?????????
0/0@0G0M0S0j000000
1&1<1^1c1i1n1s11111
2 2G2L2T2_22222:3@3I3R3f33333333"434:4z444444444
525E5L5S5555555555B6^6{66666
7-7:77777777
8O8U8]8r888888)969D9L9U9^9{999999999":5:<:C:w::::::::::
;';?;P;i;;;;;;;;;
<D<b<s<y<~<<<<<<?=N=b=s=y=~===
>j>y>>>>>
?#?+?T?e?k?p??????
0<0A0P0e0{00000000
111D1b1s1z1111
2!22292F2^2i2r2y2222222
323<3F3P3a3h3z3333333
4 4%4*4g4~44444
6+626\6b6r66666
7K7k7r777777718W8]8c888809B9O9U9^9q9
99999#:V:d::::::
;F;b;h;~;;;;;;
<D<K<o<<<<
=E=L=p====A>P>>>>>
0 0%0.050>0F0i0u000000
1!1k1v1111111=222
3!3J3[3|333333
4?4E4{44444;5W5e55555*6b6s666666666
7H777:::
;M;`;o;;;
6'69666
789M::;;
0L0Z0h0v011c23
3)3?3U3k333333
434=4C44445V6p66
7^777777Q8888
979E9W9999::
;W;^;;;
<#<2<<==*>?>L>
M1T182?2L2S2Y2e2u222T3k3z33333
4 4/4;4K4P4444
595B5H5a5
55555%6;6_6n6666
99"::::;;;*<4<><H<R<\<f<p<<)====1>t>|>>>>>>>>>>>>>>>>
?"?(?0?7?|?????
1T11422
3(4}44Q5a5566v8a99/:: ;;;s==k>>>>
)0111111111111
2@2S2e2233<4D444^666
7;7V7n7t7
777777X8e8
:T::::
;/;5;B;K;T;Z;g;p;
>:>r>>>>>>>
S0Z0`0k0w0
00000000
111D1Y1111Z222
33*4j44444
66666&7d7/8\8u888
99::K;j;s;;;;$>>
1-2222L3Q3]3d334I6666j77777
8!81888d993:A:k::y;;;W<{<<<4=a====
>7>>>d>>>l??
0r00D1W1111
3,3u333333333333333
4H4%55557,99F::V;;[<|<<<
=B============
1122i3s3355f6666666
99O;;<<2=f===$>>>
I0'1:1T1e1194j4~444
5'5555u66B7Y7`77 848G888
9)9b99999999:::1;F;[;;;;0<E<<<
>->:>v>>>>>>>S?Z?`?k?w?
0*020F0q0w0
101611B2d223344559:F:T;a;b<<
122C2B3f37
88$9299B:c:/;;9<J>>
0#112-3555566666
7#7w7748-999#;J=
4:::::::::::
;P;c;u;;<<L=T===??????????
00s222222222233b5555555555v666;X<<9==>>>>>>>
S0d0m0~000000000000
1 1(161?1M1V1d1i33 4'464@4T4c4r4|44444444
4i445W6666#7&8585<==
%4N4]477
0(060B0M0
1>1h1111
2 2.2722222333333}45==x>>>>>>;?I?q?z????
1*161111122
35:e:::
;I;U;;;;;
<4<d<<|====
?j?t???
66H7V7d7r777
8@8I8x888J9999
:k:u:::l;;;;;
2%33333
4j4~44444$55<6F6Z6f666667*848B8K8>>5?C?Q?_????
0$0-0\0s00>1111
2|222233
4E:u::
; ;K;W;;;;;
<3<x<<====<>F>[>d>c?????
1E11111
3>33`4j4z4444
55I6S6a6j67
8888888O9c99999
::0;:;J;V;;;;;<
=#=1=:=>>]?k?y????
030R0\0000g1
2+272222233333u55
6+696H6v6666
7K7c77'88888O9Y9k9t9B::::: >
{11w33)5D5R556779H<=?
4181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|11111111111111111&202@2>>
6%666U7g7<<<<<<
=E=p===>??????????
033o5v5558888 949:9B9
;,;8;D;P;\;h;t;;;
======
5,5@5H5L5P5T5X5\5`5d5h5l5p5t5x5|555555555555555??????????????????????
0 0$0(0,0004080<0@0D0H0L0P0T000
12253s335
$Id: dbfopen.c,v 1.48 2003/03/10 14:51:27 warmerda Exp $
K;j;s;
8 2003/03/10 14:51:
0000000
00000EN1d1\
99O;;<<2=f===$>>
K;j;s;
8 2003/03/10 14:51:
0000000
00000EN1d1\
99O;;<<2=f===$>>
K;j;s;
<2=f=E
Y,&tqa
}YL@}A
8 2003/03/1
KPKPKPv
K;j;s;
K;j;s;
K;j;s;
;j;&ts
j;s2=f
;j;&ts
PK;,c/
DS69D'
pass.txt
Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}
OFFSHORE
w.qiwi.ru
phone3
DS69D'
pass.txt
Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}
OFFSHORE
w.qiwi.ru
phone3
DS69D'
pass.txt
Local\{EAF339BF-89ea-4fe1-9e
L!This program cannot be run in DOS mode.
`%{`%{`%{i]a%{
b%{i]u%{`%z%{
Sa%{Rich`%{
`.rdata
@.data
.reloc
3WhxD@
_^[]_^
SSShD@
SSSSEPSSQ
URh,E@
@:u+W?
3_6MQh
U SV3Wu;
3EEEEEEj
EPhp @
_^[]UV39u
SVW3j@ESP];!
3SQ]EEE
MQURSSSSSSSPED
SVW3h$
KTEPQh
URUPWQR
@(E;|}uCPURh
t,MQWE
E_^[]U
U$VW=t@@
EPMQURV
t:UREPMQV
3EEEEEEEj
EPhp @
SVW3h
mE_^[]UjhR@
3QSSj&S
u;t2hM@
;t"]SE
SSShM@
TX\`dhlp
t0SDPj
^[]U`S3VSh
]]]E^DE
tAW=@@
SMQj(URV
MUSEPMj
SW=x@@
_[^]U4
W}}}}}
URhpN@
URURPA(=
uyMQhN@
RPA *}'E
QHWP3E5LA@
S3VWD$
D$ D$$D$(D$,j
P3hp @
0@:uD$0P
;t hE@
t)D$0HH
@:u|$0+OO
T$0RhN@
L$4Q$@
t$0PYL$
Q-;tDV
VD$4%3
L$4Q$H
;t hE@
L$0Qqh
U@+f=`A@
t=ehN@
fu@hN@
fu@hN@
UE}]MQ|E
x[h(O@
usEUR3u
URh8C@
P;|>h,O@
MU=XA@
uEEEPMU
EQ}UEq
EPRQOD
T$0RD$4
QSt$ t$$
T$,RVWS
u/MQREPj
SVW=p@@
Nwt\=>
tU=dotNh
3_^[]UVE
yd?BcsV
9F+Jb{h!kcF
iMX7e{
NKagj(hOTmR Mr
MuCuDY6Ag
2zQGWvB)
ADj\8PmC(
Ij5*WA z:L
&>Mb=LkI
<Gh^PF
*7R/mufO*}
mSwOR5o
L_}zi6
,RCfm&
\NOLLYDBG
wireshark.exe
dumpcap.exe
idag.exe
vmwaretray.exe
\\?\globalroot\systemroot\system32\vmx_fb.dll
SystemDrive
software\microsoft\windows nt\currentversion\winlogon
software\microsoft\windows\currentversion\run
userinit
\\?\globalroot\systemroot\system32\drivers\ntfs.sys
ntdll.dll
RtlUniform
kernel32.dll
IsWow64Process
kernel
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
server
idontknow
administrator
666666
12345678
soccer
abc123
password1
football1
fuckyou
monkey
iloveyou1
superman1
slipknot1
jordan23
princess1
liverpool1
monkey1
baseball1
123abc
qwerty1
blink182
myspace1
user111
098765
qweryuiopas
qwerty
111111
password
123456
Windows Defender
MpClient.dll
WDEnable
\\.\KmxAgent
____AVP.Root
\\.\pipe\acsipc_server
\AVG\AVG9\dfncfg.dat
\AVG\AVG9\dfmcfg.dat
\PrevxCSI\csidb.csi
BL09n@:
j`4bOND
PTue Aug 2 12:53:17 20112
winlogon.exe
explorer.exe
\apppatch\
svchost.exe
Tue Aug 2 12:53:17 20111
user32.dll
HARDWARE\DESCRIPTION\System
SystemBiosVersion
test_item.exe
SANDBOX
MALNETVM
VIRUSCLONE
test user
\sand-box\
\cwsandbox\
\sandbox\
_snprintf
strstr
_snwprintf
wcsstr
MSVCRT.dll
SHGetFolderPathA
SHELL32.dll
PathFileExistsA
StrStrIA
PathAddBackslashA
PathAppendA
SHLWAPI.dll
RtlImageNtHeader
RtlCreateUserThread
RtlAdjustPrivilege
ntdll.dll
IsDebuggerPresent
GetTickCount
GetVolumeInformationA
GetEnvironmentVariableA
GetModuleFileNameA
CreateFileA
SetFilePointer
MoveFileExA
lstrcpynA
SetEndOfFile
UnlockFile
LockFile
SetFileTime
WriteFile
IsBadWritePtr
ReadFile
GetFileSizeEx
GetLastError
SetFileAttributesA
GetTempFileNameA
GetFileTime
GetTempPathA
DeleteFileA
GetProcAddress
GetModuleHandleA
HeapAlloc
HeapFree
GetProcessHeap
HeapValidate
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
VirtualQuery
Process32First
VirtualFree
CreateRemoteThread
OpenProcess
CreateProcessA
Module32First
GetHandleInformation
VirtualAllocEx
LoadLibraryA
Process32Next
CreateToolhelp32Snapshot
Module32Next
CloseHandle
WriteProcessMemory
SwitchToThread
GetSystemWindowsDirectoryA
FreeLibrary
GetSystemTimeAsFileTime
GetModuleFileNameW
SetCurrentDirectoryA
MoveFileA
DeviceIoControl
ExitProcess
GlobalAddAtomA
GlobalFindAtomA
CopyFileA
GetCurrentProcessId
InterlockedDecrement
CreateFileW
GetVersionExA
KERNEL32.dll
FindWindowA
CharUpperA
PostMessageA
USER32.dll
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegFlushKey
RegCloseKey
OpenProcessToken
GetTokenInformation
GetUserNameA
ADVAPI32.dll
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity
ole32.dll
OLEAUT32.dll
_except_handler3
memset
memcpy
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
L!This program cannot be run in DOS mode.
