API tools faq
paste
Advertisement
opexxx

malwrrr.log

opexxx
Nov 7th, 2016
517
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 67.44 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3.  
  4.  
  5. 2016-07-10 09:17:48,015 [root] INFO: Date set to: 07-10-16, time set to: 16:17:48
  6. 2016-07-10 09:17:50,905 [root] DEBUG: Starting analyzer from: C:\couuigxxgx
  7. 2016-07-10 09:17:50,905 [root] DEBUG: Storing results at: C:\zJApDghWI
  8. 2016-07-10 09:17:50,921 [root] DEBUG: Pipe server name: \\.\PIPE\UvAsGtkIf
  9. 2016-07-10 09:17:50,921 [root] DEBUG: No analysis package specified, trying to detect it automagically.
  10. 2016-07-10 09:17:50,937 [root] INFO: Automatically selected analysis package "exe"
  11. 2016-07-10 09:18:41,717 [root] DEBUG: Started auxiliary module Browser
  12. 2016-07-10 09:18:41,733 [modules.auxiliary.digisig] INFO: Skipping authenticode validation, signtool.exe was not found in bin/
  13. 2016-07-10 09:18:41,733 [root] DEBUG: Started auxiliary module DigiSig
  14. 2016-07-10 09:18:41,796 [root] DEBUG: Started auxiliary module Disguise
  15. 2016-07-10 09:18:41,812 [root] DEBUG: Started auxiliary module Human
  16. 2016-07-10 09:18:41,875 [root] DEBUG: Started auxiliary module Screenshots
  17. 2016-07-10 09:18:41,921 [root] DEBUG: Started auxiliary module Usage
  18. 2016-07-10 09:18:43,390 [lib.api.process] INFO: Successfully executed process from path "C:\Users\RICH\AppData\Local\Temp\671d98a17e304354221c93fda743e8e91cf3f3abeafdc6cbec71c2b7df2127a0.bin" with arguments "" with pid 2580
  19. 2016-07-10 09:18:47,500 [lib.api.process] DEBUG: Using QueueUserAPC injection.
  20. 2016-07-10 09:18:48,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2580
  21. 2016-07-10 09:18:50,655 [lib.api.process] INFO: Successfully resumed process with pid 2580
  22. 2016-07-10 09:18:50,655 [root] INFO: Added new process to list with pid: 2580
  23. 2016-07-10 09:18:56,171 [root] INFO: Cuckoomon successfully loaded in process with pid 2580.
  24. 2016-07-10 09:18:57,078 [root] INFO: Disabling sleep skipping.
  25. 2016-07-10 09:20:13,203 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Temp\tmp9978.tmp
  26. 2016-07-10 09:20:14,765 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Temp\tmp9F07.tmp
  27. 2016-07-10 09:20:17,671 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Roaming\Okuxeceri\revyuvogyb.exe
  28. 2016-07-10 09:20:18,092 [root] INFO: Announced 32-bit process name: revyuvogyb.exe pid: 2708
  29. 2016-07-10 09:20:18,108 [lib.api.process] DEBUG: Using QueueUserAPC injection.
  30. 2016-07-10 09:20:18,717 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2708
  31. 2016-07-10 09:20:18,842 [root] INFO: Disabling sleep skipping.
  32. 2016-07-10 09:20:18,905 [root] INFO: Added new process to list with pid: 2708
  33. 2016-07-10 09:20:18,905 [root] INFO: Cuckoomon successfully loaded in process with pid 2708.
  34. 2016-07-10 09:21:23,328 [root] INFO: Announced 64-bit process name: taskhost.exe pid: 1136
  35. 2016-07-10 09:21:23,328 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  36. 2016-07-10 09:21:23,483 [root] INFO: Disabling sleep skipping.
  37. 2016-07-10 09:21:23,530 [root] INFO: Announced 64-bit process name: dwm.exe pid: 1188
  38. 2016-07-10 09:21:23,546 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  39. 2016-07-10 09:21:23,625 [root] INFO: Disabling sleep skipping.
  40. 2016-07-10 09:21:23,717 [root] INFO: Added new process to list with pid: 1136
  41. 2016-07-10 09:21:23,733 [root] INFO: Cuckoomon successfully loaded in process with pid 1136.
  42. 2016-07-10 09:21:23,765 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1232
  43. 2016-07-10 09:21:23,765 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  44. 2016-07-10 09:21:23,858 [root] INFO: Added new process to list with pid: 1188
  45. 2016-07-10 09:21:23,890 [root] INFO: Disabling sleep skipping.
  46. 2016-07-10 09:21:23,890 [root] INFO: Cuckoomon successfully loaded in process with pid 1188.
  47. 2016-07-10 09:21:24,000 [root] INFO: Announced 64-bit process name: taskeng.exe pid: 1796
  48. 2016-07-10 09:21:24,000 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  49. 2016-07-10 09:21:24,171 [root] INFO: Disabling sleep skipping.
  50. 2016-07-10 09:21:24,342 [root] INFO: Added new process to list with pid: 1796
  51. 2016-07-10 09:21:24,342 [root] INFO: Cuckoomon successfully loaded in process with pid 1796.
  52. 2016-07-10 09:21:24,796 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Roaming\Ulyvaxop\buygnydeud.acl
  53. 2016-07-10 09:21:25,000 [root] INFO: Added new process to list with pid: 1232
  54. 2016-07-10 09:21:25,000 [root] INFO: Cuckoomon successfully loaded in process with pid 1232.
  55. 2016-07-10 09:21:26,453 [root] INFO: Stopping WMI Service
  56. 2016-07-10 09:21:34,405 [root] INFO: Announced 32-bit process name: net.exe pid: 2532
  57. 2016-07-10 09:21:34,421 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  58. 2016-07-10 09:21:34,578 [root] INFO: Disabling sleep skipping.
  59. 2016-07-10 09:21:34,640 [root] INFO: Added new process to list with pid: 2532
  60. 2016-07-10 09:21:34,655 [root] INFO: Cuckoomon successfully loaded in process with pid 2532.
  61. 2016-07-10 09:21:37,967 [root] INFO: Notified of termination of process with pid 2532.
