Skip to main content

Gen.Variant.Zusy.Elzob.2099_e1af816d11


Trojan.Win32.Bublik.lkn (Kaspersky), Gen:Variant.Zusy.Elzob.2099 (B) (Emsisoft), Gen:Variant.Zusy.Elzob.2099 (AdAware), Trojan.Win32.IEDummy.FD, GenericInjector.YR, GenericIRCBot.YR, GenericDownloader.YR (Lavasoft MAS)Behaviour: Trojan, IRCBot

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: e1af816d11a87e5c0e32018c6d988cae

SHA1: f728c802dca84bb0789c75e67cd4995b18412142

SHA256: 4f7cbe24bd9be53113832a1d5750ffc646eebabc211b43695593e413aff9d824

SSDeep: 3072:AKnE/XpRhMk9mYyKm7b5fhcF0zBEs5pJ5LRmSTOzhkFE8en92yZum5yqYia0DsG:KHN9mv91hTqQDTOzgs2y35yqYPI

Size: 190464 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: no certificate found

Created at: 1992-06-20 01:22:17

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

Behaviour Description
IRCBotA bot can communicate with command and control servers via IRC channel.


Process activity

The Trojan creates the following process(es):

server.exe:348
%original file name%.exe:1156

The Trojan injects its code into the following process(es):

iexplore.exe:1032

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process server.exe:348 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Start Menu\Programs\Startup\Server (673 bytes)

The process %original file name%.exe:1156 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\server.exe (673 bytes)

Registry activity

The process server.exe:348 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 39 A9 EA 46 D0 F8 B3 08 85 1B 74 B4 FD 92 F8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A66OVDU3-6XL3-5IDE-8D68-Y803Q22O36T6}]
"StubPath" = "%Documents and Settings%\%current user%\Application Data\server.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Server" = "%Documents and Settings%\%current user%\Application Data\server.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Server" = "%Documents and Settings%\%current user%\Application Data\server.exe"

The process %original file name%.exe:1156 makes changes in the system registry.


The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C D7 2F 6F FB 1E 43 74 A1 F7 B9 81 96 DA F1 52"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data]
"server.exe" = "server"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.

Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    server.exe:348
    %original file name%.exe:1156

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Start Menu\Programs\Startup\Server (673 bytes)
    %Documents and Settings%\%current user%\Application Data\server.exe (673 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Server" = "%Documents and Settings%\%current user%\Application Data\server.exe"

  5. Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

No information is available.

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
CODE409627160276484.448843d579b9fb030525e8d1f4546c6b2ab97
DATA327681885121.023382cd3d11834ebdb276d199e9f59ed983e
BSS36864421700d41d8cd98f00b204e9800998ecf8427e
.idata45056235225603.028933b59f6cec5952304ca6adfa9054e3a6f
.tls49152800d41d8cd98f00b204e9800998ecf8427e
.rdata53248245120.141747f19c8e4e4884244b15fc4c0763e074a
.reloc57344139615364.366518cd3556bbefcf06293d1e6e630022af1
.rsrc614401561761566725.53112b51b3b7689eed5483df72c67c45fbdbd

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:


Total found: 2
8441efe72c4783cfdc4c68b107f95d1e
545d90e65f985fc4a96e8946532915e8

Network Activity

URLs

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

iexplore.exe_1032:

%?9-*09,*19}*09

%?9-*09,*19}*09

.text

.text

`.data

`.data

.rsrc

.rsrc

msvcrt.dll

msvcrt.dll

KERNEL32.dll

KERNEL32.dll

NTDLL.DLL

NTDLL.DLL

USER32.dll

USER32.dll

SHLWAPI.dll

SHLWAPI.dll

SHDOCVW.dll

SHDOCVW.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess

IE-X-X

IE-X-X

rsabase.dll

rsabase.dll

System\CurrentControlSet\Control\Windows

System\CurrentControlSet\Control\Windows

dw15 -x -s %u

dw15 -x -s %u

watson.microsoft.com

watson.microsoft.com

IEWatsonURL

IEWatsonURL

%s -h %u

%s -h %u

iedw.exe

iedw.exe

Iexplore.XPExceptionFilter

Iexplore.XPExceptionFilter

jscript.DLL

jscript.DLL

mshtml.dll

mshtml.dll

mlang.dll

mlang.dll

urlmon.dll

urlmon.dll

wininet.dll

wininet.dll

shdocvw.DLL

shdocvw.DLL

browseui.DLL

browseui.DLL

comctl32.DLL

comctl32.DLL

IEXPLORE.EXE

IEXPLORE.EXE

iexplore.pdb

iexplore.pdb

ADVAPI32.dll

ADVAPI32.dll

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

IExplorer.EXE

IExplorer.EXE

IIIIIB(II<.fg>

IIIIIB(II<.fg>

7?_____ZZSSH%

7?_____ZZSSH%

)z.UUUUUUUU

)z.UUUUUUUU

,....Qym

,....Qym

````2```

````2```

{.QLQIIIKGKGKGKGKGKG

{.QLQIIIKGKGKGKGKGKG

;33;33;0

;33;33;0

8888880

8888880

8887080

8887080

browseui.dll

browseui.dll

shdocvw.dll

shdocvw.dll

6.00.2900.5512 (xpsp.080413-2105)

6.00.2900.5512 (xpsp.080413-2105)

Windows

Windows

Operating System

Operating System

6.00.2900.5512

6.00.2900.5512

iexplore.exe_1032_rwx_00150000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00290000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_002D0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00310000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00350000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00390000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00C50000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00C90000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00CD0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00D10000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00D50000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00D90000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00DD0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00E10000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00E50000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00E90000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00ED0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00F10000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00F50000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00F90000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_00FD0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01010000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01050000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01090000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_010D0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01110000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01150000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01190000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_011D0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01210000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01250000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01290000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_012D0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01310000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01350000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01390000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_013D0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01400000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_01530000_00001000:

GetKeyboardType

GetKeyboardType

iexplore.exe_1032_rwx_01540000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_01580000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_015C0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_015F0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01730000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01760000_00001000:

RegOpenKeyExA

RegOpenKeyExA

iexplore.exe_1032_rwx_01770000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_017A0000_00001000:

RegCloseKey

RegCloseKey

iexplore.exe_1032_rwx_017B0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_017E0000_00001000:

oleaut32.dll

oleaut32.dll

iexplore.exe_1032_rwx_01920000_00001000:

oleaut32.dll

oleaut32.dll

iexplore.exe_1032_rwx_01960000_00001000:

oleaut32.dll

oleaut32.dll

iexplore.exe_1032_rwx_019A0000_00001000:

oleaut32.dll

oleaut32.dll

iexplore.exe_1032_rwx_019D0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01B10000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01B50000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01B90000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01BD0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01C10000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01C50000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_01C80000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01DC0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01E00000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01E30000_00001000:

RegQueryInfoKeyA

RegQueryInfoKeyA

iexplore.exe_1032_rwx_01E40000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01E70000_00001000:

RegOpenKeyExA

RegOpenKeyExA

iexplore.exe_1032_rwx_01E80000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01EB0000_00001000:

RegFlushKey

RegFlushKey

iexplore.exe_1032_rwx_01EC0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01F00000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01F30000_00001000:

RegEnumKeyExA

RegEnumKeyExA

iexplore.exe_1032_rwx_01F40000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01F80000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01FB0000_00001000:

RegDeleteKeyA

RegDeleteKeyA

iexplore.exe_1032_rwx_01FC0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_01FF0000_00001000:

RegCreateKeyExA

RegCreateKeyExA

iexplore.exe_1032_rwx_02000000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_02030000_00001000:

RegCreateKeyA

RegCreateKeyA

iexplore.exe_1032_rwx_02040000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_02070000_00001000:

RegCloseKey

RegCloseKey

iexplore.exe_1032_rwx_02080000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_020C0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_02100000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_02140000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_02180000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_021C0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_02200000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_02240000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_02280000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_022C0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_02300000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_02340000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_02370000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_024B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_024F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02530000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02560000_00001000:

WinExec

WinExec

iexplore.exe_1032_rwx_02570000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_025B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_025F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02630000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02670000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_026B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_026F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02730000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02770000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_027B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_027F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02830000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02870000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_028B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_028F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02930000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02970000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_029B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_029F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02A30000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02A70000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02AB0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02AF0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02B30000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02B70000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02BA0000_00001000:

PeekNamedPipe

PeekNamedPipe

iexplore.exe_1032_rwx_02BB0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02BF0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02C30000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02C70000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02CB0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02CF0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02D30000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02D70000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02DB0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02DF0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02E30000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02E70000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02EB0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02EF0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02F30000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02F70000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02FB0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_02FF0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03030000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03070000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_030B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_030F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03130000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03170000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_031B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_031F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03230000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03270000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_032B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_032F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03330000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03370000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_033B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_033F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03430000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03470000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_034B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_034F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03530000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03570000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_035B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_035F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03630000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03670000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_036B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_036F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03730000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03770000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_037B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_037F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03830000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03870000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_038B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_038F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03930000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03970000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_039B0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_039F0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03A30000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03A70000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03AB0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03AF0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03B20000_00001000:

CreatePipe

CreatePipe

iexplore.exe_1032_rwx_03B30000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03B70000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03BB0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03BF0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03C30000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03C70000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03CB0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03CF0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_03D20000_00001000:

mpr.dll

mpr.dll

iexplore.exe_1032_rwx_03E60000_00001000:

mpr.dll

mpr.dll

iexplore.exe_1032_rwx_03EA0000_00001000:

mpr.dll

mpr.dll

iexplore.exe_1032_rwx_03EE0000_00001000:

mpr.dll

mpr.dll

iexplore.exe_1032_rwx_03F20000_00001000:

mpr.dll

mpr.dll

iexplore.exe_1032_rwx_03F50000_00001000:

version.dll

version.dll

iexplore.exe_1032_rwx_04090000_00001000:

version.dll

version.dll

iexplore.exe_1032_rwx_040D0000_00001000:

version.dll

version.dll

iexplore.exe_1032_rwx_04110000_00001000:

version.dll

version.dll

iexplore.exe_1032_rwx_04140000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04280000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_042C0000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04300000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04340000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04380000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_043C0000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04400000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04440000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04480000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_044C0000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04500000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04540000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04580000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_045C0000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04600000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04640000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04680000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_046C0000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04700000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04740000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04780000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_047C0000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04800000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04840000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_04880000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_048C0000_00001000:

gdi32.dll

gdi32.dll

iexplore.exe_1032_rwx_048F0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04A30000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04A70000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04AB0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04AE0000_00001000:

keybd_event

keybd_event

iexplore.exe_1032_rwx_04AF0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04B20000_00001000:

VkKeyScanA

VkKeyScanA

iexplore.exe_1032_rwx_04B30000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04B70000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04BB0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04BF0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04C30000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04C70000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04CB0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04CF0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04D30000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04D70000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04DB0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04DE0000_00001000:

SetKeyboardState

SetKeyboardState

iexplore.exe_1032_rwx_04DF0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04E30000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04E70000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04EB0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04EF0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04F30000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04F70000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04FB0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_04FF0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05030000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05070000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_050B0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_050F0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05130000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05160000_00001000:

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

iexplore.exe_1032_rwx_05170000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_051B0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_051E0000_00001000:

MapVirtualKeyExA

MapVirtualKeyExA

iexplore.exe_1032_rwx_051F0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05220000_00001000:

MapVirtualKeyA

MapVirtualKeyA

iexplore.exe_1032_rwx_05230000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05270000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_052B0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_052F0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05330000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05370000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_053B0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_053F0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05430000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05470000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_054B0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_054F0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05520000_00001000:

GetKeyboardState

GetKeyboardState

iexplore.exe_1032_rwx_05530000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05560000_00001000:

GetKeyboardLayout

GetKeyboardLayout

iexplore.exe_1032_rwx_05570000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_055A0000_00001000:

GetKeyState

GetKeyState

iexplore.exe_1032_rwx_055B0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_055F0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05630000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05670000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_056B0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_056F0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05730000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05770000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_057A0000_00001000:

GetAsyncKeyState

GetAsyncKeyState

iexplore.exe_1032_rwx_057B0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_057F0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05820000_00001000:

ExitWindowsEx

ExitWindowsEx

iexplore.exe_1032_rwx_05830000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05860000_00001000:

EnumWindows

EnumWindows

iexplore.exe_1032_rwx_05870000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_058B0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_058F0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05930000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05970000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_059B0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_059F0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05A30000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05A70000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05AB0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05AF0000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05B30000_00001000:

user32.dll

user32.dll

iexplore.exe_1032_rwx_05B60000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05CA0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05CE0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05D20000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05D60000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05DA0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05DE0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05E20000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05E50000_00001000:

getservbyport

getservbyport

iexplore.exe_1032_rwx_05E60000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05EA0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05EE0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05F20000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05F60000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05FA0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_05FE0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_06020000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_06060000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_060A0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_060E0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_06120000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_06160000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_061A0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_061E0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_06220000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_06260000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_062A0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_062E0000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_06320000_00001000:

wsock32.dll

wsock32.dll

iexplore.exe_1032_rwx_06350000_00001000:

shell32.dll

shell32.dll

iexplore.exe_1032_rwx_06480000_00001000:

ShellExecuteA

ShellExecuteA

iexplore.exe_1032_rwx_06490000_00001000:

shell32.dll

shell32.dll

iexplore.exe_1032_rwx_064D0000_00001000:

shell32.dll

shell32.dll

iexplore.exe_1032_rwx_06500000_00001000:

SHFileOperationA

SHFileOperationA

iexplore.exe_1032_rwx_06510000_00001000:

shell32.dll

shell32.dll

iexplore.exe_1032_rwx_06550000_00001000:

shell32.dll

shell32.dll

iexplore.exe_1032_rwx_06580000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_065D0000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06610000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06640000_00001000:

InternetOpenUrlA

InternetOpenUrlA

iexplore.exe_1032_rwx_06650000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_067A0000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_067E0000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06820000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06850000_00001000:

HttpSendRequestA

HttpSendRequestA

iexplore.exe_1032_rwx_06860000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06890000_00001000:

HttpQueryInfoA

HttpQueryInfoA

iexplore.exe_1032_rwx_068A0000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_068D0000_00001000:

HttpOpenRequestA

HttpOpenRequestA

iexplore.exe_1032_rwx_068E0000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06910000_00001000:

HttpAddRequestHeadersA

HttpAddRequestHeadersA

iexplore.exe_1032_rwx_06920000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06950000_00001000:

FtpSetCurrentDirectoryA

FtpSetCurrentDirectoryA

iexplore.exe_1032_rwx_06960000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06990000_00001000:

FtpPutFileA

FtpPutFileA

iexplore.exe_1032_rwx_069A0000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_069D0000_00001000:

FtpOpenFileA

FtpOpenFileA

iexplore.exe_1032_rwx_069E0000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06A10000_00001000:

FtpFindFirstFileA

FtpFindFirstFileA

iexplore.exe_1032_rwx_06A20000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06A50000_00001000:

FindCloseUrlCache

FindCloseUrlCache

iexplore.exe_1032_rwx_06A60000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06A90000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_06BD0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_06C00000_00001000:

shell32.dll

shell32.dll

iexplore.exe_1032_rwx_06D40000_00001000:

shell32.dll

shell32.dll

iexplore.exe_1032_rwx_06D80000_00001000:

shell32.dll

shell32.dll

iexplore.exe_1032_rwx_06DB0000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06EF0000_00001000:

FindNextUrlCacheEntryA

FindNextUrlCacheEntryA

iexplore.exe_1032_rwx_06F00000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06F30000_00001000:

FindFirstUrlCacheEntryA

FindFirstUrlCacheEntryA

iexplore.exe_1032_rwx_06F40000_00001000:

wininet.dll

wininet.dll

iexplore.exe_1032_rwx_06F70000_00001000:

Crypt32.dll

Crypt32.dll

iexplore.exe_1032_rwx_070B0000_00001000:

Crypt32.dll

Crypt32.dll

iexplore.exe_1032_rwx_070E0000_00001000:

crypt32.dll

crypt32.dll

iexplore.exe_1032_rwx_07220000_00001000:

crypt32.dll

crypt32.dll

iexplore.exe_1032_rwx_07250000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_07390000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_073D0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_07410000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_07450000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_07490000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_074D0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_07500000_00001000:

URLMON.DLL

URLMON.DLL

iexplore.exe_1032_rwx_07630000_00001000:

URLDownloadToFileA

URLDownloadToFileA

iexplore.exe_1032_rwx_07640000_00001000:

URLMON.DLL

URLMON.DLL

iexplore.exe_1032_rwx_07670000_00001000:

ntdll.dll

ntdll.dll

iexplore.exe_1032_rwx_076B0000_00001000:

ntdll.dll

ntdll.dll

iexplore.exe_1032_rwx_076E0000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_07720000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_07760000_00001000:

kernel32.dll

kernel32.dll

iexplore.exe_1032_rwx_077A0000_00001000:

ntdll.dll

ntdll.dll

iexplore.exe_1032_rwx_077E0000_00001000:

ntdll.dll

ntdll.dll

iexplore.exe_1032_rwx_07B30000_00001000:

ntdll.dll

ntdll.dll

iexplore.exe_1032_rwx_07B60000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_07CA0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_07CD0000_00001000:

netapi32.dll

netapi32.dll

iexplore.exe_1032_rwx_07E10000_00001000:

netapi32.dll

netapi32.dll

iexplore.exe_1032_rwx_07E50000_00001000:

netapi32.dll

netapi32.dll

iexplore.exe_1032_rwx_07E80000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_07FC0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_08000000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_08040000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_08080000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_080C0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_08100000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_08140000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_08180000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_081C0000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_08200000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_08240000_00001000:

advapi32.dll

advapi32.dll

iexplore.exe_1032_rwx_08270000_00001000:

iphlpapi.dll

iphlpapi.dll

iexplore.exe_1032_rwx_083B0000_00001000:

iphlpapi.dll

iphlpapi.dll

iexplore.exe_1032_rwx_083E0000_00001000:

winmm.dll

winmm.dll

iexplore.exe_1032_rwx_08420000_00001000:

winmm.dll

winmm.dll

iexplore.exe_1032_rwx_08460000_00001000:

winmm.dll

winmm.dll

iexplore.exe_1032_rwx_084A0000_00001000:

winmm.dll

winmm.dll

iexplore.exe_1032_rwx_085F0000_00001000:

winmm.dll

winmm.dll

iexplore.exe_1032_rwx_08630000_00001000:

winmm.dll

winmm.dll

iexplore.exe_1032_rwx_08670000_00001000:

winmm.dll

winmm.dll

iexplore.exe_1032_rwx_086B0000_00001000:

winmm.dll

winmm.dll

iexplore.exe_1032_rwx_086E0000_00001000:

msacm32.dll

msacm32.dll

iexplore.exe_1032_rwx_08820000_00001000:

msacm32.dll

msacm32.dll

iexplore.exe_1032_rwx_08860000_00001000:

msacm32.dll

msacm32.dll

iexplore.exe_1032_rwx_088A0000_00001000:

msacm32.dll

msacm32.dll

iexplore.exe_1032_rwx_088E0000_00001000:

msacm32.dll

msacm32.dll

iexplore.exe_1032_rwx_08920000_00001000:

msacm32.dll

msacm32.dll

iexplore.exe_1032_rwx_08960000_00001000:

msacm32.dll

msacm32.dll

iexplore.exe_1032_rwx_089A0000_00001000:

msacm32.dll

msacm32.dll

iexplore.exe_1032_rwx_10410000_0005C000:

.idata

.idata

.reloc

.reloc

P.rsrc

P.rsrc

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_USERS

kernel32.dll

kernel32.dll

Port

Port

|Key|-|

|Key|-|

STATUSMSG|6

STATUSMSG|6

STATUSMSG|7

STATUSMSG|7

$000000.tmp

$000000.tmp

avesvc.exe

avesvc.exe

ashdisp.exe

ashdisp.exe

avgrsx.exe

avgrsx.exe

bdss.exe

bdss.exe

spider.exe

spider.exe

avp.exe

avp.exe

nod32krn.exe

nod32krn.exe

cclaw.exe

cclaw.exe

dvpapi.exe

dvpapi.exe

ewidoctrl.exe

ewidoctrl.exe

mcshield.exe

mcshield.exe

pavfires.exe

pavfires.exe

almon.exe

almon.exe

ccapp.exe

ccapp.exe

pccntmon.exe

pccntmon.exe

fssm32.exe

fssm32.exe

Dr.Web

Dr.Web

issvc.exe

issvc.exe

vsmon.exe

vsmon.exe

cpf.exe

cpf.exe

ca.exe

ca.exe

tnbutil.exe

tnbutil.exe

mpfservice.exe

mpfservice.exe

npfmsg.exe

npfmsg.exe

outpost.exe

outpost.exe

tpsrv.exe

tpsrv.exe

kpf4ss.exe

kpf4ss.exe

persfw.exe

persfw.exe

vsserv.exe

vsserv.exe

smc.exe

smc.exe

op_mon.exe

op_mon.exe

Windows NT 4.0

Windows NT 4.0

Windows 2000

Windows 2000

Windows XP

Windows XP

Windows Server 2003

Windows Server 2003

Windows Vista

Windows Vista

Windows Seven

Windows Seven

Windows 95

Windows 95

Windows 98

Windows 98

Windows Me

Windows Me

rpcrt4.dll

rpcrt4.dll

Software\Classes\http\shell\open\command\

Software\Classes\http\shell\open\command\

http\shell\open\command\

http\shell\open\command\

https\shell\open\command\

https\shell\open\command\

PSAPI.dll

PSAPI.dll

\\StringFileInfo\\%.4x%.4x\\%s

\\StringFileInfo\\%.4x%.4x\\%s

ntdll.dll

ntdll.dll

BCASTSEARCHWINDOWS

BCASTSEARCHWINDOWS

Delete TCP

Delete TCP

iphlpapi.dll

iphlpapi.dll

GetTcpTable

GetTcpTable

SetTcpEntry

SetTcpEntry

GetExtendedTcpTable

GetExtendedTcpTable

GetExtendedUdpTable

GetExtendedUdpTable

*:*|UDP|-|

*:*|UDP|-|

ACTIVEPORTS|

ACTIVEPORTS|

MSG|Error Listing Active Ports

MSG|Error Listing Active Ports

HTTP/1.1 200 OK

HTTP/1.1 200 OK

Server: Apache/2.2.3 (CentOS)

Server: Apache/2.2.3 (CentOS)