`.data
.reloc
EZXE_]
F<W|0xu
D0|L7$U
;sz;rv3;.E
E;s[SVQ
3VEEEEEEE=h]
E^]U83VWE
EEEEEEh]
wPhJaPej@h
WTU}uMu
D0,~*HM
M}uM(Ju
uFP+V4RP;
h[Au0PV
EPIMQV
EEEEh]
E}uMMq(
PR[_hmPj
L!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
SWWWWjPWW
WWSVjPWW
t WWVh
t<WWVh'
3VVVVjWVV
3VVVVjWVV
EEEEEEE
;}r^3j
EEEEEEE
WStS_^E
E3EEEEEEj
;}r_3j
]EEEEEE
3t^VVVVjWVV
_^[]U,
_^[]_^
[]UDSVW
WSPQRN
K_^3[]
Ju_^3[]
\}tX]EU
JU:t.O3
x[_3^]
T8u_^[]
SVW rf}
+E3t0M
9u_^[]
QUVUKOu
3Jt-SVx#33
D$<L$<
D$<D$<y
IJuD$<@D$<
QSRVPt
MUP<6WQSRE
MUPWQSR
QPR3_^[]
USQPPR N
MESVQU
EMRUPQVR
u&ESWPM
UEQMRPWQE
Mv:u}$
MUPQVWRE
MUPQVWR't
F;ur_^3[]
WWWWURWWP
u'URUEPMQj
@u+;ru
^u4MQh
u'MQMUREPj
u'URUEPMQj
@uVW+OO
MQMUREPj
E]UQEPh
^UHSV5P
PSEu<WP
fD$8SP\$<p
L$0QVD$8(
L$\T$`D$d
T$8L$TQRhZ
]EMfU9]
VWUEPMQjh
@u}Gkd+
WURUPj
SSV]Sj
URPXQV
URPXQV
URPXQV
EPQXRV
URPXQV
URPXQV
URPXQV
3+P3+P39X
URPXQV
@u+EEE
URPXQV
^[]U8E
]EEEEEE
;}ra3j
]EEEEEE
EEEEEE
;urj3j
EEEEEE
EEEEEE
;}rj3j
]3EEEEEEEj
Ut[Vh
}tXM3It.$
<>http
}UFJ;r
}tZU3t.
<>http
VU}EF;r
3_[UVu
EEE1X_
,_^[]U8
URWVuSV$E
u3;t Uh
u8V$t.
URUPMQVh
MQMREPVh
}7@}2j
GN_^[]Qh
NVPL$0QR
3fD$(D$*PfT$,
3EEEPS
UQ3E9E
tE;tASj
S-%50R
SVW3VEPE
PEMQSRP
@:u+V@3;t'x
@:u^E;t
RUEPSQR
@:u+V@3;t'x
@:u^E;t
3SRfMS
@:u3fE
SVW=XR
%_^[]UQS
]_^[Y]
u_^[Y]
MQPjE3@fE
^USVWh,
^ ^$fN
SSQSVR
D$0D$4D$8D$<
D$@D$DD$HD$L
D$@t$(t$$D$
AJu\$(L$
D$$SPS
;|$ u1|$
D$$SPS
3C\$(L$,
2_^[]U4
t$(t$$D$
AJu\$(L$
D$$SPS
;|$ u1|$
D$$SPS
3C\$(L$,
2_^[]U,
E};}u4}
tuEVPEV
_^[U4l
EEEEEEEPj
\$PD$T
j@T$HSRK
PSjj$S\$(D$TD
RD$DPSSSSSSS$
D$(D$,D$0$
PSjj$S\$8
PSSSSSSS$
;tD$(T$,=\Q
O9W=PMOAUWEEPMUw
u2_^[]
G8W._^[]
p;}^[3_f
+QM+RPQj
U4SVWj
QWj Wf}
PW_^[]
T$$RSD$,<
QT$8R||$
RD$8P:|$
PL$8QE
RD$8PE
SB6tTj
tg;u29
PQr_^[]
PQ_^[]
PQr_^[]
PQ_^[]
PQr_^[]
PQ_^[]
PQr_^[]
PQ_^[]
PQr_^[]
PQ_^[]
t5t1>0u,F
t5t1>0u,F
EEEEPE
_3^_^%L
S3VW9]
3EEEEEEj
;}r[3j
]EEEEEE
E4M0U,PE(QM$RU PE
M4U0E,QM(RU$PE QM
r3@tGEPVE<
r3@tCMQVE<
:U@VEPVE<
t#MQWE
PE+QM+S+P+
UEMRUPQR
]EUMh
RU+QM+RPQS
_^[]ULS
E?M};}
VuWV+RU+PSQR
_^[]U<S]
taURjSE<
F(MQjS
t;j8Ej
WPP(^]U
S3VW]]9]
WPP/C;]~}t
EM+|+MjVEM
taURjVE<
MUEMQjV
EMU|Pj
EM+E+MjVE
t(DHLE
t(DHLU
EMUEPj
PP_^[]
E^]US]
3WWj1P
L$lQj<P
T$0RWD$8<
uuD$ P'V\$ D$
D$$L$,T$ h
Vj'j#SPh
UQSVWEPh
<_^[]SVW
LSVWPQj
RJjV%PjV
t';t#j
u3_^[]
UQSVWj
E_^[]U,
u4V7t#S
;u0;t&5P
A A$A(A,_^[]
;r_^3[]
+_0^[]
A+_0^[]
+_0^[]
+_2^[]
0Nu;tLu2t
_^[UVu
@u+;u-t)t%3
BA;|[_3^]
UQSVW}
33M<-u
G<0|4<9
IF;r_^UE
?:tD;r_^[]
;:tXU;r_^[]
VPC$s(EH
UQSV9}
MA@M;M
3U;s^;s
>:tHU;r_^[]
u>2u08F
t5MQP*t
t/EPh@
DF^US]
3t9VW{
u*t"SW
tIE;v:PE
:u!E++R
MWQS#T
UDSVW}
=POSTu
=GET u
QRVD$$PD$
T$ RZ
T$$D$ RPu
WPV|$
G _^[]
_^[]_^[]
_^[]UU
Wt%t!t
G0;rRSV
QRD$0P
RD$8PD$
T$0+T$4t$
D$$VPS(N
_(+_,;s
3G$G(G,_^[]j
_^[]UVW}
@0;r_^]
Vs^]Vj
Eu@,Eu;
#_^3[]
u3Bk,R<
t"WWWW~
Ik,QW;
L$ QRt$@
uPG(PoK
D$0t?O
D$0L$,PQ
G +G$M
EPQj-^ R
t/=POSTu
}M}}9}
URVj"PE
EMQURj
MQWj)R
UuWPEQMRPh
@u+P={
U8S3VW=pQ
EEEEEEj
;ur[3j
]EEEEEE
U8S3VW=pQ
EEEEEEj
;ur[3j
]EEEEEE
Wu43D$
D$ D$$D$(D$,D$0D$4D$
Wu43D$
D$ D$$D$(D$,D$0D$4D$
WPQRSu
WPQRSbu
t[H$@ ;u"E
38 t%>
u38 t-$
URUPMQSh
@:u+V@3;t'x
@:u^E;t
3SRfM3
@:u3fE
totktg}
<#t/<
t'<*tP
CFG;u3;u
;t8;us+
@uMQ+RUPE
tdSVW]tGE
VR+PQV
u_^[h
UtSVWD$(P
QRWWSSP
D$DL$HD$\
fT$f <
WjBD$`(
L$h\$p\$t\$x\$|$
T$HSL$\QPRSD$(D$$VP
SSW6BM
T$BfD$@\$,
SPVD$4
SL$ Qj
SSV\$0
Sj(SPVD$0
SL$$Qj(T$dRV
Sj(SPV
\$ 9\$
t@;t<j
SWSPVD$0
SL$$QWRV
@u+PSD$ MT$
3QQ3PW
@u|$ +OO
3QQ3PV
T$ RVSW
3EEEVPE
@u+t4E
U<SVWj,D$ j
QQQQjWQQ
Mu_[t#EPVE
^]VB^]U0
DFu_^]U
u'MQMUREPj
u'URUEPMQj
SVW3hh
@u+S[u
VW3u5tds
_^U<SVW
E3EEEEEEj
;}r[3j
]EEEEEE
E3EEEEEEj
;}r[3j
]EEEEEE
E3EEEEEEj
;}r[3j
]EEEEEE
EPEQURWVP
@u+3@t(x
URUPMQWVR
@u+3@t(x
@uM+PE
SVWh$5
S%_^[U0
VPuuuuE
|U SS4
EPEMQURh
tyE$trj
M QWVS
t#E PSE
EPV&Vj
E_^[]$
^]_[3^]U
@SVWe3
;}rn]3E
]3EEEEEE
@uS+W^_
@u+tt0
t#URVE
MQURUMQj
@u+PVX
t#URSE
PEVuPEQSWRh
@u+Eo_
t#URVE
t#EPVE
t#MQVE
t#URVE
t#EPVE
t EPVE
t MQVE
t URVE
t EPVE
t MQVE
t URVE
t EPVE
t MQVE
t URVE
t EPVE
t MQVE
t URVE
t EPVE
t MQVE
t URVE
t EPVE
t MQVE
u9PPPh@
t#MQVE
t#URVE
_^3]UQVj
t#EPVE
SVW3Wj
9txQhPX
SVW3D$
t$0t$4t$dt$h$
t$Lt$P
;tZD$@P$
QT$`RD$0PW
L$$3L$
D$ PWt$(
t$8t$<t$Tt$Xt$tt$x$
;tQL$xQT$lRD$PPL$8QS
W<D:PPD$
t$Dt$Ht$|$
t$lt$pt$\t$`
D$4;tUT$PRL$dQT$xRL$DQP
;t(?SV
@uSV+W
UMQPPPh
@u+t"|
MQRURh?