  62. 2016-07-10 09:21:37,983 [root] INFO: Announced 64-bit process name: conhost.exe pid: 1812
  63. 2016-07-10 09:21:38,000 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  64. 2016-07-10 09:21:38,030 [root] INFO: Stopped WMI Service
  65. 2016-07-10 09:21:38,515 [lib.api.process] ERROR: Unable to inject into 64-bit process with pid 1812, error: -1
  66. 2016-07-10 09:21:38,828 [root] INFO: Announced 32-bit process name: sc.exe pid: 2464
  67. 2016-07-10 09:21:38,842 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  68. 2016-07-10 09:21:39,750 [root] INFO: Announced 32-bit process name: sc.exe pid: 2464
  69. 2016-07-10 09:21:39,750 [lib.api.process] DEBUG: Using QueueUserAPC injection.
  70. 2016-07-10 09:21:40,780 [root] INFO: Disabling sleep skipping.
  71. 2016-07-10 09:21:41,015 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2464
  72. 2016-07-10 09:21:41,030 [root] INFO: Added new process to list with pid: 2464
  73. 2016-07-10 09:21:41,030 [root] INFO: Cuckoomon successfully loaded in process with pid 2464.
  74. 2016-07-10 09:21:41,937 [root] INFO: Process with pid 2532 has terminated
  75. 2016-07-10 09:21:48,578 [root] INFO: Notified of termination of process with pid 2464.
  76. 2016-07-10 09:21:48,640 [root] INFO: Announced 64-bit process name: conhost.exe pid: 1400
  77. 2016-07-10 09:21:48,687 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  78. 2016-07-10 09:21:48,687 [lib.api.process] WARNING: The process with pid 1400 is not alive, injection aborted
  79. 2016-07-10 09:21:48,796 [root] INFO: Announced 64-bit process name: WinMail.exe pid: 2044
  80. 2016-07-10 09:21:48,812 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  81. 2016-07-10 09:21:48,921 [root] INFO: Disabling sleep skipping.
  82. 2016-07-10 09:21:49,140 [root] INFO: Added new process to list with pid: 612
  83. 2016-07-10 09:21:49,155 [root] INFO: Cuckoomon successfully loaded in process with pid 612.
  84. 2016-07-10 09:21:49,312 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Temp\tmp0716edc8.bat
  85. 2016-07-10 09:21:50,046 [root] INFO: Process with pid 2464 has terminated
  86. 2016-07-10 09:21:51,125 [root] INFO: Starting WMI Service
  87. 2016-07-10 09:21:54,562 [root] INFO: Announced 32-bit process name: net.exe pid: 2680
  88. 2016-07-10 09:21:54,578 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  89. 2016-07-10 09:21:59,328 [root] INFO: Disabling sleep skipping.
  90. 2016-07-10 09:21:59,421 [root] INFO: Added new process to list with pid: 2680
  91. 2016-07-10 09:21:59,453 [root] INFO: Cuckoomon successfully loaded in process with pid 2680.
  92. 2016-07-10 09:21:59,921 [root] INFO: Announced 32-bit process name: cmd.exe pid: 1792
  93. 2016-07-10 09:21:59,953 [lib.api.process] DEBUG: Using QueueUserAPC injection.
  94. 2016-07-10 09:22:00,187 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1792
  95. 2016-07-10 09:22:00,405 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Roaming\Ulyvaxop\buygnydeud.acl
  96. 2016-07-10 09:22:02,983 [root] INFO: Notified of termination of process with pid 2580.
  97. 2016-07-10 09:22:03,125 [root] INFO: Disabling sleep skipping.
  98. 2016-07-10 09:22:03,233 [root] INFO: Added new process to list with pid: 2044
  99. 2016-07-10 09:22:03,250 [root] INFO: Cuckoomon successfully loaded in process with pid 2044.
  100. 2016-07-10 09:22:03,717 [root] INFO: Process with pid 2580 has terminated
  101. 2016-07-10 09:22:03,780 [root] INFO: Disabling sleep skipping.
  102. 2016-07-10 09:22:03,890 [root] INFO: Added new process to list with pid: 1792
  103. 2016-07-10 09:22:03,921 [root] INFO: Cuckoomon successfully loaded in process with pid 1792.
  104. 2016-07-10 09:22:05,875 [root] INFO: Announced starting service "Winmgmt"
  105. 2016-07-10 09:22:06,140 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  106. 2016-07-10 09:22:06,140 [root] INFO: Announced 64-bit process name: conhost.exe pid: 2064
  107. 2016-07-10 09:22:06,187 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  108. 2016-07-10 09:22:06,453 [root] INFO: Notified of termination of process with pid 2680.
  109. 2016-07-10 09:22:06,515 [root] INFO: Disabling sleep skipping.
  110. 2016-07-10 09:22:06,687 [root] INFO: Started WMI Service
  111. 2016-07-10 09:22:06,717 [root] INFO: Disabling sleep skipping.
  112. 2016-07-10 09:22:06,828 [root] INFO: Announced 64-bit process name: conhost.exe pid: 2768
  113. 2016-07-10 09:22:06,858 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  114. 2016-07-10 09:22:06,890 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
  115. 2016-07-10 09:22:08,921 [root] INFO: Added new process to list with pid: 448
  116. 2016-07-10 09:22:08,967 [root] INFO: Cuckoomon successfully loaded in process with pid 448.
  117. 2016-07-10 09:22:09,265 [root] INFO: Process with pid 2680 has terminated
  118. 2016-07-10 09:22:09,437 [root] INFO: Disabling sleep skipping.
  119. 2016-07-10 09:22:09,437 [root] INFO: Disabling sleep skipping.
  120. 2016-07-10 09:22:09,655 [root] INFO: Added new process to list with pid: 1504
  121. 2016-07-10 09:22:09,687 [root] INFO: Cuckoomon successfully loaded in process with pid 1504.
  122. 2016-07-10 09:22:09,687 [root] INFO: Added new process to list with pid: 2768
  123. 2016-07-10 09:22:09,765 [root] INFO: Cuckoomon successfully loaded in process with pid 2768.
  124. 2016-07-10 09:22:10,671 [root] INFO: Notified of termination of process with pid 1796.
  125. 2016-07-10 09:22:11,625 [root] INFO: Process with pid 1796 has terminated
  126. 2016-07-10 09:22:19,515 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\edb.log
  127. 2016-07-10 09:22:24,358 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\tmp.edb
  128. 2016-07-10 09:22:26,233 [root] INFO: Announced 64-bit process name: WmiPrvSE.exe pid: 672
  129. 2016-07-10 09:22:26,328 [lib.api.process] DEBUG: Using QueueUserAPC injection.