ShellExecuteA

ShellExecuteA

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Run

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Explorer.exe

Explorer.exe

userinit.exe,

userinit.exe,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

Software\Microsoft\Windows\CurrentVersion\WindowsName

Software\Microsoft\Windows\CurrentVersion\WindowsName

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion

Software\Microsoft\Windows\CurrentVersion\WindowsName\

Software\Microsoft\Windows\CurrentVersion\WindowsName\

hXXp://

hXXp://

%sysdir%\

%sysdir%\

%serverpath%\

%serverpath%\

%sysdir%

%sysdir%

%serverexe%

%serverexe%

%serverpath%

%serverpath%

CDKEYS|

CDKEYS|

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

127.0.0.1 localhost #Redirects^To^Local^IP

127.0.0.1 localhost #Redirects^To^Local^IP

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\

STATUSMSG|19

STATUSMSG|19

UnitPasswords

UnitPasswords

advapi32.dll

advapi32.dll

WindowsLive:name=*

WindowsLive:name=*

** Password Unknown **

** Password Unknown **

Password

Password

sqlite3.dll

sqlite3.dll

sqlite3_open

sqlite3_open

sqlite3_close

sqlite3_close

sqlite3_prepare

sqlite3_prepare

sqlite3_step

sqlite3_step

sqlite3_finalize

sqlite3_finalize

sqlite3_column_bytes

sqlite3_column_bytes

sqlite3_column_blob

sqlite3_column_blob

sqlite3_column_text

sqlite3_column_text

SELECT * FROM moz_logins

SELECT * FROM moz_logins

hXXps://login.facebook.com

hXXps://login.facebook.com

hXXp://VVV.facebook.com

hXXp://VVV.facebook.com

hXXp://sv.facebook.com

hXXp://sv.facebook.com

*pass

*pass

mozcrt19.dll

mozcrt19.dll

nspr4.dll

nspr4.dll

plc4.dll

plc4.dll

plds4.dll

plds4.dll

nssutil3.dll

nssutil3.dll

softokn3.dll

softokn3.dll

nss3.dll

nss3.dll

PK11_GetInternalKeySlot

PK11_GetInternalKeySlot

Mozilla\Firefox\profiles.ini

Mozilla\Firefox\profiles.ini

Mozilla\Firefox\

Mozilla\Firefox\

signons.sqlite

signons.sqlite

MSG|Failed To Get Firefox Passwords

MSG|Failed To Get Firefox Passwords

MSG|Mozilla Firefox not Found !

MSG|Mozilla Firefox not Found !

SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command\

SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command\

firefox.exe

firefox.exe

BCAST|FIREFOX|

BCAST|FIREFOX|

FIREFOXPASSWORDS|

FIREFOXPASSWORDS|

-|-|-|-|

-|-|-|-|

password

password

aim.ini

aim.ini

yahoo.ini

yahoo.ini

msn.ini

msn.ini

Trillian.SkinZip\DefaultIcon

Trillian.SkinZip\DefaultIcon

LoginName

LoginName

\*.dat

\*.dat

\.purple\accounts.xml

\.purple\accounts.xml

\.gaim\accounts.xml

\.gaim\accounts.xml

** Password Unknown **|

** Password Unknown **|

[t]Password-Protected Web Site

[t]Password-Protected Web Site

BCAST|INTERNETEXPLORERPASSWORDS|

BCAST|INTERNETEXPLORERPASSWORDS|

INTERNETEXPLORERPASSWORDS|

INTERNETEXPLORERPASSWORDS|

\FileZilla\recentservers.xml

\FileZilla\recentservers.xml

PTF://

PTF://

DynDNS\Updater\config.dyndns

DynDNS\Updater\config.dyndns

Software\DownloadManager\Passwords

Software\DownloadManager\Passwords

Software\DownloadManager\Passwords\

Software\DownloadManager\Passwords\

EncPassword

EncPassword

Software\IMVU\password

Software\IMVU\password

Google\Chrome\User Data\Default\Web Data

Google\Chrome\User Data\Default\Web Data

MSG|Google Chrome not Found !

MSG|Google Chrome not Found !

SQLite3.dll

SQLite3.dll

SQLITENOTFOUND|

SQLITENOTFOUND|

SELECT * FROM logins

SELECT * FROM logins

BCAST|CHROMEPASSWORDS|

BCAST|CHROMEPASSWORDS|

CHROMEPASSWORDS|

CHROMEPASSWORDS|

@default.talk.google.com

@default.talk.google.com

TWebDownloader

TWebDownloader

TFTPUploader

TFTPUploader

TFTPDownloader

TFTPDownloader

GetUrlSize

GetUrlSize

UnitWebTransfers

UnitWebTransfers

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

t*hT%C

t*hT%C

(hT%C

(hT%C

u\hT%C

u\hT%C

2hT%C

2hT%C

DOWNSTARTED|HTTP Download|

DOWNSTARTED|HTTP Download|

|Download Complete, Executed|

|Download Complete, Executed|

|Download Complete, Error Executing !|

|Download Complete, Error Executing !|

DOWNSTARTED|FTP Download|

DOWNSTARTED|FTP Download|

|Download Complete, Error Executing|

|Download Complete, Error Executing|

UPSTARTED|FTP Upload|

UPSTARTED|FTP Upload|

|Error !, Unable To Connect To FTP Server|

|Error !, Unable To Connect To FTP Server|

SetupApi.dll

SetupApi.dll

cfgmgr32.dll

cfgmgr32.dll

ole32.dll

ole32.dll

SetupDiOpenClassRegKey

SetupDiOpenClassRegKey

MSG|Device Enabled

MSG|Device Enabled

MSG|Error Enabling Device

MSG|Error Enabling Device

MSG|Device Disabled

MSG|Device Disabled

MSG|Error Disabling Device

MSG|Error Disabling Device

TMemoryExecute

TMemoryExecute

|File Executed In Memory, PID :

|File Executed In Memory, PID :

|Error Executing File In Memory|

|Error Executing File In Memory|

UnitMemoryExecute

UnitMemoryExecute

|Error, Can't Execute File|

|Error, Can't Execute File|

PowrProf.dll

PowrProf.dll

user32.dll

user32.dll

MSG|Error Listing Services !

MSG|Error Listing Services !

00-00-00-00-00-00

00-00-00-00-00-00

IP : %s, SubNetMask : %s

IP : %s, SubNetMask : %s

%copiedfile%

%copiedfile%

STATUSMSG|13

STATUSMSG|13

Autorun.inf

Autorun.inf

MSG|Can't Find File To Copy To USB !

MSG|Can't Find File To Copy To USB !

Software\Microsoft\Windows\CurrentVersion\Policies\System

Software\Microsoft\Windows\CurrentVersion\Policies\System

Software\Policies\Microsoft\Windows\System

Software\Policies\Microsoft\Windows\System

DisableCMD

DisableCMD

Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

[Backspace]

[Backspace]

[Tab]

[Tab]

[Enter]

[Enter]

[Ctrl]

[Ctrl]

[Alt]

[Alt]

[Esc]

[Esc]

[Page Up]

[Page Up]

[Page Down]

[Page Down]

[End]

[End]

[Home]

[Home]

[Left]

[Left]

[Up]

[Up]

[Right]

[Right]

[Down]

[Down]

[Print Screen]

[Print Screen]

[Insert]

[Insert]

[Del]

[Del]

[Num Lock]

[Num Lock]

[Scroll Lock]

[Scroll Lock]

SingleKey|

SingleKey|

MSG|Error Updating Server !

MSG|Error Updating Server !