@u+@PEVj
P_^[]U
EMPQDh
FMu_[^]
EEEEEEEF
V$PQj R
t:F(~2N
_^3[]3h
F4F(F,
j P}~$
<Nt <Ft
B;U|_^[]U SV~4
t2F(~*N
_^[]VW
;u_^3_^U
Vtct_WS
tEWSV
WV#WV|R
=GET t
=POSTu
E3EEEEEEj
;}r_3j
EEEEEE
=GET t
=POSTu
E3EEEEEEj
;}r[3j
]EEEEEE
E3EEEEEEj
;}r[3j
]EEEEEE
E 3EEEEEEEj
;ur^3j
EEEEEEE
VWPQSR
E3EEEEEEEj
;ur^3j
EEEEEEE
_^W3_UE
[]_2[]U,
L$8D$(}]
RD$@PS
8D$9u|$
D$;HD$
QT$@RS
~AD$8P
T$4D$,|$,t$4
j@L$\Q
uvT$XR
T$0D$4|$(t$4L$0
RD$LPW
QT$<RV
RD$LPW
u'MQMUREPj
u'URUEPMQj
MSVWPPQh
t#URVE
_^[]Ujh
MEPj@j
hPVFE3E
tPVF39
$PVF39
PVFMQV
EPj@QW:
URj@VS
UMQRVS
t#EPVE
Nu)9uu
V3tbSVVVVjPVV
<#t3<
t+<*t[
BFG;uE
r^_3[]
u)3t#U
F;r^3[]
33fEEfMEPMQU
t U+fE$fEM
tj;uad
@uVW+OO
@uW+OO
@u+PSr3h
@uVW+OO
@uVWh\
@uSVWh\
|_^3[]
t'VMQPE
jdUQVhx
@uVWh`
EEEUEEEfEU
EEEUEEEfEU
t#EPVE
@uSVW+OO
EEEUEEEfEU
EEEUEEEfEU
EEEUEEEfEU
3EEEEEEEfEEE
EEEUEEEfEU
3EEEEEEEfEEE
@uSVW+O$
3FVRhd
|_^3[]
@uVW+OO
SVW=XR
l$_^[]U
@u|$(+OO
@u|$(+OO
@u|$(+OO
@u|$(+OO
@u+P$t
PD$02D$
SP\$$x
@u+P$$
_^[]US]
up3;tNVVShP
P_^3[]
t#URVE
?POSTuZ
t#EPVE
@u|$(+OO
@u|$(+OO
PL$,Q5
@u|$(+OO
@u|$(+OO
@u+P$t
_^]Qhh
@uVWhl
@u+PV3h
@uSVWhl
|_^3[]
t'VMQPE
^]UQSVW=XR
a_^3[]U
@uSVW+O$
3FVRhd
|_^3[]
@uSVWhp
UQSVW=XR
_^3[]U
@uVW+OO
^]_[3^]U3$9E
3EEEEE
@uSVWht
|_^3[]
t'VMQPE
3SVWD$
3VVVVjWVV
P3St$ t$$
VVSt$(
3QQQ3PS
@uSVWhx
@u+PVs3
@uSVWhx
|_^3[]
UQSVW=XR
_^3[]U
SV3Wt$
D$ PWt$(t$,
SD$(D$$j
3QQQ3PW
_^[]U$
@u+PS$
@uSVWh|
|_^3[]
UQSVW=XR
_^3[]U
@u+PVe_^[]
@u+PRmc_^[]U
@uSVWh
|_^3[]
3^]3]UQSVW=XR
_^3[]U
uEVPPPh
@uSVW+O$
3FVRhd
|_^3[]
3^]UQS
UQSVW=XR
a_^3[]U
@uSVWh
|_^3[]
@uVW+OO
@uW+O$
@uSVWh
|_^3[]
@uVW+OO
_^t9HH
@u+PQI_^[]U
@uVW+OO
@u+PV7Eh
@uSVWh
|_^3[]
Hjd?UQS
@uSVWh
|_^3[]
Hjd?U,
.iniPj
@u+PRb<h@
_^3[]U
@u+PQ9_^[]U
@u+PV:8_^[]
@u+PV*6j
t#EPVE
@u+PS2E@E;E
u[E<C3
@u+PRT1hp
UQSVW=XR
a_^3[]U
UQSVW=XR
a_^3[]U$SVWPj
8ADVAu
E_^[]U(SVu
;t@EPMQUREPS
MQPPPh
@u+t |
@u+@PESj
URMEPh?
@uM+@PWj
SVW3h$
EPQRWV
URUPWQR
;|}u[(j
SVWEPh
EMQVURj
t)t%Vj
_^3[]_^[]U
URtPEPW
tEW5\3?
u[_^]U
URtPEPW
tEW4[3?
u[_^]U
t.u:ERPltEP
RV [=P
3EEEEEEEj
E]UXVE
VE3SSE
SSVQRSSW
};tuh
3PSPPPQW
?[_3^]
fEBME6
SVW3h
mE_^[]U4
VW3EPWWj
uzMQURPEP
uc9}t^uti=U
tIEMQURj
_^]UQE
|_^[]U
MEUEE(|
G@;|ME
3A}u]=
]f:M}U
]uu_^[]U SV3H
DU@fDU3
Mu_^[]
S3V]]9,
_^[]UQj
u3]UQj
;F u!N$t
f9UuHEH49Mv=j
2UQS3W8^$u
t#EPWE
;t-MQWE
S3VW^P^X^T^L^D^d^H;u
_^[]SSj
E;t-];t
E_^[]_FT
^3[]U S3W^P^X^T^L^D^d^H;
u2F<PN0QFDPV,R;u}SSSW
~P3_[]
EPMQUR
F<^0^4^8~P3_[]
_[]U$S3
EP^P^X^T^L^d^HF,
EPMQUR
^0^4^8F<3[]UE
Wt=F`~\;sr+;v
oFL_[]
7FL_[]
t,W~Pt#EPWE
UQSVW^hS
t&t!WS;u#
E_Fd^3[]_^
{PSXCT
{L{d{H{\{`
C0UEC0
x9SLKD
K(_^[]
USVW=P
3;t+hp@
^$^(^P
u,8^$u'E
;t#VSP
T$LRQPD$
L$\QWh
u_^2[]
P.@/H<H@HDP,
fP0fP2@4
fp0fp2fp4^:t
H8[f@6
[UQSVhP
MQVLR4
EF0W~,EG
CPCTEt
_^[ULSVW=
;|++Fd+
Vh;|*+Fl+
~%FtNp
VPFxQFl
MVfFEFEN&F
Ou_^[]
EM;thu
?;u_[^]
9 t5V$
W9;t7E
QRt 6?;u;u
G6;u_^[]
u[^V7>
QPV]8W
M;~n;~
QR@u*G
RPt&9w
V _^[]
;UuM^;|
SWPQ_[]j(
;u^US]
VPQK|W
fEfuf}u
UUEEM;M}
EEfMfM
UUfEfE
MMfUfU
EEfMfM
E9E}3MM
MMUUE;E}
UUfEfE
MMfUfU
EEfMfM
UUfEfE
U9U}5EE
MMUUE;E}
UUfEfE
MMfUfU
EEfMfM
UUfEfE
U9U}3EE
fMfuf}
QPV{t@u
U0SV5R
EUPURQ
@uM+QE
j({$C(
f{*C,C0C4`v
CL{P{TV
RPWW j(CX
C)_^[]
r.N;s!
}RFB u
USVWjA
fP,H0P4
*fffff
;t9p$u
HLVW0u
3@fEfUu
HXVW0u
@u+@fEu
SVW3h<
`WQ\Ws
@uT+OO
@u+@PLQPRj
S33_^[]
j,\QRp
@PQPRj
33_^[]
MQWRW@P}}
2_^[]E
UIPSE5
Mu!E;s
ME@E }}}NEj
_^[]_^
@u+@PDQPRj
UPQR\h
MQWSP.UR<P
U$SVWj
V_^[]j
E3F,^+Tv
VMQUREPE
RPQ0F\WP
NXWQ[VLWRQW
R_^[]j
Ft^x_^[]
Ft^x_^[]
Nx_^[]j
EMPEQMPQV_^[]j
fUfMfU
QRV_^[]j
URV_^[]j
_^[]fU
VXFLRPM
]t8E;|
FLPWNF\PWu\O
FLPV\RPEnF\P
}SWNSxFPNT]
VLFXRP
NXSQ{VXWRq~\
3FPFT8Ev
3P]MQE,tq
URMQW}Uge
MUB~4x
A~0UR@
3P]=MQEqtpEU
MQMQR}Ud
MQMQR}Uc
EGu]}G
t%;~!]
U;t UREPW}
ERQWPVM9RQWPVS
-RQWPVv
tY}MQP
QLURCE_^[]
fMfMfMfMfEfM
fuf}fEu
;r'J;s
;r,J;s!
;r,J;s!