  130. 2016-07-10 09:22:26,875 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 672
  131. 2016-07-10 09:22:27,405 [root] INFO: Disabling sleep skipping.
  132. 2016-07-10 09:22:27,671 [root] INFO: Added new process to list with pid: 672
  133. 2016-07-10 09:22:27,765 [root] INFO: Cuckoomon successfully loaded in process with pid 672.
  134. 2016-07-10 09:22:30,078 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
  135. 2016-07-10 09:22:55,375 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Backup\temp\WindowsMail.MSMessageStore
  136. 2016-07-10 09:22:56,530 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\winmail.fol
  137. 2016-07-10 09:22:56,983 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Local Folders\Outbox\winmail.fol
  138. 2016-07-10 09:22:59,453 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Local Folders\Sent Items\winmail.fol
  139. 2016-07-10 09:23:02,030 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\winmail.fol
  140. 2016-07-10 09:23:03,187 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Local Folders\Drafts\winmail.fol
  141. 2016-07-10 09:23:03,765 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\winmail.fol
  142. 2016-07-10 09:23:07,312 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\edbtmp.log
  143. 2016-07-10 09:23:28,092 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
  144. 2016-07-10 09:23:30,515 [modules.auxiliary.human] INFO: Found button "OK", clicking it
  145. 2016-07-10 09:23:43,640 [root] INFO: Process with pid 2044 has terminated
  146. 2016-07-10 09:23:43,750 [root] INFO: Announced 64-bit process name: WinMail.exe pid: 2056
  147. 2016-07-10 09:23:43,858 [lib.api.process] DEBUG: Using QueueUserAPC injection.
  148. 2016-07-10 09:23:44,562 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 2056
  149. 2016-07-10 09:23:45,203 [root] INFO: Disabling sleep skipping.
  150. 2016-07-10 09:23:45,483 [root] INFO: Added new process to list with pid: 2056
  151. 2016-07-10 09:23:45,562 [root] INFO: Cuckoomon successfully loaded in process with pid 2056.
  152. 2016-07-10 09:23:56,750 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\edb.chk
  153. 2016-07-10 09:24:11,375 [root] WARNING: File at path "C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\tmp.edb" does not exist, skip.
  154. 2016-07-10 09:24:11,905 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\tmp.edb
  155. 2016-07-10 09:24:35,092 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Backup\temp\WindowsMail.MSMessageStore
  156. 2016-07-10 09:24:43,750 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\edbtmp.log
  157. 2016-07-10 09:24:50,530 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\7C0272B0-00000001.eml
  158. 2016-07-10 09:24:53,390 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\7C0272B0-00000001.eml:OECustomProperty
  159. 2016-07-10 09:25:22,155 [root] INFO: Notified of termination of process with pid 1792.
  160. 2016-07-10 09:25:23,328 [root] INFO: Process with pid 1792 has terminated
  161. 2016-07-10 09:25:23,421 [root] INFO: Process with pid 2768 has terminated
  162. 2016-07-10 09:25:35,233 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Backup\temp\edb00003.log
  163. 2016-07-10 09:25:35,875 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Backup\temp\WindowsMail.pat
  164. 2016-07-10 09:25:41,703 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Temp\Cab9CBC.tmp
  165. 2016-07-10 09:25:49,515 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Temp\Tar9CCD.tmp
  166. 2016-07-10 09:26:03,717 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
  167. 2016-07-10 09:26:03,858 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
  168. 2016-07-10 09:26:04,405 [root] INFO: Added new file to list with path: C:\Users\RICH\AppData\Local\Temp\ppcrlui_2056_2
  169. 2016-07-10 09:26:12,655 [root] INFO: Announced 64-bit process name: WMIADAP.exe pid: 2772
  170. 2016-07-10 09:26:12,703 [lib.api.process] DEBUG: Using QueueUserAPC injection.
  171. 2016-07-10 09:26:14,421 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 2772
  172. 2016-07-10 09:26:14,625 [root] INFO: Disabling sleep skipping.
  173. 2016-07-10 09:26:14,842 [root] INFO: Added new process to list with pid: 2772
  174. 2016-07-10 09:26:14,875 [root] INFO: Cuckoomon successfully loaded in process with pid 2772.
  175. 2016-07-10 09:26:19,780 [root] INFO: Announced 64-bit process name: WmiPrvSE.exe pid: 1964
  176. 2016-07-10 09:26:19,842 [lib.api.process] DEBUG: Using QueueUserAPC injection.
  177. 2016-07-10 09:26:20,437 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 1964
  178. 2016-07-10 09:26:20,687 [root] INFO: Disabling sleep skipping.
  179. 2016-07-10 09:26:20,875 [root] INFO: Added new process to list with pid: 1964
  180. 2016-07-10 09:26:21,015 [root] INFO: Cuckoomon successfully loaded in process with pid 1964.
  181. 2016-07-10 09:26:39,858 [root] INFO: Added new file to list with path: C:\Windows\sysnative\wbem\Performance\WmiApRpl_new.h
  182. 2016-07-10 09:27:23,812 [root] INFO: Added new file to list with path: C:\Windows\sysnative\wbem\Performance\WmiApRpl_new.ini
  183. 2016-07-10 09:27:28,187 [root] INFO: Added new file to list with path: C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
  184. 2016-07-10 09:27:29,030 [root] INFO: Added new file to list with path: C:\Windows\sysnative\wbem\repository\INDEX.BTR
  185. 2016-07-10 09:27:30,578 [root] INFO: Added new file to list with path: C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
  186. 2016-07-10 09:28:21,562 [root] INFO: Announced starting service "gupdate"
  187. 2016-07-10 09:28:21,858 [root] INFO: Announced 32-bit process name: GoogleUpdate.exe pid: 2184
  188. 2016-07-10 09:28:22,015 [lib.api.process] DEBUG: Using QueueUserAPC injection.
  189. 2016-07-10 09:28:22,608 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2184
  190. 2016-07-10 09:28:22,905 [root] INFO: Disabling sleep skipping.
  191. 2016-07-10 09:28:23,046 [root] INFO: Added new process to list with pid: 2184
  192. 2016-07-10 09:28:23,108 [root] INFO: Cuckoomon successfully loaded in process with pid 2184.
  193. 2016-07-10 09:29:13,733 [root] INFO: Notified of termination of process with pid 2184.
  194. 2016-07-10 09:29:13,890 [root] INFO: Process with pid 2184 has terminated
  195. 2016-07-10 09:29:28,046 [root] INFO: Announced 64-bit process name: taskhost.exe pid: 1788
  196. 2016-07-10 09:29:28,358 [lib.api.process] DEBUG: Using QueueUserAPC injection.
