# Free Automated Malware Analysis Service - powered by Falcon Sandbox **[hybrid-analysis.com/sample/5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816](https://www.hybrid-analysis.com/sample/5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816?environmentId=2)** !This program cannot be run in DOS mode.$ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %d - [%s] %s %s %s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s%s%s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: illegal option -- %c Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: invalid option -- %c Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option `%c%s' doesn't allow an argument Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option `%s' is ambiguous Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option `%s' requires an argument Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option `--%s' doesn't allow an argument Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option `-W %s' doesn't allow an argument Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 bin) ----- %s: option -W %s is ambiguous Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option requires an argument -- %c Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: unrecognized option `%c%s' Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: unrecognized option `--%s' Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s\%s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s\Drivers\%s.sys Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s\System32 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s_%d Unicode based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %temp% Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) , 1, 0, 0 Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ---Joint Unit Count:%d--Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) .?AVtype_info@@ ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) .?AW4FW_ERROR_CODE@@ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) .rsrc Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) .text Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) 0hbd@ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) 4]wS5]w Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816, 0029882900003884.00000000.300181.420000.00000002.mdmp) ??1type_info@@UAE@XZ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ??_?_______________r__ Ansi based on Image Processing (screen_0.png) ?terminate@@YAXXZ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) @.data Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) @echo off :loop choice /N /T 2 /D Y del "%s" if exist %1 goto loop move /-y "%s" "%s" net start "%s" del %%0 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) @echo off :loop choice /N /T 2 /D Y del "%s" if exist %1 goto loop sc delete "%s"del %%0 ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \\%s\pipe\Simple\3DPipes\Cloud\%d Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \\.\%s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \\.\pipe\Simple\3DPipes\Cloud\%d Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \cmd.exe Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _____cu__?___ Ansi based on Image Processing (screen_0.png) __CxxFrameHandler Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __dllonexit Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __getmainargs Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __p___initenv Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __p__commode Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __p__fmode Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ----- __set_app_type Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __setusermatherr Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _adjust_fdiv Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _beginthreadex Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _controlfp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _CxxThrowException Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _except_handler3 Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _exit Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _initterm Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _mbscmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _onexit Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _purecall ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _stricmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _strlwr Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _strnicmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _wcsicmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _XcptFilter Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) `.rdata Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Add Joint Unit At %d success. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Add Joint Unit Failure. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) AddressFamily Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) AdjustTokenPrivileges Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) advapi32.dll ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ADVAPI32.dll Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) aFDJMvSGBWFqFPLVQ@Fb Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Allude Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) allude Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) anyName Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ation Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) C4QVh Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816, 0029882900003884.00000000.300181.401000.00000020.mdmp) CEIPEnable Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) Change Service Mode to user logon failure.code:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ChangeServiceConfig2A Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Classes ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CloseHandle Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CloseServiceHandle Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CoCreateInstance Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CoInitializeEx Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Comments Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) connect Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CONNECT %s:%d HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)Host: %sProxy-Connection: KeepAlivePragma: no-cache Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Connect to IP:%s Port:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ConnectNamedPipe Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CopyFile Kit.exe error Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ----- CopyFileA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Corporation. All rights reserved. Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateEventA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateFileA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateIoCompletionPort Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateNamedPipeA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateProcessA Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateServiceA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateThread Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateToolhelp32Snapshot Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateWindowExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) debug ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DEFAULT Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DeleteCriticalSection Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DeleteFileA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DeleteService Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DeregisterEventSource Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Dest Network Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DestroyWindow Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DeviceIoControl Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) dFWnLGVOFaBPFmBNFb Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) dFWnLGVOFeJOFmBNFf[b Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) dFWpZPWFNgJQF@WLQZb ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DispatchMessageA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DisplayString Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) DllExport Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DSDllExport Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DuplicateHandle Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ecialBuild Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) eJMGqFPLVQ@Ff[b Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) eJQPW Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Enabled Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) EnterCriticalSection Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) EnumProcessModules ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) eQFFqFPLVQ@F Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) error on free memory. Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ewr:m:s:h:p:t:b:d:n:w:x:g:k:i:c: Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fclose Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fgetc Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fMGvSGBWFqFPLVQ@Fb Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fMVNqFPLVQ@FoBMDVBDFPb Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fMVNsQL@FPPnLGVOFP Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fopen Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) FormatMessageA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fprintf ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fread Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) FreeLibrary Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fseek Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fwrite Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetAdaptersInfo Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetCurrentDirectoryA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetCurrentProcess Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetCurrentThreadId Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetDllEntryUnit Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) getenv Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetLastError ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetModuleBaseNameA Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetModuleFileNameA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetModuleFileNameExA Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetModuleHandleA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetOverlappedResult Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetProcAddress Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetQueuedCompletionStatus Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetSystemDirectoryA Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetSystemTime Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetTempPathA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetTickCount ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetVersion Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetVersionExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetWindowLongA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetWindowsDirectoryA Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GlobalMemoryStatus Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) HeapAlloc Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) HeapCreate Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) HeapDestroy Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) HeapFree Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) HTTP/1.0 200 Connection Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) InitializeCriticalSection ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) iphlpapi.