SV3tG\
@;r1Q;s#$
@Q;rIM
@;r,Q;s
@Q;rIM
@;r3Q;s%
@Q;rIEH
4fVI"T6
CE_^[]
r.J;s!
uJ~F=U
u[URPj
u{UR3VPVO
QSP_^[]
6_^2[]
QPVt@u
333;;s&K
;|_^[]
@A;ru$N
+U S]$~1V
+U S]$~/
333;3s)8C
3~;+Wd$
F@;|_^[]
A;rU$J
+U W}$~5S
+U W}$~3
333;:s,8B
F@;|_^[]
A;rU$J
+U W}$~3S
+U W}$~1
333; s)8G
GW;}rEM U$
~C4vSu
@W} M
E;shd$
;]ruE$
z_^[]
~<V4X;s%:]
f<{fx;r}
~M;sdE
f~;ur} EM$
@W} u 4F
;]rE$M
z_^[]
] ;sP2M
;]ru}E$
m_^[]
~:V4;s#:]
~;ur} EM$
@W} u
;]rE$M
E ~ S]
P,SWx,:
:X/u\tHf
f;X0uKf
f;X2u>f
f;X4u1
_[F|05
VUUUm
B<J<tI
_PVR_U
p2_^[]
Eu3~$}u
s?E3~$}u
S3;tkW=
t F ;t
^$_[U4S
fuIf9G
u+8F/t&
M3Ef;O
uf;srM3ME
@E;|_^[]
EMu_^[]UdE
F4E3E9E
#u#}#EMMM
#]E#E#UMMME
;E|EMU
{g_tBE
MUPEQRPbE
P]V[^[]
KXQ]V[^[]
SPQVt%F4+
F0W;~8M
SQPVxt
VPQK|W
fEfuf}u
UUEEM;M}
UEEMMUUEE
U9U}3EE
MMUUE;E}
MUUEEMMUU
M9M}5UU
PoE_^]
MMUUE;E}
MUUEEMMUU
M9M}3UU
EUREPV}U
MMMM9M
3It-It%
EM#E#U
E#]3M#EM
Ht9Ht.
t"3~03I
;|_^[]
USVWhP
P,S,P0S0P4S4@8QC8
V2W8Tv
i3_^]E
xi3_^]_^]U
hrL=8}
5hL=8}
3:_3^J
U;Us$E
M}!w U
MUUE;Er
+EEM;M
)2_^[]
3fu&fE
URMQURMQ
ERUQMRPQRS
O_^2[]
MMUUE;E}
E9E}3MM
UREPUREP
f;Et@;
EQMRUPQRPS
ulMUQREE
EEMMU;U}
E9E}5MM
UQSVWE
_f2^[]
UREPUREPE
MUPEQMRUPQRS
EEMMU;U}
U9U}3EE
UQSVWE
^F^[]F$
^[]UQ=]
Ht-HuF93
#__{UQSVWj
V_^[]J;s!
uL~H=U
F(9F$u
wN(V Wh
GLHGT7G
WXF(N h
G8F(N RP
G@F(N RP
V(PF R
9W8tG9W@tB9WDt=;t9
V3;t`P
;tY9p tT9p$tOp
_^U3V;
S^(>N(*
u0F([3^]
[F(3^]
*t(Et#It
N$PF(P
N$PF(P
N$PF(P
N$PF(P
F(N$RP3q
F,NLVD
F<3fDJNLFDWT
~l~\~t~h~HV|FxF`_U
WlG|O8SV
Gp;U}+\
]U_4#]
(Ot^[;v
}^<+^tFlN,+
];r^F8W
VLFD)~p)~l
3#FTFH
N<;sj~l
_[]UQSVu
FlN\EVlFt
Nl>N\G
V\NlF,+-
Nl>N\G
s"QFt]
rjFHNXVl~4N8
3#FTND#V@FHf
zNl#N4V@
JNHVDf~lf<Jt
PhF`~`
fNlf+Np
)FtNt]
rZHF`$
~lVlN8
^HNXND3#FT^4FH
FlNHVDf
VlNXF`
3#FTFH`VlF8
3Vl+RP3
Fl>F\G
D_^3[]
rIFHNXVl~4N8
3#FTND#V@FHf
zNl#N4V@
JNHVDf~lf<JN`Vp
NxVd^`tO;
sGVlN,+
fVlf+VdFxf+
^lVl;w>FHNX^4N8
3#FTNDFH
FlNHVDf
Nl>N\G
f_^3[]
3Vl+RP3
Fl>F\G
NlNtNhl~h
tFVlF8D
FlUNlF8
3Vl+RP3
Fl>F\G
USVW~t
3+PQ3?
Fl>F\G
Em@@E;E|u
UEM@@ME;
r$E@;F
RSWjEFE;u
GE;s3+M
OM;s0+
|E@E;E
;Er_^[]
PG|,QR
PEQRPhH[
UEM@@ME;
GE;s3+M
OM;s0+
PQSRN}
|E@E;E
;Er_^[]
PG|,QR
PEQRPhH[
UEM@@ME;
GE;s1+U
GE;s)+
U;UrE@E;E
;Er_^[]
PG|,QR
PEQRPhH[
UEM@@ME;
3EEfBff
GE;s1+U
GE;s)+
U;UrE@E;E
;Er_^[]
PG|,QR
PEQRPhH[
UEM@@ME;
3EEfBff
uS4u;sg
;r[_^]
E;s4+U
RPSQR3
UM;slJ
H9EuwE
;EsoMI
;ErMAM;M
M;s0d$
;Er_^[]
?_^3[]
PG|,QR
PEQRPhH[
UEM@@ME;
3U~\d$
u#UB;V
uS4u;sh
;r[_^]
E;s4+U
UM;smJ
H9EuvE
;EsnMI
;ErMAM;M
;Er_^[]
?_^3[]
PG|,QR
PEQRPhH[
UEM@@ME;
3U~\d$
u#UB;V
PG|,QR
PEQRPhH[
UEM@@ME;
;]r_[]
PG|,QR
PEQRPhH[
UEM@@ME;
;]r_[]
PG|,QR
PEQRPhH[
UEM@@ME;
r$E@;F
PG|,QR
PEQRPhH[
UEM@@ME;
r$E@;F
fEC,fuEu
_^2[]
H H(H,H0H8H<J
HlHPHL
O$PG(PF4
^P^SW3;u
_(9_$u
G(O Vh
W(G$VRG
^_[US]
Wu)N$S
F0F,V(+{
F(;r)K
V4P+QR6
+WPF4P6
~0_N,^3[]
^09F0u
N,_^3[]
UEMRPQ
Oh;O\sPI
fLWpGhOh
3fTOpGh9Ghr
+OhfTOpGhB
E;r+Oh
WhMfLWpGh}
G`POpQj
GlOlGP
RW`GXPQOd
QDWpPj
OHtE;s'
OHt@;s"}
U+UOD;vI+
M+MW@M
}+9Mt$U
t,N$t%@4t
V(F$QRF
?}tTM\
J}u_^[]U Vu3
4Bft5f
DU@fDU3
Mu_^[]
IRj_[]
@PAQBR
U]tz+4@m
+;~PffH
+;~VffH
^8^<^@@Jt
_^3[_^[
F$V(RLu
[_2[UU
C$S(KuT{(
U<SVWM
H4UPLM
HPUMHT
HXEx<E
u^;s?+
U9Us?;us:U
Ex<_^X8Q
EEEEEEEE3t
FfDMLM@;r
3t&f<F
FfDUTU@;r
tEHt Exc
U<_^[]
#u#u;u
;Us"tU
UVWS|$
+t~:D5
uX[_^]
name.key
\secrets.key
sign.key
kernel32.dll
CreateFileW
\explorer.exe
GetFileAttributesW
user32.dll
GetWindowTextA
OLLYDBG
wireshark.exe
dumpcap.exe
idag.exe
vmwaretray.exe
\\?\globalroot\systemroot\system32\vmx_fb.dll
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
SystemDrive
Software\Microsoft\Windows NT\CurrentVersion
InstallDate
SYSTEM
%s!%s!%08X
software\microsoft\windows nt\currentversion\winlogon
software\microsoft\windows\currentversion\run
userinit
software\microsoft
Global\
\svchost.exe
iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.exe|
\winlogon.exe
sysinfo.log
scr.bmp
minidump.bin
%d.%d.%d.%d
%dd %dh %dm
CLOSED
LISTEN
SYN_SENT
SYN_RCVD
FIN_WAIT1
FIN_WAIT2
CLOSE_WAIT
CLOSING
LAST_ACK
TIME_WAIT
DELETE_TCB
netstat
{Proto
Local address
Remote address
taskmgr
Process name
[System Process]
netuser
Software\Microsoft\Internet Explorer\TypedURLs
IE history:
DAN NLD NLB ENU ENG ENA ENC ENZ ENI FIN FRA FRB FRC FRS DEU DES DEA ISL ITA ITS NOR NON PTB PTG SVE ESP ESM ESN TRK PLK CSY SKY HUN RUS GRE ALL
{BotVer:
{Process:
{Username:
PROCESSOR_IDENTIFIER
{Processor:
{Language:
%dx%d@%d
{Screen:
dd:MMM:yyyy
{Date:
HH:mm:ss
{Local time:
%c%d:%02d
{GMT:
{Uptime:
{Windows directory:
{Administrator:
links.log
\History.IE5\index.dat
\Opera\Opera\typed_history.xml
avast.com
kaspersky
eset.com
antivir
virustotal
virusinfo
z-oleg.com
kltest.org.ru
trendsecure
anti-malware
.comodo.com
google.com
Dnsapi.dll
DnsQuery_A
DnsQuery_UTF8
DnsQuery_W
Query_Main
ws2_32.dll
getaddrinfo
gethostbyname
inet_addr
qwrtpsdfghjklzxcvbnm
eyuioa
1676d5775e05c50b46baa5579d4fc7
!verif
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
/login.php
6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9
6d3ad29879a90b4dd1b4f76e82166ca3
data.txt
ntdll.dll
ZwQuerySystemInformation
Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}
Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
Global\HighMemoryEvent_%08x
explorer.exe
Shell_TrayWnd
00000000000888888888@@@@@@@@HHHHHHHHPPPPPPXXXXXXXXXXXX`````hhhhhhhhhhpppppppppxxxxxxxxxx
000000000000000000000000@@@@@@@@@@@@@@@@PPPPPPPPPPPPPXXXXXXXXXXXhhhhhhhhhhhpppppppppxxxxxxxxxxxx
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
taskmgr
default
DefWindowProcW
DefWindowProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefMDIChildProcW
DefMDIChildProcA
CallWindowProcW
CallWindowProcA
RegisterClassW
RegisterClassA
RegisterClassExA
RegisterClassExW
PeekMessageW
PeekMessageA
OpenInputDesktop
OpenDesktopA
OpenDesktopW
SwitchDesktop
MessageBeep
FlashWindowEx
GetCursorPos
SetCursorPos
GetMessagePos
SetCapture
ReleaseCapture
GetCapture
Winmm.dll
PlaySoundW
PlaySoundA
sndPlaySoundW
sndPlaySoundA
Kernel32.dll
Gdi32.dll
SetDIBitsToDevice
SetThreadDesktop
static
Content-Length
http://
NSS layer
https://
Referer
Content-Type
HTTP/1.