  197. 2016-07-10 09:29:29,515 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 1788
  198. 2016-07-10 09:29:30,530 [root] INFO: Announced 64-bit process name: taskhost.exe pid: 1788
  199. 2016-07-10 09:29:30,703 [root] INFO: Disabling sleep skipping.
  200. 2016-07-10 09:29:30,717 [lib.api.process] DEBUG: Using QueueUserAPC injection.
  201. 2016-07-10 09:29:32,233 [root] INFO: Added new process to list with pid: 1788
  202. 2016-07-10 09:29:32,375 [root] INFO: Cuckoomon successfully loaded in process with pid 1788.
  203. 2016-07-10 09:29:33,453 [root] INFO: Added new file to list with path: C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48
  204. 2016-07-10 09:30:32,217 [root] INFO: Notified of termination of process with pid 2056.
  205. 2016-07-10 09:30:32,983 [root] INFO: Process with pid 2056 has terminated
  206. 2016-07-10 09:31:15,921 [root] INFO: Notified of termination of process with pid 1964.
  207. 2016-07-10 09:31:17,171 [root] INFO: Process with pid 1964 has terminated
  208. 2016-07-10 09:31:24,015 [root] INFO: Added new file to list with path: C:\Windows\inf\WmiApRpl\WmiApRpl.h
  209. 2016-07-10 09:31:24,140 [root] INFO: Added new file to list with path: C:\Windows\inf\WmiApRpl\0009\WmiApRpl.ini
  210. 2016-07-10 09:31:28,296 [root] INFO: Added new file to list with path: C:\Windows\sysnative\PerfStringBackup.TMP
  211. 2016-07-10 09:31:33,342 [root] INFO: Added new file to list with path: C:\Windows\sysnative\PerfStringBackup.INI
  212. 2016-07-10 09:32:55,921 [root] INFO: Notified of termination of process with pid 2772.
  213. 2016-07-10 09:32:56,546 [root] INFO: Process with pid 2772 has terminated
  214. 2016-07-10 09:37:46,875 [root] INFO: Analysis timeout hit, terminating analysis.
  215. 2016-07-10 09:37:47,078 [root] INFO: Created shutdown mutex.
  216. 2016-07-10 09:37:48,296 [root] INFO: Shutting down package.
  217. 2016-07-10 09:37:48,390 [root] INFO: Stopping auxiliary modules.
  218. 2016-07-10 09:37:53,280 [root] INFO: Terminating remaining processes before shutdown.
  219. 2016-07-10 09:37:53,515 [lib.api.process] INFO: Successfully terminated process with pid 2708.
  220. 2016-07-10 09:37:53,765 [lib.api.process] INFO: Successfully terminated process with pid 1136.
  221. 2016-07-10 09:37:54,015 [lib.api.process] INFO: Successfully terminated process with pid 1188.
  222. 2016-07-10 09:37:54,342 [lib.api.process] INFO: Successfully terminated process with pid 1232.
  223. 2016-07-10 09:37:54,780 [lib.api.process] INFO: Successfully terminated process with pid 612.
  224. 2016-07-10 09:37:55,078 [lib.api.process] INFO: Successfully terminated process with pid 448.
  225. 2016-07-10 09:37:55,140 [root] INFO: Received shutdown request
  226. 2016-07-10 09:37:55,140 [root] INFO: Received shutdown request
  227. 2016-07-10 09:37:55,171 [root] INFO: Received shutdown request
  228. 2016-07-10 09:37:55,250 [lib.api.process] INFO: Successfully terminated process with pid 1504.
  229. 2016-07-10 09:37:55,858 [lib.api.process] INFO: Successfully terminated process with pid 672.
  230. 2016-07-10 09:37:55,983 [lib.api.process] INFO: Successfully terminated process with pid 1788.
  231. 2016-07-10 09:37:56,092 [root] INFO: Finishing auxiliary modules.
  232. 2016-07-10 09:37:56,233 [root] INFO: Shutting down pipe server and dumping dropped files.
  233. 2016-07-10 09:37:58,796 [lib.common.results] ERROR: Exception uploading file C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore to host: [Errno 10054] An existing connection was forcibly closed by the remote host
  234. 2016-07-10 09:38:03,796 [root] WARNING: File at path "C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\tmp.edb" does not exist, skip.
  235. 2016-07-10 09:38:04,453 [root] WARNING: File at path "C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\tmp.edb" does not exist, skip.
  236. 2016-07-10 09:38:06,312 [lib.common.results] ERROR: Exception uploading file C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\Backup\new\windowsmail.msmessagestore to host: [Errno 10054] An existing connection was forcibly closed by the remote host
  237. 2016-07-10 09:38:07,453 [lib.common.results] ERROR: Exception uploading file C:\Users\RICH\AppData\Local\Microsoft\Windows Mail\edb.log to host: [Errno 10054] An existing connection was forcibly closed by the remote host
  238. 2016-07-10 09:38:16,530 [lib.common.results] ERROR: Exception uploading file C:\Windows\sysnative\wbem\repository\OBJECTS.DATA to host: [Errno 10054] An existing connection was forcibly closed by the remote host
  239. 2016-07-10 09:38:22,983 [root] INFO: Analysis completed.
  240.  
  241.  
  242.  
  243.  
  244.  
  245.  
  246.  
  247.  
  248.  
  249.  
  250.  