MSG|Updating Server...

MSG|Updating Server...

MSG|Server Downloaded, Executing...

MSG|Server Downloaded, Executing...

MSG|Server Uploaded, Executing...

MSG|Server Uploaded, Executing...

MSG|Server Updated Successfully

MSG|Server Updated Successfully

MSG|Server Update Failed, Error Executing

MSG|Server Update Failed, Error Executing

MSG|Server Update Failed !

MSG|Server Update Failed !

SENDSQLITEDLL

SENDSQLITEDLL

UnitWindowsProductKeys

UnitWindowsProductKeys

\SOFTWARE\Microsoft\Windows NT\CurrentVersion

\SOFTWARE\Microsoft\Windows NT\CurrentVersion

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

avicap32.dll

avicap32.dll

UhE%D

UhE%D

msnmsgr.exe

msnmsgr.exe

_com.codexterity.fastsharemem.dataclass

_com.codexterity.fastsharemem.dataclass

Plugins\*.server.dll

Plugins\*.server.dll

10.0.0.3

10.0.0.3

mypassword

mypassword

login

login

JOIN

JOIN

NICK

NICK

PRIVMSG

PRIVMSG

The website have been opened.

The website have been opened.

File Downloaded & Executed!

File Downloaded & Executed!

Uh.jD

Uh.jD

%Username%

%Username%

%Country%

%Country%

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WindowsName\Tag

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WindowsName\Tag

127.0.0.1:3340,

127.0.0.1:3340,

%AppData%\ntsokrn.dat

%AppData%\ntsokrn.dat

/Invailed Path Supplied Caused Keylogger to Stop

/Invailed Path Supplied Caused Keylogger to Stop

explorer.exe

explorer.exe

MSG|Remote Desktop Started

MSG|Remote Desktop Started

MSG|Error Connecting Remote Desktop !

MSG|Error Connecting Remote Desktop !

KeyDown

KeyDown

KeyUp

KeyUp

WEBCAM

WEBCAM

LISTWEBCAMS|

LISTWEBCAMS|

STATUSMSG|4

STATUSMSG|4

STATUSMSG|2

STATUSMSG|2

STATUSMSG|3

STATUSMSG|3

STATUSMSG|5

STATUSMSG|5

WEBCAMCAP

WEBCAMCAP

STATUSMSG|1

STATUSMSG|1

MSG|Audio Stream Started

MSG|Audio Stream Started

MSG|Error Starting Audio Stream !

MSG|Error Starting Audio Stream !

MSG|Audio Stream Stopped

MSG|Audio Stream Stopped

MSG|Error Stopping Audio Stream !

MSG|Error Stopping Audio Stream !

cmd.exe /k

cmd.exe /k

OPERAPASSWORDS

OPERAPASSWORDS

Opera\Opera\wand.dat

Opera\Opera\wand.dat

BCAST|OPERAPASSWORDS|

BCAST|OPERAPASSWORDS|

IMVUPASSWORDS

IMVUPASSWORDS

BCAST|IMVUPASSWORDS|

BCAST|IMVUPASSWORDS|

PALTALKPASSWORDS

PALTALKPASSWORDS

BCAST|PALTALKPASSWORDS|

BCAST|PALTALKPASSWORDS|

FILEZILLAPASSWORDS

FILEZILLAPASSWORDS

BCAST|FILEZILLAPASSWORDS|

BCAST|FILEZILLAPASSWORDS|

IDMLOGINS

IDMLOGINS

BCAST|IDMLOGINS|

BCAST|IDMLOGINS|

FIREFOX

FIREFOX

MSPRODKEYS

MSPRODKEYS

BCAST|MSPRODKEYS|

BCAST|MSPRODKEYS|

INTERNETEXPLORERPASSWORDS

INTERNETEXPLORERPASSWORDS

CHROMEPASSWORDS

CHROMEPASSWORDS

MIRANDAPASSWORDS

MIRANDAPASSWORDS

BCAST|MIRANDAPASSWORDS|

BCAST|MIRANDAPASSWORDS|

TRILLIANPASSWORDS

TRILLIANPASSWORDS

BCAST|TRILLIANPASSWORDS|

BCAST|TRILLIANPASSWORDS|

PIDGINPASSWORDS

PIDGINPASSWORDS

BCAST|PIDGINPASSWORDS|

BCAST|PIDGINPASSWORDS|

GAIMPASSWORDS

GAIMPASSWORDS

BCAST|GAIMPASSWORDS|

BCAST|GAIMPASSWORDS|

MSG|WLM Sniffer Started

MSG|WLM Sniffer Started

MSG|Error Starting WLM Sniffer !

MSG|Error Starting WLM Sniffer !

MSG|WLM Sniffer Stopped

MSG|WLM Sniffer Stopped

MSG|Error Stopping WLM Sniffer !

MSG|Error Stopping WLM Sniffer !

MSG|Chat Window Closed

MSG|Chat Window Closed

MSG|Error Closing Chat Window !

MSG|Error Closing Chat Window !

MSG|Handle "

MSG|Handle "

MSG|Error Closing Handle "

MSG|Error Closing Handle "

STATUSMSG|11

STATUSMSG|11

STATUSMSG|12

STATUSMSG|12

SEARCHWINDOWS

SEARCHWINDOWS

MSG|Process

MSG|Process

MSG|Error Setting Process Priority

MSG|Error Setting Process Priority

MSG|DLL Unloaded

MSG|DLL Unloaded

MSG|Error Unloading DLL

MSG|Error Unloading DLL

MSG|Process(es) Terminated - PId :

MSG|Process(es) Terminated - PId :

MSG|Error Terminating Process(es) !

MSG|Error Terminating Process(es) !

MSG|Process(es) Restarted - PId :

MSG|Process(es) Restarted - PId :

MSG|Error Restarting Process(es) !

MSG|Error Restarting Process(es) !

MSG|Process(es) Suspended - PId :

MSG|Process(es) Suspended - PId :

MSG|Error Suspending Process(es) !

MSG|Error Suspending Process(es) !

MSG|Process(es) Resumed - PId :

MSG|Process(es) Resumed - PId :

MSG|Error Resuming Process(es) !