Transfer-Encoding
chunked
Connection
Proxy-Connection
identity
Accept-Encoding
If-Modified-Since
nspr4.dll
PR_Write
PR_Read
PR_Close
PR_OpenTCPSocket
PR_GetError
PR_SetError
PR_GetNameForIdentity
UserAgent
[[[URL: %s
Process: %s
User-agent: %s]]]
Accept-Encoding:
Crypt32.dll
CertVerifyCertificateChainPolicy
Wininet.dll
HttpSendRequestA
HttpSendRequestW
HttpSendRequestExA
HttpSendRequestExW
InternetQueryDataAvailable
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetCloseHandle
set_url
data_before
data_end
data_inject
data_after
microsoft.public.win32.programmer.kernel
\iexplore.exe
keygrab
%02u.bmp
***************************
***************************
[/pst]
GetClipboardData
\\.\PhysicalDrive%u
AppEvents
Console
Control Panel
Environment
Identities
Software
System
/topic.php
keylog.txt
passwords.txt
%s%u.zip
-----------------------------
Content-Disposition: form-data; name="pcname"
-----------------------------
Content-Disposition: form-data; name="file"; filename="report"
Content-Type: text/plain
RtlUniform
TranslateMessage
GetMessageA
GetMessageW
as743vgk0odastr
HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Referer: http://www.google.com
Content-Type: multipart/form-data; boundary=---------------------------%s
www.bing.com
www.microsoft.com
Content-Length:
RtlFreeHeap
id=1&post=%u
frd.exe
!kill_os
&ret_val=ok
/faq.php
!activebc
&activebc=ok
!deactivebc
&deactivebc=ok
&load=ok
!inject
&inject=ok
!new_config
&config=ok
id=%s&ver=4.2.5&up=%u&os=%03u&rights=%s<ime=%s%d&token=%d
\chrome.exe
--no-sandbox
\java.exe
\javaw.exe
\javaws.exe
\opera.exe
\firefox.exe
\maxthon.exe
\avant.exe
\mnp.exe
\safari.exe
\netscape.exe
\tbb-firefox.exe
\frd.exe
\isclient.exe
\ipc_full.exe
\intpro.exe
\cbsmain.dll
\clmain.exe
\core.exe
\rundll32.exe
\notepad.exe
%s.dbf
%s.DBF
j_username=
j_password=
pass.log
command=auth_loginByPassword&back_command=&back_custom1=&
edClientLogin=
edUserLogin=
edPassword=
&LOGIN_AUTHORIZATION_CODE=
action=auth&np=&login=
CryptoPluginId=AGAVA&Sign
login=
password=
&ctl00%24MainMenu%24Login1%24UserName=
&ctl00%24MainMenu%24Login1%24Password=
advapi32.dll
CryptEncrypt
WSASend
WSARecv
name=%s&port=%u
/home.php
A B V G D E E J Z I Y K L M N O P R S T U F H C CHSHSH Y E YUYAA B V H G D E JE J Z Y I YI J K L M N O P R S T U F X C CH SH SH YU YA
path.txt
keys.zip
Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}
%s\%02d.bmp
Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
\private\
private.txt
\public\
public.txt
\*.key
\self.cer
\@rand
\ABONENTS*
crypto
self.cer
self.pub
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
ctunnel.exe
ctunnel.zip
path_ctunnel.txt
found.
header.key
keys99
\header.key
masks2.key
\masks2.key
masks.key
\masks.key
\name.key
primary2.key
\primary2.key
primary.key
\primary.key
keys99.zip
path99.txt
\crypto\
\micros~\crypto\
\maxthon3\public\
\microsoft\crypto\
\crypto pro\
\progra~1\crypto~1\
\temporary internet files\
:\users\public
\ryptopro
\cryptokit\
:\progra~1\common~1\crypto~1
bsi.dll
&cvv=&
&cvv2=
&cvv2=&
&cvc=&
&domain=letitbit.net&
cc.txt
Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}
prv_key.pfx
sign.cer
Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}
FAKTURA
sks2xyz.dll
vb_pfx_import
Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}
BEGIN SIGNATURE
END SIGNATURE
secret.key
pubkeys.key
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}
path1.txt
inter.zip
interpro.ini
DefaultPrivateDir
General
Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}
cbsmain.dll
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
&txtSubId=
&txtPin=
ebank.laiki.com
pass.txt
Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}
OFFSHORE
w.qiwi.ru
phone=
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}
FilialRCon.dll
RCN_R50Buffer
ISClient.cfg
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}
rfk.zip
client.zip
path_client.txt
\SIGN1\
path_keys.txt
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}
RSTYLE
Agava_Client.exe
UseToken
Containers
KeysDiskPath
Agava_Client.ini
Agava_keys
keys_path.txt
stf.zip
mespro.dll
AddPSEPrivateKeyEx
core.exe
data\id.dbf
\data\id.dbf
keys%i.zip
path%i.txt
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}
login.yota.ru
IDToken1=
IDToken2=
YotaConfirmForm%5Bpassword%5D
pass2.txt
Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}
IsWow64Process
*SYSTEM*
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
kernel
waveOutOpen
winmm.dll
1234567890QWERTYUIOPASDFGHJKLZXCVBNM
ct_init: length != 256
ct_init: dist != 256
ct_init: 256+dist != 512
inconsistent bit counts
not enough codes
too many codes
bad compressed size
ct_tally: bad match
bad d_code
invalid length
output buffer too small for in-memory compression
bad pack level
insufficient lookahead
no future
wild scan
more < 2
RFB 003.006
LibVNCServer 0.9.7
unknown
%s (%s)
My Documents
Network Favorites
%02d/%02d/%04d %02d:%02d
No authentication mode is registered!
Your viewer cannot handle required authentication methods
password check failed!
SCardConnectA
SCardEstablishContext
SCardFreeMemory
SCardDisconnect
SCardListReadersA
SCardReleaseContext
WinSCard.dll
IsNetworkAlive
SensApi.dll
GetTcpTable
IPHLPAPI.DLL
MiniDumpWriteDump
dbghelp.dll
strstr
calloc
malloc
_snprintf
_strrev
strtol
isdigit
sprintf
strncpy
fwrite
realloc
fclose
isprint
strchr
MSVCRT.dll
GetModuleFileNameExA
PSAPI.DLL
NetApiBufferFree
NetQueryDisplayInformation
NETAPI32.dll
DnsFlushResolverCache
DNSAPI.dll
HttpQueryInfoA
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetSetStatusCallback
InternetQueryOptionA
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetCheckConnectionA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
WININET.dll
WS2_32.dll
SHGetFolderPathA
ShellExecuteA
ExtractIconExA
SHFileOperationA
SHGetSpecialFolderPathA
SHELL32.dll
StrStrIA
PathFileExistsA
PathFindFileNameA
PathAddBackslashA
StrStrIW
StrToIntA
PathMakeSystemFolderA
PathAppendA
StrCmpNIA
StrNCatA
StrStrA
StrChrIA
SHLWAPI.dll
RtlImageNtHeader
RtlCreateUserThread
ntdll.dll
GetVolumeInformationA
GetSystemWindowsDirectoryA
GetModuleFileNameA
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
IsDebuggerPresent
GetTickCount
GetEnvironmentVariableA
GetCurrentProcess
AddVectoredExceptionHandler
GetCurrentThreadId
GetCurrentProcessId
GetSystemDefaultLangID
Process32First
GetTimeFormatA
GetDateFormatA
OpenProcess
GetTimeZoneInformation
Process32Next
CreateToolhelp32Snapshot
WaitForSingleObject
LoadLibraryExA
ReleaseMutex
lstrcpynA
GetTempFileNameA
WaitForMultipleObjects
GetTempPathA
GetSystemTime
CreateFileA
SetFilePointer
MoveFileExA
SetEndOfFile
SetFilePointerEx
UnlockFile
LockFile
WriteFile
IsBadWritePtr
ReadFile
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
DeleteFileA
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