  251. https://sandbox.anlyz.io/
  252. https://sandbox.anlyz.io/analysis/
  253. https://sandbox.anlyz.io/analysis/pending/
  254. https://sandbox.anlyz.io/submit/
  255. https://sandbox.anlyz.io/analysis/1049/
  256. https://sandbox.anlyz.io/compare/1049/
  257. http://fartertourhost.net:9040/data/travel/tourguide/hydroformTyrtAs.php
  258. http://crl.microsoft.com:9040/pki/crl/products/CodeSignPCA.crl
  259. http://tools.google.com:9040/service/update2?cup2key=6:841403583&cup2hreq=206c0cee54153255155ae1aef13951891af050d04a97b25d1d2c690eaaf8757b
  260. https://sandbox.anlyz.io/file/screenshot/1049/0001/
  261. https://sandbox.anlyz.io/file/screenshot/1049/0002/
  262. https://sandbox.anlyz.io/file/screenshot/1049/0003/
  263. https://sandbox.anlyz.io/file/screenshot/1049/0004/
  264. https://sandbox.anlyz.io/file/screenshot/1049/0005/
  265. https://sandbox.anlyz.io/file/screenshot/1049/0006/
  266. https://sandbox.anlyz.io/file/screenshot/1049/0007/
  267. https://sandbox.anlyz.io/file/screenshot/1049/0008/
  268. https://sandbox.anlyz.io/file/screenshot/1049/0009/
  269. https://sandbox.anlyz.io/file/screenshot/1049/0010/
  270. https://sandbox.anlyz.io/file/screenshot/1049/0011/
  271. https://sandbox.anlyz.io/file/screenshot/1049/0012/
  272. https://sandbox.anlyz.io/file/screenshot/1049/0013/
  273. https://sandbox.anlyz.io/file/screenshot/1049/0014/
  274. https://sandbox.anlyz.io/file/screenshot/1049/0015/
  275. https://sandbox.anlyz.io/file/screenshot/1049/0016/
  276. https://sandbox.anlyz.io/file/screenshot/1049/0017/
  277. https://sandbox.anlyz.io/file/screenshot/1049/0018/
  278. https://sandbox.anlyz.io/file/screenshot/1049/0019/
  279. https://sandbox.anlyz.io/file/screenshot/1049/0020/
  280. https://sandbox.anlyz.io/file/screenshot/1049/0021/
  281. https://sandbox.anlyz.io/file/screenshot/1049/0022/
  282. https://sandbox.anlyz.io/file/screenshot/1049/0023/
  283. https://sandbox.anlyz.io/file/screenshot/1049/0024/
  284. https://sandbox.anlyz.io/file/screenshot/1049/0025/
  285. https://sandbox.anlyz.io/file/screenshot/1049/0026/
  286. https://sandbox.anlyz.io/file/screenshot/1049/0027/
  287. https://sandbox.anlyz.io/file/screenshot/1049/0028/
  288. https://sandbox.anlyz.io/file/screenshot/1049/0029/
  289. https://www.virustotal.com/en/domain/clients2.google.com/information/
  290. https://threatintel.proofpoint.com/search?q=clients2.google.com
  291. https://www.passivetotal.org/passive/clients2.google.com
  292. https://www.virustotal.com/en/ip-address/172.217.22.174/information/
  293. https://threatintel.proofpoint.com/search?q=172.217.22.174
  294. https://www.passivetotal.org/passive/172.217.22.174
  295. https://www.virustotal.com/en/domain/dns.msftncsi.com/information/
  296. https://threatintel.proofpoint.com/search?q=dns.msftncsi.com
  297. https://www.passivetotal.org/passive/dns.msftncsi.com
  298. https://www.virustotal.com/en/ip-address/131.107.255.255/information/
  299. https://threatintel.proofpoint.com/search?q=131.107.255.255
  300. https://www.passivetotal.org/passive/131.107.255.255
  301. https://www.virustotal.com/en/domain/tools.google.com/information/
  302. https://threatintel.proofpoint.com/search?q=tools.google.com
  303. https://www.passivetotal.org/passive/tools.google.com
  304. https://www.virustotal.com/en/domain/fartertourhost.net/information/
  305. https://threatintel.proofpoint.com/search?q=fartertourhost.net
  306. https://www.passivetotal.org/passive/fartertourhost.net
  307. https://www.virustotal.com/en/ip-address/172.245.9.50/information/
  308. https://threatintel.proofpoint.com/search?q=172.245.9.50
  309. https://www.passivetotal.org/passive/172.245.9.50
  310. https://www.virustotal.com/en/domain/farterhotelshost.net/information/
  311. https://threatintel.proofpoint.com/search?q=farterhotelshost.net
  312. https://www.passivetotal.org/passive/farterhotelshost.net
  313. https://www.virustotal.com/en/ip-address//information/
  314. https://threatintel.proofpoint.com/search?q=
  315. https://www.passivetotal.org/passive/
  316. https://www.virustotal.com/en/domain/crl.microsoft.com/information/
  317. https://threatintel.proofpoint.com/search?q=crl.microsoft.com
  318. https://www.passivetotal.org/passive/crl.microsoft.com
  319. https://www.virustotal.com/en/ip-address/212.247.20.9/information/
  320. https://threatintel.proofpoint.com/search?q=212.247.20.9
  321. https://www.passivetotal.org/passive/212.247.20.9
  322. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetConsoleMode
  323. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetConsoleCP
  324. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ReadFile
  325. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCurrentThreadId
  326. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetLastError
  327. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TlsFree
  328. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TlsSetValue
  329. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TlsAlloc
  330. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TlsGetValue
  331. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=IsValidCodePage
  332. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetOEMCP
  333. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetACP
  334. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetModuleFileNameA
  335. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=WriteFile
  336. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ExitProcess
  337. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetModuleHandleW
  338. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=HeapReAlloc
  339. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=VirtualAlloc
  340. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=VirtualFree
  341. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetFileType
  342. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=FlushFileBuffers
  343. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetHandleCount
  344. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCPInfo
  345. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LCMapStringW
  346. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=MultiByteToWideChar
  347. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=WideCharToMultiByte
  348. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LCMapStringA
  349. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=RaiseException
  350. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=RtlUnwind
  351. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetStartupInfoA
  352. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCommandLineA
  353. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=IsDebuggerPresent
  354. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetUnhandledExceptionFilter
  355. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=UnhandledExceptionFilter
  356. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCurrentProcess
  357. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TerminateProcess
  358. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=HeapFree
  359. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LeaveCriticalSection
  360. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EnterCriticalSection
  361. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DeleteCriticalSection
  362. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=InitializeCriticalSection
  363. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=InterlockedDecrement
  364. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=InterlockedIncrement
  365. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetFilePointer
  366. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=FreeEnvironmentStringsA
  367. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCurrentProcessId
  368. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetEnvironmentStrings
  369. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=FreeEnvironmentStringsW
  370. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetEnvironmentStringsW
  371. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=QueryPerformanceCounter
  372. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetSystemTimeAsFileTime
  373. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=HeapSize
  374. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetUserDefaultLCID
  375. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EnumSystemLocalesA
  376. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=IsValidLocale
  377. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetStringTypeA
  378. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetStringTypeW
  379. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=InitializeCriticalSectionAndSpinCount
  380. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=WriteConsoleA
  381. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetConsoleOutputCP
  382. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=WriteConsoleW
  383. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetStdHandle
  384. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateFileA
  385. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetLocaleInfoW
  386. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetEndOfFile
  387. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetProcessHeap
  388. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=lstrcpyA
  389. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateThread
  390. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DeleteFileW
  391. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CloseHandle
  392. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=WinExec
  393. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetModuleHandleA
  394. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GlobalDeleteAtom
  395. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LoadLibraryA
  396. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GlobalFree
  397. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GlobalGetAtomNameA
  398. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetProcAddress
  399. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetLastError
  400. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GlobalUnlock
  401. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetFileAttributesW
  402. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=HeapCreate
  403. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateEventA
  404. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=Sleep
  405. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LoadLibraryW
  406. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GlobalAlloc
  407. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetTickCount
  408. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetEvent
  409. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=WaitForSingleObject
  410. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GlobalLock
  411. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GlobalAddAtomA
  412. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=HeapAlloc
  413. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=FreeLibrary
  414. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetLocaleInfoA
  415. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=lstrlenA
  416. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetStdHandle
  417. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=RegisterClassA
  418. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetDlgItemTextA
  419. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DestroyIcon
  420. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=UnpackDDElParam
  421. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DialogBoxParamA
  422. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetDlgItemTextA
  423. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetDlgCtrlID
  424. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LoadCursorA
  425. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetClipboardData
  426. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=UpdateWindow
  427. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EndPaint
  428. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DestroyWindow
  429. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetCursor
  430. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetMessageA
  431. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CloseClipboard
  432. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetDlgItemInt
  433. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetTimer
  434. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetWindowRect
  435. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=PackDDElParam
  436. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=InsertMenuItemA
  437. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=RegisterClassExA
  438. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=PostQuitMessage
  439. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SendDlgItemMessageA
  440. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetTopWindow
  441. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=KillTimer
  442. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DrawTextA
  443. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetSubMenu
  444. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LoadStringA
  445. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DeleteMenu
  446. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetFocus
  447. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LoadBitmapA
  448. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=IsClipboardFormatAvailable
  449. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LoadIconA
  450. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=wsprintfA
  451. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetClientRect
  452. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SendMessageA
  453. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LoadImageA
  454. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetDC
  455. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TranslateMessage
  456. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ShowCursor
  457. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetForegroundWindow
  458. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetDlgItemInt
  459. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetMenu
  460. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=OffsetRect
  461. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetKeyboardLayout
  462. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TrackPopupMenuEx
  463. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=RegisterClipboardFormatA
  464. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetRect
  465. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetScrollInfo
  466. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=MessageBoxA
  467. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=InvalidateRect
  468. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetCursorPos
  469. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateAcceleratorTableA
  470. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EnumPropsA
  471. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetWindowLongA
  472. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetClipboardData
  473. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateWindowExA
  474. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetScrollPos
  475. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=PeekMessageA
  476. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ReleaseDC
  477. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EnableMenuItem
  478. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EmptyClipboard
  479. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TranslateAcceleratorA
  480. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetDlgItem
  481. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EndDialog
  482. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DefWindowProcA
  483. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetSysColor
  484. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetWindowPos
  485. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetCursorPos
  486. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CheckDlgButton
  487. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LoadAcceleratorsA
  488. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ShowWindow
  489. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetSysColorBrush
  490. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=IsDlgButtonChecked
  491. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=FreeDDElParam
  492. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=PostMessageA
  493. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DispatchMessageA
  494. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CheckRadioButton
  495. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=OpenClipboard
  496. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DefMDIChildProcA
  497. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ReleaseCapture
  498. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetSystemMetrics
  499. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetWindowTextA
  500. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=BeginPaint
  501. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreatePolygonRgn
  502. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=MoveToEx
  503. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EndPage
  504. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=BitBlt
  505. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DeleteEnhMetaFile
  506. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetEnhMetaFileA
  507. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=StartPage
  508. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetTextColor
  509. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateDIBSection
  510. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateFontA
  511. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetDeviceCaps
  512. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=LineTo
  513. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetDCBrushColor
  514. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetBkColor
  515. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CopyEnhMetaFileA
  516. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetBkMode
  517. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DeleteObject
  518. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SelectObject
  519. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetEnhMetaFileDescriptionA
  520. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateCompatibleDC
  521. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetKerningPairsA
  522. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=PlayEnhMetaFile
  523. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateCompatibleBitmap
  524. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=StartDocA
  525. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=RealizePalette
  526. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SelectPalette
  527. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetTextExtentPointA
  528. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreatePen
  529. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetTextMetricsA
  530. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SetTextAlign
  531. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=EndDoc
  532. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetStockObject
  533. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ExtTextOutA
  534. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=UpdateColors
  535. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=TextOutA
  536. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CreateFontIndirectA
  537. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=DeleteDC
  538. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetOpenFileNameA
  539. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GetSaveFileNameA
  540. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=PrintDlgA
  541. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=RegOpenKeyExA
  542. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=RegQueryValueExA
  543. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SHGetPathFromIDListA
  544. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SHGetMalloc
  545. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SHGetDesktopFolder
  546. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SHAppBarMessage
  547. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SHGetSpecialFolderLocation
  548. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SHGetFileInfoA
  549. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SHBrowseForFolderA
  550. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CoWaitForMultipleHandles
  551. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=CoInitialize
  552. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=None
  553. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GopherGetLocatorTypeW
  554. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=SHCreateStreamOnFileEx
  555. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ImageList_Create
  556. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ImageList_ReplaceIcon
  557. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ImageList_Add
  558. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=RpcServerUseProtseqEpA
  559. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GdipCreateBitmapFromScan0
  560. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GdipFree
  561. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GdipCloneImage
  562. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GdipDisposeImage
  563. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GdipAlloc
  564. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=GdipGetImageGraphicsContext
  565. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=glBegin
  566. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=glClear
  567. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=glNormal3f
  568. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ImmGetConversionStatus
  569. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ImmIsIME
  570. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ImmReleaseContext
  571. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ImmGetDescriptionA
  572. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ImmSetOpenStatus
  573. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ImmGetOpenStatus
  574. http://social.msdn.microsoft.com/Search/en-US/windows/desktop?query=ImmGetContext
  575. https://www.virustotal.com/en/file/671d98a17e304354221c93fda743e8e91cf3f3abeafdc6cbec71c2b7df2127a0/analysis/
  576. https://www.virustotal.com/en/file/b3427f8b86b69f13ab3212a732ae23e8b881abcc2251cb17c29c6eb576e37df1/analysis/
  577. https://www.virustotal.com/en/file/8fe47d70f14042df202d35186c01b55f5ccb64f63ab23f8184b63b67d3ef1462/analysis/
  578. https://www.virustotal.com/en/file/b09292ccbda9700bfabfeedf67d3f7b0a92edf7645f237239b86188ddb9db708/analysis/
  579. https://www.virustotal.com/en/file/7fa41bc535d6e4eb78ba9fb1d448021614b67da05e1931aa690212fdf2861283/analysis/
  580. https://www.virustotal.com/en/file/057db5fcb2f897feabdd8ac80f922c16d13e68a2f481d095e29b1d5414bdf5a9/analysis/
  581. https://www.virustotal.com/en/file/5a147e289db68bb4689a7d8683845531b09dae7069bc7e47d24c46c45c47b578/analysis/
  582. https://www.virustotal.com/en/file/7242a55abc0ea5c823cb5e755958781c5a3f362df1529e1c80dddc5739475e66/analysis/
  583. https://www.virustotal.com/en/file/68127084029e2acc33773446091acbdf274a1fc1428809728da7957ce93de128/analysis/
  584. https://www.virustotal.com/en/file/571a278882621b5d3dc2f3d213f0c464e6d6a4564413670394e050fc2d8d0f05/analysis/
  585. https://www.virustotal.com/en/file/c1f80d9e281441239c5f40d8ae18a867b2d517385d16fd05c122a0b2716cba56/analysis/
  586. https://www.virustotal.com/en/file/9d400c8c43a973087ab2e25624b894120d9789316a50cd1ae4d1c33e1f054f81/analysis/
  587. https://www.virustotal.com/en/file/aecc19ae0fe8a8abf97787fc85721255a482d988df3e2c4c39ea6f134a35ae3a/analysis/
  588. https://www.virustotal.com/en/file/2654c273c211ae1afc60a7736153a853142e3db028417206948576d1d57bf5d5/analysis/
  589. https://www.virustotal.com/en/file/ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef/analysis/
  590. https://www.virustotal.com/en/file/ab0bf207d577efd6e84fb4afda7ab3ea75b4fbcd4b54cae21c10506d9f3bbbfa/analysis/
  591. https://www.virustotal.com/en/file/7f5c7e162650a63836bbb727e04549195abea05407d7686b5700309554f92c2e/analysis/
  592. https://www.virustotal.com/en/file/3f94f8630c7603f9da79bf021cb56ac5357502badf6cb12f6ce11e5b2b244153/analysis/
  593. https://www.virustotal.com/en/file/7f60e0a695a98abc30f136fcad8d057619b994b7e14fdbb040a61e185d7f151c/analysis/
  594. https://www.virustotal.com/en/file/2080f6e16e43bbb87eb70aec708b7ffcbb9957a4f190e97eb286f0be8742ac42/analysis/
  595. https://www.virustotal.com/en/file/d23aef9ddc2056007405dd640ad431bff44c772702ef00fcbc8debc2f47d8e73/analysis/
  596. https://www.virustotal.com/en/file/ae2b6236d3eeb4822835714ae9444e5dcd21bc60f7a909f2962c43bc743c7b15/analysis/
  597. https://www.virustotal.com/en/file/a8bcce491a808d946d4eb7bf3e1a0e65ff0128a8076dc261372c75d4d77c4e61/analysis/
  598. https://www.virustotal.com/en/file/cc25aca0012374ee6ea7a6a26a0f9db8961c43f2198ad3954f25fc22a48a5543/analysis/
  599. https://www.virustotal.com/en/file/56dff4aa6b734e11de8c3b32eb4830c409f476889ca5bd7532500b0f2c1e25d8/analysis/
  600. https://www.virustotal.com/en/file/82dfefafabcf69320cf635a6997358b5dc955bb99e4fe6d4b0682b18ef4f7c8b/analysis/
  601. https://www.virustotal.com/en/file/dcddd71f96edc57c358666de7abe724adc2628a2cd1fd1183e32414a3cae35ed/analysis/
  602. https://www.virustotal.com/en/file/ee26bdbd4965b9a6459b7bad4e37134ee959cd9d4a639fb378a3382dc41a620c/analysis/
  603. https://www.virustotal.com/en/file/64ad4ac075bc724585ed2a0ff94659f529fe47c8ce41fd54961609c55349400d/analysis/
  604. https://www.virustotal.com/en/file/4b32155b384913c95df5a4c3cde6912c8a5b738c36ee3d257de6ef86f8be42f5/analysis/
  605. https://www.virustotal.com/en/file/d2d215d8a49266feb5f0ee6b3bfcac49db83285b95011fca32759b4bf6caa70d/analysis/
  606. https://www.virustotal.com/en/file/0b89ef7b431edc8726099d63525758f88c416ace0ce816dbcaaac4ae7050317a/analysis/
  607. https://www.virustotal.com/en/file/5b15b1fc32713447c3fbc952a0fb02f1fd78c6f9ac69087bdb240625b0282614/analysis/
  608. https://www.virustotal.com/en/file/21dfcad90667d0611e106ffd8c197d46a3a91fcd493dbd702c1d95ec52b37491/analysis/
  609. https://www.virustotal.com/en/file/16004a24f65ddfd3b6d9f2936b1df85cc83f121022a8155033bbbfa04f743b2d/analysis/
  610. https://sandbox.anlyz.io/filereport/1049/json/
  611. https://sandbox.anlyz.io/filereport/1049/html/
  612. https://sandbox.anlyz.io/filereport/1049/htmlsummary/
  613. https://sandbox.anlyz.io/filereport/1049/pdf/
  614. https://mutexdb.com/
  615. https://sandbox.anlyz.io/about
  616. https://sandbox.anlyz.io/terms
  617. https://github.com/marirs/anlyz/issues
  618.  
  619.  
  620.  
  621.  