MSG|Error Resuming Process(es) !

MSG|Process Doesn't Have a Window - PID :

MSG|Process Doesn't Have a Window - PID :

MSG|Window Brought To Front - PID :

MSG|Window Brought To Front - PID :

MSG|Window Closed - PID :

MSG|Window Closed - PID :

MSG|Window Maximized - PID :

MSG|Window Maximized - PID :

MSG|Window Minimized - PID :

MSG|Window Minimized - PID :

MSG|Error Capturing Window !

MSG|Error Capturing Window !

PASSWORDS

PASSWORDS

ALLIMPASSWORDS

ALLIMPASSWORDS

ALLIMPASSWORDS|

ALLIMPASSWORDS|

DYNDNSPASSWORDS

DYNDNSPASSWORDS

DYNDNSPASSWORDS|

DYNDNSPASSWORDS|

MSNPASSWORDS

MSNPASSWORDS

MSNPASSWORDS|

MSNPASSWORDS|

IMVUPASSWORDS|

IMVUPASSWORDS|

MSPRODKEYS|

MSPRODKEYS|

PALTALKPASSWORDS|

PALTALKPASSWORDS|

FILEZILLAPASSWORDS|

FILEZILLAPASSWORDS|

IDMLOGINS|

IDMLOGINS|

NOIPPASSWORDS

NOIPPASSWORDS

NOIPPASSWORDS|

NOIPPASSWORDS|

FIREFOXPASSWORDS

FIREFOXPASSWORDS

OPERAPASSWORDS|

OPERAPASSWORDS|

MSG|Opera not Found !

MSG|Opera not Found !

MIRANDAPASSWORDS|

MIRANDAPASSWORDS|

TRILLIANPASSWORDS|

TRILLIANPASSWORDS|

PIDGINPASSWORDS|

PIDGINPASSWORDS|

GAIMPASSWORDS|

GAIMPASSWORDS|

SOCKSSTATUS|Socks Server Already Active on Port :

SOCKSSTATUS|Socks Server Already Active on Port :

MSG|Uninstaller Executed

MSG|Uninstaller Executed

MSG|Could't Execute Uninstaller

MSG|Could't Execute Uninstaller

SCDKEYS

SCDKEYS

CCDKEYS

CCDKEYS

CDKEYS

CDKEYS

ACTIVEPORTS

ACTIVEPORTS

CLOSEPORT

CLOSEPORT

MSG|Port Closed

MSG|Port Closed

MSG|Error Closing Port

MSG|Error Closing Port

MSG|Host Removed

MSG|Host Removed

MSG|Error Removing Host

MSG|Error Removing Host

MSG|Hosts List Cleared

MSG|Hosts List Cleared

MSG|Host Added

MSG|Host Added

MSG|Error Adding Host

MSG|Error Adding Host

MSG|Window Closed - Handel :

MSG|Window Closed - Handel :

MSG|Window Diabled - Handel :

MSG|Window Diabled - Handel :

MSG|Window Enabled - Handel :

MSG|Window Enabled - Handel :

MSG|Window Maximized - Handel :

MSG|Window Maximized - Handel :

MSG|Window Minimized - Handel :

MSG|Window Minimized - Handel :

MSG|Window Hided - Handel :

MSG|Window Hided - Handel :

MSG|Window Showed - Handel :

MSG|Window Showed - Handel :

MSG|Close Button On Window With Handel :

MSG|Close Button On Window With Handel :

MSG|Close Button on Window With Handel :

MSG|Close Button on Window With Handel :

MSG|Window Title Changed To :

MSG|Window Title Changed To :

MSG|Error Changing Window Title !

MSG|Error Changing Window Title !

SENDKEYS

SENDKEYS

MSG|Text Sent To Window With Handel :

MSG|Text Sent To Window With Handel :

MSG|Error Sending Text To Window - Handel :

MSG|Error Sending Text To Window - Handel :

MSG|Script Created and Executed

MSG|Script Created and Executed

MSG|Error Creating/Executing Script

MSG|Error Creating/Executing Script

MSG|Clipboard Enabled

MSG|Clipboard Enabled

MSG|Clipboard Disabled

MSG|Clipboard Disabled

MSG|New Attributes are Now Set

MSG|New Attributes are Now Set

MSG|Error Setting New Attributes !

MSG|Error Setting New Attributes !

MSG|Desktop Wallpaper Set To "

MSG|Desktop Wallpaper Set To "

MSG|Error Changing Desktop Wallpaper

MSG|Error Changing Desktop Wallpaper

winlogon.exe

winlogon.exe

MSG|Application Executed as System

MSG|Application Executed as System

MSG|Error Executiong Application as System

MSG|Error Executiong Application as System

MSG|File Executed Visible

MSG|File Executed Visible

MSG|Error While Trying to Run File

MSG|Error While Trying to Run File

MSG|File Executed Hidden

MSG|File Executed Hidden

MSG|Error Executing File

MSG|Error Executing File

MSG|File Secure-Deleted

MSG|File Secure-Deleted

MSG|Error Secure-Deleting File

MSG|Error Secure-Deleting File

MSG|File Doesn't Exist

MSG|File Doesn't Exist

MSG|File Deleted

MSG|File Deleted

MSG|Error Deleting File

MSG|Error Deleting File

MSG|Folder Deleted Successfully

MSG|Folder Deleted Successfully

MSG|Error Deleting Folder

MSG|Error Deleting Folder

MSG|Folder Doesn't Exist

MSG|Folder Doesn't Exist

MSG|File Moved to Recycle Bin

MSG|File Moved to Recycle Bin

MSG|Error Moveing File to Recycle Bin

MSG|Error Moveing File to Recycle Bin

MSG|File/Folder Doesn't Exist

MSG|File/Folder Doesn't Exist

MSG|File/Folder Renamed

MSG|File/Folder Renamed

MSG|Error Renaming File/Folder

MSG|Error Renaming File/Folder

MSG|Folder Created

MSG|Folder Created

MSG|Error Creating Folder !

MSG|Error Creating Folder !