SetErrorMode
SetEvent
OpenMutexA
lstrcpyA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
GlobalLock
GlobalAlloc
CreateProcessA
MultiByteToWideChar
GlobalUnlock
GlobalFree
CreateThread
HeapCreate
lstrcmpiA
OpenEventA
lstrcmpiW
OpenFileMappingA
CreateMutexA
GetComputerNameA
lstrlenA
CreateEventA
GetVersionExA
ResetEvent
GetCommandLineA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
GetDriveTypeA
SetThreadPriority
SetCurrentDirectoryA
GetLogicalDriveStringsA
CopyFileA
GetCurrentDirectoryA
GetProcessHeap
HeapValidate
HeapSize
GetCommandLineW
ExitThread
MoveFileA
WinExec
TerminateThread
FindNextChangeNotification
FindFirstChangeNotificationA
lstrcmpA
CloseHandle
FlushInstructionCache
InterlockedExchange
VirtualAlloc
GetThreadPriority
VirtualProtect
WideCharToMultiByte
GetVersionExW
GetFileAttributesA
GetFileAttributesW
GetShortPathNameA
GetPrivateProfileStringA
VirtualQuery
VirtualFree
CreateRemoteThread
GetProcessTimes
Module32First
GetHandleInformation
VirtualAllocEx
LoadLibraryA
Module32Next
LocalFree
WriteProcessMemory
SwitchToThread
FileTimeToDosDateTime
GetFileSize
SystemTimeToFileTime
GetLocalTime
LocalAlloc
GetFileType
GetFileInformationByHandle
FindFirstFileW
FileTimeToSystemTime
CreateFileW
lstrlenW
FindNextFileW
KERNEL32.dll
CharUpperA
FindWindowA
GetSystemMetrics
SetCaretBlinkTime
SetThreadDesktop
GetThreadDesktop
ReleaseDC
GetShellWindow
GetWindow
DestroyIcon
SetClipboardData
OpenClipboard
GetDesktopWindow
EmptyClipboard
GetIconInfo
RegisterWindowMessageA
SendMessageA
WindowFromPoint
DrawIcon
CreateDesktopA
GetTopWindow
CloseClipboard
SendMessageW
IsWindowVisible
IsWindow
GetLastActivePopup
PostMessageW
IsIconic
MapVirtualKeyW
IsRectEmpty
GetClassLongA
GetWindowThreadProcessId
MapWindowPoints
PostMessageA
GetMenuItemInfoA
SetWindowPos
SendMessageTimeoutA
GetWindowLongA
GetAncestor
GetWindowInfo
GetParent
GetWindowRect
GetSystemMenu
DefWindowProcW
EndMenu
HiliteMenuItem
DefMDIChildProcA
GetCursor
GetMenuItemCount
DefMDIChildProcW
DestroyCursor
DefWindowProcA
GetMenuState
CopyIcon
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
GetSubMenu
SetKeyboardState
GetMenuItemID
OpenDesktopA
GetUserObjectInformationA
PrintWindow
WindowFromDC
SetLayeredWindowAttributes
EnumChildWindows
RedrawWindow
GetWindowRgn
SetClassLongA
SetWindowLongA
GetScrollBarInfo
MoveWindow
DialogBoxIndirectParamA
SetWindowTextA
ShowWindow
EndDialog
GetDlgItem
CreateWindowExA
GetWindowTextLengthA
GetClientRect
LoadIconA
AttachThreadInput
DestroyWindow
wsprintfA
PtInRect
GetFocus
RealChildWindowFromPoint
GetClassNameA
GetCursorPos
GetWindowTextW
GetOpenClipboardWindow
GetActiveWindow
GetWindowTextA
GetGUIThreadInfo
GetKeyboardState
ToAscii
FindWindowW
DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetWindowDC
USER32.dll
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GdiFlush
GetDIBits
CreateDIBSection
DeleteDC
CreateRectRgn
OffsetRgn
SelectClipRgn
SetViewportOrgEx
GetViewportOrgEx
BitBlt
GetClipRgn
GetObjectA
CreateFontIndirectA
GDI32.dll
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
RegCloseKey
RegSetValueExA
RegFlushKey
RegDeleteValueA
RegEnumKeyExA
RegNotifyChangeKeyValue
OpenProcessToken
GetTokenInformation
RegDeleteKeyA
ADVAPI32.dll
memcpy
memset
_except_handler3
>?456789:;<=
!"#$%&'()*+,-./0123
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
;3+#>6.&
'2, /+0&7!4-)1#
O/o _?
$Id: dbfopen.c,v 1.48 2003/03/10 14:51:27 warmerda Exp $
Desk_%u%x
-xFS]
!nuca?B
h2A co*SSFQ37
JD4?'
gTC/L7dkto
;EOUhq_
S@9':] " ^znztV=
'h?c ,Z
D"N47T0h|-
qX_Ro.)}eM2UY.
[rPfmV8Q
t[jq+a:U
k"_}1I{D7
n3r4Nnf
||~hYk
.Y+t~2MlUj
sI)79B
MSCTF.Shared.MAPPING.%x
.current
MSCTF.Shared.MUTEX.%x
0@0G0u0000000000
1,1=1J1U1d11111111#2@2G2s2}22222222'313;3n3x333333
4-4i444444&5x5555555
6C6|666666666666666
767F7L7x77777777
8 8&8_89!:J:U::
K88888s9999&:q::::
;4;v<======
0192222222222
3,333=3D3a3q3v33333333
4(4/444444444
5!5555555555
6)6W6^6h6666666
7+727<7F7Z7`777
8'8,8;8D8W8f8o8|8888888888
9'9D9M9U9[9`9k9r9{999999999999
:6:P:W:e:::::::;;;
<-<6<R<c<j<<<<<<<*=0=G=b=s=z======
>">^>e>>>>
?"?(?1?J?b???????????????
0"0L0\0p000
1 1'1_1r111111111
202@2O2_2e2q22222
3)3b3i333333333$4=4[4d4444444
5g5n55555
6F6X6j6z66666666
7!7I7w77777777
8&868V8c8j8x88889
:0:7:H:r:y::::::
;";q;;;;;;
<g<z<<<<<<<
=c=v=======[>b>s>>>>
? ?'?0?9???Q?~?????
!0(090J0Y000000&1-1>1O1^11111
2.252F2S222222G3Z3333333>4Q4{444444455H5r5y5555555555
6G6Z666666
7,7X777777#8_8888888
9 909\9999999!:(:\:b:m::::
;*;0;9;O;\;{;;;
<%<5<J<n<<<<<<4=C=X=e=|========
>&>2>>>J>V>b>n>z>>>>>>>>>>
?"?.?:?F?R?^?
0.0R0]0r0|000000000000000
1 1&1.181@1I1S1e11111
3X3_3333333
4"4:4U4^4v44444$575b5w555555*666
7$71777
8 8>8E8O8V8e8
8888888U9\9|9999
:0:>:::::
;\;c;;;;
<!<'<B<f<p<<<<<
0 040E0K0P0000000051{1111111
2H2f222222
3*313Q3b3r33333=4D4k4|44444`5g5555555
6/6>6L6S666666
7'7.7J7Q7~77777777#8H888
9D9999
:l:}:::/;6;u;4<x<
<<<<<<<
=#=0=a=f=u=========
>J>Q>[>v>{>>>>>>>>
? ?)?/?W?e?o??????????
0'0,060?0J0Q0V0t0000000
1+151?1X1^1n1x111111111
2*282Y2h2s2x222222
3 343<3A3F3L3S3u3333333333333333
4)4.464C4^4g4p44
5"5R5555555555 6'6N6X666R708A8M8k8p888U9
:%:1:G:M:S:[:
<1<9<D<N<T<\<b<k<q<z<<<<<<<<<<<<<<
=7=A=I=O=\=m=====(>2>;>A>T>Z>b>q>y>~>>>>>>>>
?.?B?I?N?f?w?}????????????
0)0/080W0d0o0u0000000000000
1#1(1;1E1L1R1^1e1k1r1x1
111112222
3)353>3D3R3|3333333
4"454D4c4i4p4z444444444
5$5*50585?5E5_5y555555
63696@6J6W6i6o66666666666666#7-747>7I7X7888
9;9L9S9\9o9z99999999
:#:F:`:s:z:::::::
;-;:;J;Y;a;p;};;;;d<h<l<p<t<x<<<<<<<
=8=?=F=_=l======
>(><>E>g>t>x>|>>>>>>><?B?H?a?l?w????????????
0<0D0Q0\0c000000
131L11111
2+2222U3h3
4$4(4,4044484<4@4D4H4j4r44444444
5j5t5555
646S6g6{66665888888
9/9<9N9f9s999999
:.:7:=:G:M:w::::::::::::
;$;*;C;T;a;s;{;;;;;;;;;;;;;;;
<;<J<b<o<<<<<<<
=;=J=b=o=======
>;>J>b>s>>>>>>>
?;?J?b?o???????
0;0J0b0s0000000
1%1.191H1\1c1k1r1z1111111111
2 2<2K2h22222
3%393?3J3U3a3h3}333333333
4(454H4U4h4u444444444 5/5E5U5u55555555555
6%6*606R6Y6k6z6666666666
7#7-72787b7i7}7777777+818H8\8888888888
9 9I9h99999
: :Y:^:d:i:s:y:
:::::::::::::
; ;);6;E;S;Y;c;};;;;;;;;;;;
< <(<5<:<@<I<N<T<d<s<<<<<<<<<<<<<<
='=7=<=G=W=\=g=w=|=============
>'>7><>G>W>\>g>w>|>>>>>>>>>>>>>
?'?7?<?G?W?\?g?w?|?????????????
0 00050@0P0U0`0p0u000000000000
1!1F1T1^1n1u11111
262V2x222222222
3.343:3?3D3W3f3y333333
484A4T4d4x44444444
5 5)505H5Y5d5j55555555555
6-686H6666666666
7*7@7F7f77777777
8-8C8M8S8g8888888P9i9
:1:K:f::!;;;;;
<3<E<L<W<<<<+=9=E=R=s=z=====
>#>*>9>N>>>>
?,?9?@?O?d???
>0t0000000
1 1c1l1r1z11111111111
2%2+2D2J2R2Z2i2n2t22222222
3e3333333333
4!4E4R4b4u4444444444
5+595F5L5U5[5`5m5z55555555555
6"6/6>6J6O6Y6`6g6u6666666666
7;7B7I7]7r7777777777777
8&8+83888Z8e8k8p8{8888888888
9'929<9K9^9q9z9999
:#:':H:q:::::::
;#;4;N;q;{;;;
<,<5<?<E<g<q<{<<<<<<<<
=%=:=r========
>$>8>>>T>{>>>>
?-?T??????
000000000
11111&222T2\2222222234444
5 525B5U5e5k5w555555588799::;;;;I<<p==/>>>>F?c?u??