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) IsWow64Process Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ivateBuild Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) kernel32 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Kernel32 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) KERNEL32.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Kernel32.dll Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) kernel32.dll Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) keymmdrv Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Kit.exe Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LeaveCriticalSection ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LegalCopyright Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) lename Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LessChild Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LibraryPath Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) listen Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Listen Port:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ListenThreadFunc. proccomm. Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LoadLibraryA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LockServiceDatabase Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Login: %s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LookupPrivilegeValueA ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) lSFMp`nBMBDFQb Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) lstrcatA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LvejOv Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816, 0029882900003884.00000000.300181.420000.00000002.mdmp) malloc Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Manage Server Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) mangsrv Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) memcpy Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) memset Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) MFC42.DLL Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Microsoft Engineering Service Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) MicrosoftEngineering ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) modify Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) MoveFileExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) MSVCRT.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) MultiByteToWideChar Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) NameSpace_Callout Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) Next_Catalog_Entry_ID Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) Num_Catalog_Entries Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) oL@HqFPLVQ@F Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) oLBGqFPLVQ@F Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) old unit are already exist at %d and cannot add twice Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) old unit not exist ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ole32.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) OLEAUT32.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) OpenProcess Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) OpenProcessToken Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) OpenServiceA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) OutputDebugStringA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) PackedCatalogItem Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) parent Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Parent Server Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) PeekMessageA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) PeekNamedPipe ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) pipeChild Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) pipeParent Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) pJYFLEqFPLVQ@F Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-m %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-r %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-s %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-t %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct IP [-h %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct Port [-p %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct RightType [-g %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct TCP Connect Diff Time [-c %s] ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct UDP Send Diff Time [-h %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct UDP-DNS-Test Port [-d %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct UserName Index [-i %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-h] RemoteIP Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-m] ModifyType Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-p] RemotePort Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-r] RunType Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-s] Socket Type Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-t] dest_type Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) pMBSPKLW Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) POSIXLY_CORRECT ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) PostMessageA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) printf Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Process32First Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Process32Next Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ProviderId Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) ProviderInfo Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) ProxyServer Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) psapi.dll Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) qFBGsQL@FPPnFNLQZ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) query Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) QueryServiceStatus ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Read Error Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ReadFile Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ReadProcessMemory Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegCloseKey Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegCreateK Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegDeleteValueA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegEnumKeyExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegisterServiceCtrlHandlerA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegOpenKeyExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegQueryValue Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegQueryValueExA ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegSetValueExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Remove Joint Unit %d Failure. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Remove Joint Unit %d success. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ResetEvent Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ResumeThread Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) rint Cache Spooler Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) rnalName Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) rosoft(R) Windows(R) Operating System Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) s.exe Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SeDebugPrivilege Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) self.bat ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Serial_Access_Num Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) services.exe Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetConsoleCtrlHandler Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetCurrentDirectoryA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetEvent Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetLastError Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetNamedPipeHandleState Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetServiceStatus Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) setunit Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetWindowLongA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Sleep ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) snake Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SocketID = %d %s:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SOCKS5 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) socks5 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) soft Corporation Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Software\Microsoft\Windows\CurrentVersion\Internet Settings Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) sprintf Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) StartServiceA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) StartServiceCtrlDispatcherA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) STATIC Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) StoresServiceClassInfo ----- Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) strcat Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strchr Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strcmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strcpy Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) StringFileInfo Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strlen Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strncmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strncpy Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strstr Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strtok Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Sub Server ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) subchild Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SupportedNameSpace Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) svs.exe Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) System\CurrentControlSet\Services\%s\parameters\%s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) systemtemp.cns Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) TerminateProcess Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) TerminateThread Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Timeout & QUIT!!! Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) tName Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) tQJWFsQL@FPPnFNLQZ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) TranslateMessage ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) UDP_Touch Port:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) uJQWVBOsQLWF@Wf[ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Unknown command. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) UnlockServiceDatabase Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) USER32.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) VarFileInfo Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) VE2DATA Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Version Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) VirtualProtectEx Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) VS_VERSION_INFO Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) vSGBWFqFPLVQ@Fb ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WaitForMultipleObjects Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WaitForSingleObject Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WaitNamedPipeA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) wcscpy Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WinSock_Registry_Version Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) WriteFile Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WriteProcessMemory Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WS2_32.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Ws2_32NumHandleBuckets Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) wsprintfA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) wsprintfW ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ~*.tmp Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ~temp8520.tmp.tmp Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) !This program cannot be run in DOS mode.$ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %d - [%s] %s %s %s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s\Drivers\%s.sys Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) .?AVtype_info@@ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) .?AW4FW_ERROR_CODE@@ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) 4]wS5]w Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816, 0029882900003884.00000000.300181.420000.00000002.mdmp) ??1type_info@@UAE@XZ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ?terminate@@YAXXZ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) @.data ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) @echo off :loop choice /N /T 2 /D Y del "%s" if exist %1 goto loop move /-y "%s" "%s" net start "%s" del %%0 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) @echo off :loop choice /N /T 2 /D Y del "%s" if exist %1 goto loop sc delete "%s"del %%0 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \\%s\pipe\Simple\3DPipes\Cloud\%d Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \\.\%s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \\.\pipe\Simple\3DPipes\Cloud\%d Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \cmd.exe Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __getmainargs Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Add Joint Unit Failure. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Change Service Mode to user logon failure.code:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CONNECT %s:%d HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)Host: %sProxy-Connection: KeepAlivePragma: no-cache Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ----- Connect to IP:%s Port:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CopyFile Kit.exe error Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Corporation. All rights reserved. Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateIoCompletionPort Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DllExport Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DSDllExport Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) eJMGqFPLVQ@Ff[b Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) error on free memory. Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ewr:m:s:h:p:t:b:d:n:w:x:g:k:i:c: Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fMVNqFPLVQ@FoBMDVBDFPb Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetAdaptersInfo Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetCurrentProcess ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetLastError Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetProcAddress Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetQueuedCompletionStatus Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetVersion Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetVersionExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) HTTP/1.0 200 Connection Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Kit.exe Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) listen Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Listen Port:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ListenThreadFunc. proccomm. Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) oL@HqFPLVQ@F ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-m %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-r %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-s %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-t %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct IP [-h %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct Port [-p %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct RightType [-g %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct TCP Connect Diff Time [-c %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct UDP Send Diff Time [-h %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct UDP-DNS-Test Port [-d %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct UserName Index [-i %s] ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-h] RemoteIP Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-m] ModifyType Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-p] RemotePort Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-r] RunType Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-s] Socket Type Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-t] dest_type Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegCloseKey Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegEnumKeyExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegisterServiceCtrlHandlerA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegOpenKeyExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Remove Joint Unit %d Failure. ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) rosoft(R) Windows(R) Operating System Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) s.exe Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) self.bat Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) services.exe Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Software\Microsoft\Windows\CurrentVersion\Internet Settings Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) StoresServiceClassInfo Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) SupportedNameSpace Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) svs.exe Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) System\CurrentControlSet\Services\%s\parameters\%s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Timeout & QUIT!!! Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) UDP_Touch Port:%d ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) uJQWVBOsQLWF@Wf[ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Unknown command. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) VS_VERSION_INFO Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WinSock_Registry_Version Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) ~temp8520.tmp.tmp Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Corporation. All rights reserved. Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ListenThreadFunc. proccomm. Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) !This program cannot be run in DOS mode.$ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %d - [%s] %s %s %s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s%s%s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: illegal option -- %c ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: invalid option -- %c Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option `%c%s' doesn't allow an argument Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option `%s' is ambiguous Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option `%s' requires an argument Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option `--%s' doesn't allow an argument Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option `-W %s' doesn't allow an argument Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option `-W %s' is ambiguous Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: option requires an argument -- %c Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: unrecognized option `%c%s' Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s: unrecognized option `--%s' Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s\%s ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s\Drivers\%s.sys Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s\System32 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %s_%d Unicode based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) %temp% Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) , 1, 0, 0 Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ---Joint Unit Count:%d--Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) .?AVtype_info@@ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) .?AW4FW_ERROR_CODE@@ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) .rsrc Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) .text Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) 0hbd@ ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ??1type_info@@UAE@XZ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ?terminate@@YAXXZ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) @.data Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) @echo off :loop choice /N /T 2 /D Y del "%s" if exist %1 goto loop move /-y "%s" "%s" net start "%s" del %%0 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) @echo off :loop choice /N /T 2 /D Y del "%s" if exist %1 goto loop sc delete "%s"del %%0 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \\%s\pipe\Simple\3DPipes\Cloud\%d Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \\.