MSG|Folder Already Exist, Choose Another Name

MSG|Folder Already Exist, Choose Another Name

LISTKEYS

LISTKEYS

LISTKEYS|

LISTKEYS|

MSG|Key Renamed

MSG|Key Renamed

MSG|Error Renaming Key

MSG|Error Renaming Key

DELETEKEY

DELETEKEY

MSG|Key/Value Deleted

MSG|Key/Value Deleted

MSG|Error Deleting Key/Value

MSG|Error Deleting Key/Value

NEWKEY

NEWKEY

MSG|Key Created

MSG|Key Created

MSG|Error Creating Key

MSG|Error Creating Key

MSG|Value Added

MSG|Value Added

MSG|Error Adding Value

MSG|Error Adding Value

STATUSMSG|16

STATUSMSG|16

STATUSMSG|17

STATUSMSG|17

STATUSMSG|18

STATUSMSG|18

STATUSMSG|20

STATUSMSG|20

STATUSMSG|21

STATUSMSG|21

|Error, Target File or File To Execute Doesn't Exists|

|Error, Target File or File To Execute Doesn't Exists|

DOWNLOADFROMFTP

DOWNLOADFROMFTP

UPLOADTOFTP

UPLOADTOFTP

GETKEYLOG

GETKEYLOG

MSG|Offline Key Logger Is Disabled !

MSG|Offline Key Logger Is Disabled !

MSG|Error, Log Doesn't Exists !

MSG|Error, Log Doesn't Exists !

DELETEKEYLOG

DELETEKEYLOG

MSG|Key Log Cleared !

MSG|Key Log Cleared !

MSG|Error Clearing Key Log File !

MSG|Error Clearing Key Log File !

MSG|Error, File Not Found

MSG|Error, File Not Found

MSG|Service Stopped

MSG|Service Stopped

MSG|Service Started

MSG|Service Started

MSG|Service "

MSG|Service "

MSG|Error Uninstalling Service

MSG|Error Uninstalling Service

MSG|Service Created

MSG|Service Created

MSG|Error Creating Service

MSG|Error Creating Service

MSG|Logoff Command Executed

MSG|Logoff Command Executed

MSG|Restart Command Executed

MSG|Restart Command Executed

MSG|Shutdown Command Executed

MSG|Shutdown Command Executed

MSG|Standby Command Executed

MSG|Standby Command Executed

MSG|Hibernate Command Executed

MSG|Hibernate Command Executed

MSG|Power Off Command Executed

MSG|Power Off Command Executed

0.3.2

0.3.2

abe2869f-9b47-4cd9-a358-c22904dba7f7

abe2869f-9b47-4cd9-a358-c22904dba7f7

Unable to resolve HTTP prox

Unable to resolve HTTP prox

Portions Copyright (c) 1999,2003 Avenger by NhT

Portions Copyright (c) 1999,2003 Avenger by NhT

text/x-msmsgscontrol

text/x-msmsgscontrol

ws2_32.dll

ws2_32.dll

GetProcessHeap

GetProcessHeap

oleaut32.dll

oleaut32.dll

wsock32.dll

wsock32.dll

KWindows

KWindows

178.49.197.132:3340,

178.49.197.132:3340,

9%Documents and Settings%\%current user%\Application Data\server.exe

9%Documents and Settings%\%current user%\Application Data\server.exe

&{A66OVDU3-6XL3-5IDE-8D68-Y803Q22O36T6}

&{A66OVDU3-6XL3-5IDE-8D68-Y803Q22O36T6}

%AppData%\log.txt

%AppData%\log.txt

GetKeyboardType

GetKeyboardType

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

RegQueryInfoKeyA

RegQueryInfoKeyA

RegFlushKey

RegFlushKey

RegEnumKeyExA

RegEnumKeyExA

RegDeleteKeyA

RegDeleteKeyA

RegCreateKeyExA

RegCreateKeyExA

RegCreateKeyA

RegCreateKeyA

WinExec

WinExec

PeekNamedPipe

PeekNamedPipe

CreatePipe

CreatePipe

mpr.dll

mpr.dll

version.dll

version.dll

gdi32.dll

gdi32.dll

keybd_event

keybd_event

VkKeyScanA

VkKeyScanA

SetKeyboardState

SetKeyboardState

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

MapVirtualKeyExA

MapVirtualKeyExA

MapVirtualKeyA

MapVirtualKeyA

GetKeyboardState

GetKeyboardState

GetKeyboardLayout

GetKeyboardLayout

GetKeyState

GetKeyState

GetAsyncKeyState

GetAsyncKeyState

ExitWindowsEx

ExitWindowsEx

EnumWindows

EnumWindows

getservbyport

getservbyport

shell32.dll

shell32.dll

SHFileOperationA

SHFileOperationA

wininet.dll

wininet.dll

InternetOpenUrlA

InternetOpenUrlA

HttpSendRequestA

HttpSendRequestA

HttpQueryInfoA

HttpQueryInfoA

HttpOpenRequestA

HttpOpenRequestA

HttpAddRequestHeadersA

HttpAddRequestHeadersA

FtpSetCurrentDirectoryA

FtpSetCurrentDirectoryA

FtpPutFileA

FtpPutFileA

FtpOpenFileA

FtpOpenFileA

FtpFindFirstFileA

FtpFindFirstFileA

FindCloseUrlCache

FindCloseUrlCache

FindNextUrlCacheEntryA

FindNextUrlCacheEntryA

FindFirstUrlCacheEntryA

FindFirstUrlCacheEntryA

Crypt32.dll

Crypt32.dll

crypt32.dll

crypt32.dll

URLMON.DLL

URLMON.DLL

URLDownloadToFileA

URLDownloadToFileA

netapi32.dll

netapi32.dll

winmm.dll

winmm.dll

msacm32.dll

msacm32.dll

0 0$0(0,0004080>1

0 0$0(0,0004080>1

5 5$5(5,5

5 5$5(5,5

6-6}6

6-6}6

178.49.197.132:3340,40

178.49.197.132:3340,40

%AppData%\server.exe

%AppData%\server.exe

C:\Windows\resources\themes\Aero\Aero.msstyles

C:\Windows\resources\themes\Aero\Aero.msstyles