00f1m11
2P2W2c2j22223444p5w55555
6"6D6f6667777/8R8j888
969s9~99999
; ;D;7<k<~<<<<<
=#=.=:=?=J=V=[=f=r=w=========
>;>B>>
?'?e?q??????
C0u000000
1Y1p1111111111 2$2?2F22222
3S3]3334l44$5+585?5X555555l6t6666
7D7o777.8~88888888
9)9J9]9x99
:&:M::::::
;6;];;;;;o<{<<<'===c===L>>>
? ?/?f?l?{???????????????
0#0/040?0K0P0[0g0l0000
1$1)1U1Z1s1111111111
2E2J2222273F3\3b3k3x33333
4>4E4t444
6*616?6R6j6p6w666666667H7X7a7h7x7777777778
9#9a:h::::T<[<h<o<<<
=y=======
>8>N>>>>
?5?E?Y?i?x????????
0.090E0Q0000002181B1_1f1m1|1111111111
2"252O2U2s222222
3%3+3^3i3n3333
4c44444
5(5k5}55555>6r666666666 7.747N7S7777
8i88888
9R9c9s9999999999
:Q:`:s:::::
;,;2;;;;;;
<8<?<G<m<t<z<<<<<<<<<<<
=p=t=x=|====[>p>>>>>>
?@??????
:0J0e0w000000
1*1w1~11111111111111
2;2B2H2R2X2h2p2v2|22222
3(3C3q3x333333333
4o444444
5Q5]5m555555555-6h666666
7\777777748A8G8M8R8d8{88888-949[9d9999
:n:s:::::>;C;;;;;;7<D<W<d<n<t<z<<<<<<<<<<
=3=:=g=s=======
>->4>[>a>>>>>
?^?e??????
*060000000&1Z1f1112292\222
3<3333/464t4444!5y555555+676G6O6U6`66
7T77777777
8(868;8M8{88888,9M9]9l9|9999999994:t::::::
;?;L;[;e;t;;;
<,<g<x<<<<<<
=7=F=Y=v={====
>@>h>o>>>>>>>>>>%?+?D?K?[?o???????
0*0A0G0V0h00000%111A1g1t111111111111111
2!2i2n2v2}22222222222222
3&333?3D3O3[3`3k3w3|333333333333
4&42474C4g4s444444444
5"5'525>5C5N5T5Y5^5c5{555555555555
6*6<6L6S6l6v66666
7Z7`7h77777
8-858:8M8T8^8{8888888
9Z9`9h9q99999
:#:,:d:z::::::::
;4;J;Q;_;p;;;;;;;;;
<%<z<<<<<<<<
=4=A=G=O=d=o=====
>+>@>F>e>n>>*?0?8?P?h??????
01060A0{000000
1z11111111
232T2a2g2o222222222
3.3C3J3T3^3c33333333*40494B4g4p4444444i5p555555555
6@6H6]6u6666666+777G7V7c7777777
8 8-878J8R8[8e8o88888888888
9'9,9B9L9j9{99999999
: :6:T:e:k:w:::::::::::
;$;:;P;f;|;;;;;;
<,<B<m<u<
=F=Q=|======
>)>T>_>>>>>>
?,?7?b?m?????
010J0T0j0|000000
1"121Q1`1y1111111111
2,262N2_2g2t22222222222
3;3I3_3s3y3333333
4T444444
5 5&5R5555555
6 6166666
7N7q777777777
8'8J8P8e8k88888888 9'9,939j9999999
:":D:K:U:_:e:q::::::::::
;B;|;;;;;
<<<]=e===
?L?d???????
0-0S0a0p0w000
3G3Z3`333333
4#4+44
525D5I5P5]5k5r555555
6+626Z6`6h666666666
7:7@7H7p7z777777777
8>8R8d8i8p8}8888888
9 9-92999Z9`9h999999::::::
; ;-;2;9;Z;`;h;;;;;;;;;;;
< <(<I<S<k<~<<<<<<<<<<<
=%===N=T=`=p======D>^>e>>>
?5?O?v?????
0/0V0000
1+1B1i1111
2/2F2m22222222
3'3,373C3H3S3_3d3o3{3333
4?4F4L4r44444<55555555
6k6w6~66666
8 8,8N8h8888888
9!969<9B9P9`9l9
999999999E:^:m::::::::::
;);W;^;h;;;;;;;
<+<2<<<F<f<l<y<<<<<
=4===B=T=u=~======
>)>6>V>[>x>
>>>>>???
0z071L1o1111111
2 2%2,2H2Q2V2\2g2p2v2222222
3I3P3h3t3{33333334>495V5]5555s6z66
:::;;;;;;;;"<3<9<><w<<<<<
=#=4=:=?=
=========->3>;>l>>>>>>>>>>
?"?3?9?>?????????
060B0P0X0a0g0n0s00000000000000
1+191A1J1P1W111111111
2!222R2f2l2q22222222
3 3'3-333J333333333
4'4;4M4R4X4]4b4444444$575=5B5y55555555555
6"6(616M6U6f6m6r6w6}6666
7"73797>7}777777777
8$8*8J8P8X8m8w8
888888888>9R9c9i9n999999999
:#:):.:g:q:y::::::::::-;3;a;g;n;x;;;;;;;;;!</<4<A<I<O<l<~<<<<<<<<<<
=%=Y=r=========
>[>b>h>p>>
*01000K1Q1Z1c11
2`2i2w22222222222
33333333
4,4@4q4w4
5M5S5[5w5555555
6"6X6c6z666666666666!7&757E7[7s77777777777
8 8&8.8R8`8f8k88888888
9.9M9_9p999999999
: :3:r:::::
;/;<;;;;;;;;h<<<<
=#=?=j=w========
>!>(>;>A>>>>>>>
?&?-?@?F???
!0U0000$11171R1`1f1k111111111
2$2:2@2H2W2`2j2p2222222222
363>3M3T3j3p3x3333333333
4#4*4=4D4L4f4n4}44444444444
595L5T5c5j5}55555555555
6#61676<6p6}66666666666
7"717;7E7K7b7p7v7{777777777
8-848J8P8X8a8p8y88888888
9!9*939B9S9Y9^99999999::@:I:R::::::
;!;/;>;M;Z;f;r;;;;;;;;;;
</<7<D<X<i<}<<<<<<<
=$=)=0=]=f=======
> >*>B>S>Y>r>y>>>>>
?#?)?/?<?H?V?b?t????
0@0J0b0s0000000
1'1.1;1S1]1d1i1x111
2!2j2}2222
3%323@3R3`3f3k33333333*404W4e4k4p44444444*50555
6c6v6|66666666
7*7R7c7i7n77777777
838M8W8h8o888888888
979@9N9_9f9{99999999%:2:=:G:L:e:v:::::::::
;E;X;_;l;;;;;;;;;;
<*<0<8<M<Z<_<q<<<<<<<<
= =(===J=q=v========@>I>W>h>o>>>>>>>>>>R?X?e?k?p?~????????????
0$0.0Z0m0|0000000000
1"1(121D1L1V1`1q1x11111111
2'222<2R2t2y2
2222222!3'3/3B3[33S44444444
5'535A5I5R5X5_5d5z55555555555555
6)616:6@6G6L6[6b6k6{666666666
7?7F7S7\7d7u7|7777777
8G8P8^8o8v88888888859B9M9W9\9u99999999999
:<:S:X:h::::::
;4;D;Y;i;;;;;;;
<(<-<8<=<H<M<X<]<h<m<x<}<<<<<<<
=5===N=U=j=p={=====
>&>->>>>>>>>>>
?2?F?L?Q?????????
0*0|000000000
14191?1D1I1
1111111
2+222e2v2222222222
3R3c3i3n333333333
4C4Q4W4\4444444444
5,5?5i5z5555555
6H6Y6l6{666666666
7-727B7R7^7r7}777777
8 8&8;8A8_8p8w8}88888
9+919W9b9l99999999
:S:]:e:v:}:::::::::;@;L;;;;;;;
<2<8<A<\<i<<<<
="=3=:=z======
>G>P>^>o>v>>>>>>>>>Y?f?t?|????????
0 0'090J0l0q00000000
1$1)1/14191k11111111
2N2V2`2x222222
3'383?3Z3`3r3333333
4!4(4:4K4j4r44444444444495>5M5\5r5555555/696A6R6Y6f6~666666666
7+7C7U7Z7`7e7j7777777
8$8)808]8r8888888
9)989B9L9d9u999999
: :&:;:A:_:p:w:}:::::
;";3;8;>;C;H;k;|;;;;;;;;
<*<0<8<M<Z<o<y<<<<<<
="=5=;=B=u=~==========
>2>C>I>N>>>>>>>>>>
?0?_?j?v??????
0/060K0Q0o0000000
1/1Q1\1f1|1111111
2 2.242B2I2R2[2x2
22222222
3(30393H3[3`3i3s3"43494>4y444444444
5%5,535s5}55555555"6>6[66666666
7x7777
8$828C8I8N88888888888B9r999999999
:::::::
; ;+;8;b;s;y;~;;;;;
<%<,<><O<X<d<t<<<<<<
= =&=;=A=_=p=w=}=====
> >A>L>V>l>>>>>>>>>
?-?2?8?=?B?r?????????
0/0@0G0M0S0j000000
1&1<1^1c1i1n1s11111
2 2G2L2T2_22222:3@3I3R3f33333333"434:4z444444444
525E5L5S5555555555B6^6{66666
7-7:77777777
8O8U8]8r888888)969D9L9U9^9{999999999":5:<:C:w::::::::::
;';?;P;i;;;;;;;;;
<D<b<s<y<~<<<<<<?=N=b=s=y=~===
>j>y>>>>>
?#?+?T?e?k?p??????