\%s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \\.\pipe\Simple\3DPipes\Cloud\%d Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) \cmd.exe Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __CxxFrameHandler Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __dllonexit ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __getmainargs Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __p___initenv Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __p__commode Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __p__fmode Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __set_app_type Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) __setusermatherr Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _adjust_fdiv Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _beginthreadex Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _controlfp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _CxxThrowException Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _except_handler3 ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _exit Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _initterm Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _mbscmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _onexit Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _purecall Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _stricmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _strlwr Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _strnicmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _wcsicmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) _XcptFilter Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) `.rdata ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Add Joint Unit At %d success. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Add Joint Unit Failure. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) AdjustTokenPrivileges Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) advapi32.dll Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ADVAPI32.dll Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) aFDJMvSGBWFqFPLVQ@Fb Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) allude Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Allude Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) anyName Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ation Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Change Service Mode to user logon failure.code:%d ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ChangeServiceConfig2A Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Classes Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CloseHandle Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CloseServiceHandle Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CoCreateInstance Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CoInitializeEx Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Comments Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) connect Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CONNECT %s:%d HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)Host: %sProxy-Connection: KeepAlivePragma: no-cache Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Connect to IP:%s Port:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ----- ConnectNamedPipe Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CopyFile Kit.exe error Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CopyFileA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateEventA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateFileA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateIoCompletionPort Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateNamedPipeA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateProcessA Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateServiceA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateThread Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateToolhelp32Snapshot Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) CreateWindowExA ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) debug Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DEFAULT Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DeleteCriticalSection Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DeleteFileA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DeleteService Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DeregisterEventSource Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Dest Network Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DestroyWindow Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DeviceIoControl Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) dFWnLGVOFaBPFmBNFb Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) dFWnLGVOFeJOFmBNFf[b ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) dFWpZPWFNgJQF@WLQZb Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DispatchMessageA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DllExport Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DSDllExport Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) DuplicateHandle Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ecialBuild Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) eJMGqFPLVQ@Ff[b Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) eJQPW Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) EnterCriticalSection Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) EnumProcessModules Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) eQFFqFPLVQ@F ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) error on free memory. Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ewr:m:s:h:p:t:b:d:n:w:x:g:k:i:c: Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fclose Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fgetc Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fMGvSGBWFqFPLVQ@Fb Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fMVNqFPLVQ@FoBMDVBDFPb Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fMVNsQL@FPPnLGVOFP Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fopen Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) FormatMessageA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fprintf Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fread ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) FreeLibrary Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fseek Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) fwrite Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetAdaptersInfo Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetCurrentDirectoryA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetCurrentProcess Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetCurrentThreadId Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetDllEntryUnit Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) getenv Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetLastError Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetModuleBaseNameA ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetModuleFileNameA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetModuleFileNameExA Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetModuleHandleA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetOverlappedResult Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetProcAddress Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetQueuedCompletionStatus Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetSystemDirectoryA Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetSystemTime Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetTempPathA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetTickCount Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetVersion ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetVersionExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetWindowLongA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GetWindowsDirectoryA Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) GlobalMemoryStatus Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) HeapAlloc Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) HeapCreate Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) HeapDestroy Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) HeapFree Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) HTTP/1.0 200 Connection Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) InitializeCriticalSection Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) iphlpapi.dll ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) IsWow64Process Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ivateBuild Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) kernel32 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Kernel32 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) kernel32.dll Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) KERNEL32.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Kernel32.dll Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) keymmdrv Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Kit.exe Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LeaveCriticalSection Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LegalCopyright ----- Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) lename Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LessChild Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) listen Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Listen Port:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LoadLibraryA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LockServiceDatabase Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Login: %s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) LookupPrivilegeValueA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) lSFMp`nBMBDFQb Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) lstrcatA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) malloc ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Manage Server Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) mangsrv Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) memcpy Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) memset Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) MFC42.DLL Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Microsoft Engineering Service Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) MicrosoftEngineering Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) modify Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) MoveFileExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) MSVCRT.