0<0A0P0e0{00000000
111D1b1s1z1111
2!22292F2^2i2r2y2222222
323<3F3P3a3h3z3333333
4 4%4*4g4~44444
6+626\6b6r66666
7K7k7r777777718W8]8c888809B9O9U9^9q9
99999#:V:d::::::
;F;b;h;~;;;;;;
<D<K<o<<<<
=E=L=p====A>P>>>>>
0 0%0.050>0F0i0u000000
1!1k1v1111111=222
3!3J3[3|333333
4?4E4{44444;5W5e55555*6b6s666666666
7H777:::
;M;`;o;;;
6'69666
789M::;;
0L0Z0h0v011c23
3)3?3U3k333333
434=4C44445V6p66
7^777777Q8888
979E9W9999::
;W;^;;;
<#<2<<==*>?>L>
M1T182?2L2S2Y2e2u222T3k3z33333
4 4/4;4K4P4444
595B5H5a5
55555%6;6_6n6666
99"::::;;;*<4<><H<R<\<f<p<<)====1>t>|>>>>>>>>>>>>>>>>
?"?(?0?7?|?????
1T11422
3(4}44Q5a5566v8a99/:: ;;;s==k>>>>
)0111111111111
2@2S2e2233<4D444^666
7;7V7n7t7
777777X8e8
:T::::
;/;5;B;K;T;Z;g;p;
>:>r>>>>>>>
S0Z0`0k0w0
00000000
111D1Y1111Z222
33*4j44444
66666&7d7/8\8u888
99::K;j;s;;;;$>>
1-2222L3Q3]3d334I6666j77777
8!81888d993:A:k::y;;;W<{<<<4=a====
>7>>>d>>>l??
0r00D1W1111
3,3u333333333333333
4H4%55557,99F::V;;[<|<<<
=B============
1122i3s3355f6666666
99O;;<<2=f===$>>>
I0'1:1T1e1194j4~444
5'5555u66B7Y7`77 848G888
9)9b99999999:::1;F;[;;;;0<E<<<
>->:>v>>>>>>>S?Z?`?k?w?
0*020F0q0w0
101611B2d223344559:F:T;a;b<<
122C2B3f37
88$9299B:c:/;;9<J>>
0#112-3555566666
7#7w7748-999#;J=
4:::::::::::
;P;c;u;;<<L=T===??????????
00s222222222233b5555555555v666;X<<9==>>>>>>>
S0d0m0~000000000000
1 1(161?1M1V1d1i33 4'464@4T4c4r4|44444444
4i445W6666#7&8585<==
%4N4]477
0(060B0M0
1>1h1111
2 2.2722222333333}45==x>>>>>>;?I?q?z????
1*161111122
35:e:::
;I;U;;;;;
<4<d<<|====
?j?t???
66H7V7d7r777
8@8I8x888J9999
:k:u:::l;;;;;
2%33333
4j4~44444$55<6F6Z6f666667*848B8K8>>5?C?Q?_????
0$0-0\0s00>1111
2|222233
4E:u::
; ;K;W;;;;;
<3<x<<====<>F>[>d>c?????
1E11111
3>33`4j4z4444
55I6S6a6j67
8888888O9c99999
::0;:;J;V;;;;;<
=#=1=:=>>]?k?y????
030R0\0000g1
2+272222233333u55
6+696H6v6666
7K7c77'88888O9Y9k9t9B::::: >
{11w33)5D5R556779H<=?
4181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|11111111111111111&202@2>>
6%666U7g7<<<<<<
=E=p===>??????????
033o5v5558888 949:9B9
;,;8;D;P;\;h;t;;;
======
5,5@5H5L5P5T5X5\5`5d5h5l5p5t5x5|555555555555555??????????????????????
0 0$0(0,0004080<0@0D0H0L0P0T000
12253s335
$Id: dbfopen.c,v 1.48 2003/03/10 14:51:27 warmerda Exp $
K;j;s;
8 2003/03/10 14:51:
0000000
00000EN1d1\
99O;;<<2=f===$>>
K;j;s;
8 2003/03/10 14:51:
0000000
00000EN1d1\
99O;;<<2=f===$>>
K;j;s;
<2=f=E
Y,&tqa
}YL@}A
8 2003/03/1
KPKPKPv
K;j;s;
K;j;s;
K;j;s;
;j;&ts
j;s2=f
;j;&ts
PK;,c/
DS69D'
pass.txt
Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}
OFFSHORE
w.qiwi.ru
phone3
DS69D'
pass.txt
Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}
OFFSHORE
w.qiwi.ru
phone3
DS69D'
pass.txt
Local\{EAF339BF-89ea-4fe1-9e
i�W�i�n�d�o�w�s� �E�x�p�l�o�r�e�r�
c�m�d�.�e�x�e�
� �<�P�r�i�n�c�i�p�a�l�s�>�
� � � �<�P�r�i�n�c�i�p�a�l� �i�d�=�"�L�o�c�a�l�S�y�s�t�e�m�"�>�
� � � � � �<�U�s�e�r�I�d�>�S�-�1�-�5�-�1�8�<�/�U�s�e�r�I�d�>�
� � � � � �<�R�u�n�L�e�v�e�l�>�H�i�g�h�e�s�t�A�v�a�i�l�a�b�l�e�<�/�R�u�n�L�e�v�e�l�>�
� � � �<�/�P�r�i�n�c�i�p�a�l�>�
� �<�/�P�r�i�n�c�i�p�a�l�s�>�
� �<�A�c�t�i�o�n�s� �C�o�n�t�e�x�t�=�"�L�o�c�a�l�S�y�s�t�e�m�"�>�
� � � �<�E�x�e�c�>�
� � � � � �<�C�o�m�m�a�n�d�>�%�s�<�/�C�o�m�m�a�n�d�>�
� � � �<�/�E�x�e�c�>�
� �<�/�A�c�t�i�o�n�s�>�
<�/�T�a�s�k�>�
<�!�-�-�0�0�-�-�>�
\�\�?�\�g�l�o�b�a�l�r�o�o�t�\�s�y�s�t�e�m�r�o�o�t�\�s�y�s�t�e�m�3�2�\�t�a�s�k�s�\�
t�a�s�k�%�d�
<�A�c�t�i�o�n�s� �
m�a�v�a�s�t�.�c�o�m�
k�a�s�p�e�r�s�k�y�
e�s�e�t�.�c�o�m�
a�n�t�i�v�i�r�
v�i�r�u�s�t�o�t�a�l�
v�i�r�u�s�i�n�f�o�
z�-�o�l�e�g�.�c�o�m�
k�l�t�e�s�t�.�o�r�g�.�r�u�
t�r�e�n�d�s�e�c�u�r�e�
a�n�t�i�-�m�a�l�w�a�r�e�
.�c�o�m�o�d�o�.�c�o�m�
g�o�o�g�l�e�.�c�o�m�
�#�+�3�;�C�S�c�s�
t�d�e�f�a�u�l�t�
�-�-�n�o�-�s�a�n�d�b�o�x�
s�e�r�v�e�r�k�e�y�.�d�a�t�
p�r�i�v�a�t�e�
p�u�b�l�i�c�
\�j�a�v�a�\�
\�w�i�n�d�o�w�s�\�
S�u�n�A�w�t�F�r�a�m�e�
S�u�n�A�w�t�D�i�a�l�o�g�
M�S� �S�a�n�s� �S�e�r�i�f�
i�W�i�n�d�o�w�s� �E�x�p�l�o�r�e�r�
c�m�d�.�e�x�e�
� �<�P�r�i�n�c�i�p�a�l�s�>�
� � � �<�P�r�i�n�c�i�p�a�l� �i�d�=�"�L�o�c�a�l�S�y�s�t�e�m�"�>�
� � � � � �<�U�s�e�r�I�d�>�S�-�1�-�5�-�1�8�<�/�U�s�e�r�I�d�>�
� � � � � �<�R�u�n�L�e�v�e�l�>�H�i�g�h�e�s�t�A�v�a�i�l�a�b�l�e�<�/�R�u�n�L�e�v�e�l�>�
� � � �<�/�P�r�i�n�c�i�p�a�l�>�
� �<�/�P�r�i�n�c�i�p�a�l�s�>�
� �<�A�c�t�i�o�n�s� �C�o�n�t�e�x�t�=�"�L�o�c�a�l�S�y�s�t�e�m�"�>�
� � � �<�E�x�e�c�>�
� � � � � �<�C�o�m�m�a�n�d�>�%�s�<�/�C�o�m�m�a�n�d�>�
� � � �<�/�E�x�e�c�>�
� �<�/�A�c�t�i�o�n�s�>�
<�/�T�a�s�k�>�
<�!�-�-�0�0�-�-�>�
\�\�?�\�g�l�o�b�a�l�r�o�o�t�\�s�y�s�t�e�m�r�o�o�t�\�s�y�s�t�e�m�3�2�\�t�a�s�k�s�\�
t�a�s�k�%�d�
<�A�c�t�i�o�n�s� �
m�a�v�a�s�t�.�c�o�m�
k�a�s�p�e�r�s�k�y�
e�s�e�t�.�c�o�m�
a�n�t�i�v�i�r�
v�i�r�u�s�t�o�t�a�l�
v�i�r�u�s�i�n�f�o�
z�-�o�l�e�g�.�c�o�m�
k�l�t�e�s�t�.�o�r�g�.�r�u�
t�r�e�n�d�s�e�c�u�r�e�
a�n�t�i�-�m�a�l�w�a�r�e�
.�c�o�m�o�d�o�.�c�o�m�
g�o�o�g�l�e�.�c�o�m�
�#�+�3�;�C�S�c�s�
t�d�e�f�a�u�l�t�
�-�-�n�o�-�s�a�n�d�b�o�x�
s�e�r�v�e�r�k�e�y�.�d�a�t�
p�r�i�v�a�t�e�
p�u�b�l�i�c�
\�j�a�v�a�\�
\�w�i�n�d�o�w�s�\�
S�u�n�A�w�t�F�r�a�m�e�
S�u�n�A�w�t�D�i�a�l�o�g�
M�S� �S�a�n�s� �S�e�r�i�f�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.