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) MultiByteToWideChar ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) oL@HqFPLVQ@F Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) oLBGqFPLVQ@F Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) old unit are already exist at %d and cannot add twice Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) old unit not exist Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ole32.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) OLEAUT32.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) OpenProcess Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) OpenProcessToken Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) OpenServiceA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) OutputDebugStringA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) parent ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Parent Server Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) PeekMessageA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) PeekNamedPipe Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) pipeChild Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) pipeParent Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) pJYFLEqFPLVQ@F Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-m %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-r %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-s %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct [-t %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct IP [-h %s] ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct Port [-p %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct RightType [-g %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct TCP Connect Diff Time [-c %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct UDP Send Diff Time [-h %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct UDP-DNS-Test Port [-d %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please Correct UserName Index [-i %s] Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-h] RemoteIP Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-m] ModifyType Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-p] RemotePort Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-r] RunType Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-s] Socket Type ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Please input [-t] dest_type Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) pMBSPKLW Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) POSIXLY_CORRECT Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) PostMessageA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) printf Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Process32First Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Process32Next Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ProxyServer Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) psapi.dll Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) qFBGsQL@FPPnFNLQZ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) query ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) QueryServiceStatus Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Read Error Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ReadFile Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ReadProcessMemory Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegCloseKey Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegCreateK Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegDeleteValueA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegEnumKeyExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegisterServiceCtrlHandlerA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegOpenKeyExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegQueryValue ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegQueryValueExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) RegSetValueExA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Remove Joint Unit %d Failure. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Remove Joint Unit %d success. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ResetEvent Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ResumeThread Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) rint Cache Spooler Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) rnalName Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) rosoft(R) Windows(R) Operating System Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) s.exe Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SeDebugPrivilege ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) self.bat Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) services.exe Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetConsoleCtrlHandler Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetCurrentDirectoryA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetEvent Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetLastError Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetNamedPipeHandleState Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetServiceStatus Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) setunit Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SetWindowLongA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Sleep ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) snake Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SocketID = %d %s:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) socks5 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) SOCKS5 Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) soft Corporation Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Software\Microsoft\Windows\CurrentVersion\Internet Settings Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) sprintf Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) StartServiceA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) StartServiceCtrlDispatcherA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) STATIC Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strcat ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strchr Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strcmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strcpy Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) StringFileInfo Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strlen Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strncmp Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strncpy Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strstr Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) strtok Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Sub Server Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) subchild ----- Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) svs.exe Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) System\CurrentControlSet\Services\%s\parameters\%s Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) systemtemp.cns Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) TerminateProcess Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) TerminateThread Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Timeout & QUIT!!! Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) tName Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) tQJWFsQL@FPPnFNLQZ Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) TranslateMessage Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) UDP_Touch Port:%d Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) uJQWVBOsQLWF@Wf[ ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) Unknown command. Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) UnlockServiceDatabase Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) USER32.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) VarFileInfo Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) VE2DATA Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) VirtualProtectEx Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) VS_VERSION_INFO Unicode based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) vSGBWFqFPLVQ@Fb Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WaitForMultipleObjects Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WaitForSingleObject Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WaitNamedPipeA ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) wcscpy Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WriteFile Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WriteProcessMemory Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) WS2_32.dll Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) wsprintfA Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) wsprintfW Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ~*.tmp Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) ~temp8520.tmp.tmp Ansi based on Hybrid Analysis (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816.bin) 4]wS5]w Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816, 0029882900003884.00000000.300181.420000.00000002.mdmp) AddressFamily Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) C4QVh ----- Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816, 0029882900003884.00000000.300181.401000.00000020.mdmp) CEIPEnable Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) DisplayString Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) Enabled Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) LibraryPath Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) LvejOv Ansi based on Memory/File Scan (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816, 0029882900003884.00000000.300181.420000.00000002.mdmp) NameSpace_Callout Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) Next_Catalog_Entry_ID Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) Num_Catalog_Entries Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) PackedCatalogItem Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) ProviderId Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) ----- ProviderInfo Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) Serial_Access_Num Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) StoresServiceClassInfo Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) SupportedNameSpace Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) Version Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) WinSock_Registry_Version Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) Ws2_32NumHandleBuckets Unicode based on Runtime Data (5d631d77401615d53f3ce3dbc2bfee5d934602dc35d488aa7cebf9b3ff1c4816 ) ??_?_______________r__ Ansi based on Image Processing (screen_0.png) _____cu__?___ Ansi based on Image Processing (screen_0.png) -----