  622. .text
  623. `.rdata
  624. @.data
  625. .rsrc
  626. SSPPPPh
  627. L$8h
  628. D$ h
  629. ;=PcF
  630. ;=LcF
  631. SSSPSPh
  632. D$D;5HcF
  633. VSSSSh
  634. |$` swj
  635. Wh0@C
  636. PhpCC
  637. YQPVh
  638. to=POC
  639. Phx`F
  640. QW@Ph
  641. 35pCC
  642. ;5HKC
  643. 95\`F
  644. Fh= GC
  645. Fh GC
  646. Y;=(MC
  647. ;5XOC
  648. v$;5tOC
  649. uL9=X`F
  650. 9=X`F
  651. SVWUj
  652. 95|cF
  653. string too long
  654. invalid string position
  655. Unknown exception
  656. LC_TIME
  657. LC_NUMERIC
  658. LC_MONETARY
  659. LC_CTYPE
  660. LC_COLLATE
  661. LC_ALL
  662. (null)
  663. `h````
  664. CorExitProcess
  665. runtime error
  666. Microsoft Visual C++ Runtime Library
  667. <program name unknown>
  668. Program:
  669. EncodePointer
  670. DecodePointer
  671. FlsFree
  672. FlsSetValue
  673. FlsGetValue
  674. FlsAlloc
  675. UTF-8
  676. UTF-16LE
  677. UNICODE
  678. bad exception
  679. HH:mm:ss
  680. dddd, MMMM dd, yyyy
  681. MM/dd/yy
  682. December
  683. November
  684. October
  685. September
  686. August
  687. April
  688. March
  689. February
  690. January
  691. Saturday
  692. Friday
  693. Thursday
  694. Wednesday
  695. Tuesday
  696. Monday
  697. Sunday
  698. united-states
  699. united-kingdom
  700. trinidad & tobago
  701. south-korea
  702. south-africa
  703. south korea
  704. south africa
  705. slovak
  706. puerto-rico
  707. pr-china
  708. pr china
  709. new-zealand
  710. hong-kong
  711. holland
  712. great britain
  713. england
  714. czech
  715. china
  716. britain
  717. america
  718. swiss
  719. swedish-finland
  720. spanish-venezuela
  721. spanish-uruguay
  722. spanish-puerto rico
  723. spanish-peru
  724. spanish-paraguay
  725. spanish-panama
  726. spanish-nicaragua
  727. spanish-modern
  728. spanish-mexican
  729. spanish-honduras
  730. spanish-guatemala
  731. spanish-el salvador
  732. spanish-ecuador
  733. spanish-dominican republic
  734. spanish-costa rica
  735. spanish-colombia
  736. spanish-chile
  737. spanish-bolivia
  738. spanish-argentina
  739. portuguese-brazilian
  740. norwegian-nynorsk
  741. norwegian-bokmal
  742. norwegian
  743. italian-swiss
  744. irish-english
  745. german-swiss
  746. german-luxembourg
  747. german-lichtenstein
  748. german-austrian
  749. french-swiss
  750. french-luxembourg
  751. french-canadian
  752. french-belgian
  753. english-usa
  754. english-us
  755. english-uk
  756. english-trinidad y tobago
  757. english-south africa
  758. english-nz
  759. english-jamaica
  760. english-ire
  761. english-caribbean
  762. english-can
  763. english-belize
  764. english-aus
  765. english-american
  766. dutch-belgian
  767. chinese-traditional
  768. chinese-singapore
  769. chinese-simplified
  770. chinese-hongkong
  771. chinese
  772. canadian
  773. belgian
  774. australian
  775. american-english
  776. american english
  777. american
  778. Norwegian-Nynorsk
  779. GetProcessWindowStation
  780. GetUserObjectInformationA
  781. GetLastActivePopup
  782. GetActiveWindow
  783. MessageBoxA
  784. USER32.DLL
  785. Complete Object Locator'
  786. Class Hierarchy Descriptor'
  787. Base Class Array'
  788. Base Class Descriptor at (
  789. Type Descriptor'
  790. `local static thread guard'
  791. `managed vector copy constructor iterator'
  792. `vector vbase copy constructor iterator'
  793. `vector copy constructor iterator'
  794. `dynamic atexit destructor for '
  795. `dynamic initializer for '
  796. `eh vector vbase copy constructor iterator'
  797. `eh vector copy constructor iterator'
  798. `managed vector destructor iterator'
  799. `managed vector constructor iterator'
  800. `placement delete[] closure'
  801. `placement delete closure'
  802. `omni callsig'
  803. delete[]
  804. new[]
  805. `local vftable constructor closure'
  806. `local vftable'
  807. `RTTI
  808. `udt returning'
  809. `copy constructor closure'
  810. `eh vector vbase constructor iterator'
  811. `eh vector destructor iterator'
  812. `eh vector constructor iterator'
  813. `virtual displacement map'
  814. `vector vbase constructor iterator'
  815. `vector destructor iterator'
  816. `vector constructor iterator'
  817. `scalar deleting destructor'
  818. `default constructor closure'
  819. `vector deleting destructor'
  820. `vbase destructor'
  821. `string'
  822. `local static guard'
  823. `typeof'
  824. `vcall'
  825. `vbtable'
  826. `vftable'
  827. operator
  828. delete
  829. __unaligned
  830. __restrict
  831. __ptr64
  832. __clrcall
  833. __fastcall
  834. __thiscall
  835. __stdcall
  836. __pascal
  837. __cdecl
  838. __based(
  839. SunMonTueWedThuFriSat
  840. JanFebMarAprMayJunJulAugSepOctNovDec
  841. CONOUT$
  842. CheckBox
  843. bad allocation
  844. ios_base::badbit set
  845. ios_base::failbit set
  846. ios_base::eofbit set
  847. 88u;L$_
  848. 3=pRUF$
  849. VideoDevice
  850. MDICLIENT
  851. Child Window
  852. TextEditor
  853. Failed To read file
  854. SysTreeView32
  855. Viewer
  856. Enhanced Metafiles (*.EMF)
  857. *.emf
  858. All Files (*.*)
  859. Description =
  860. Metafile Properties
  861. game's Scherer Scenarios Conditional
  862. terminology emphasise
  863. graphic Jensen EBM improves
  864. wasting Spotlight Checksum Aero triggering
  865. Foxconn manual airwaves destroy
  866. stem 142 standardizing
  867. enthusiasts insistence
  868. its immoralities RNA
  869. council multi establishes Removable local
  870. prove Ahead Server NT fixes
  871. recompiling JAM ExpressCharge guess Representation
  872. MLE OrderNumber Kardon pki schema
  873. MaxPendingSessions Lua equates resolution What
  874. generality currently kidnapping
  875. Detailed movable background incompatible
  876. Greater
  877. drying enormously raised ONTOLOGY
  878. jumbo ultimately traits
  879. negotiated Model'
  880. equates Sweden reception
  881. LAME tutorial totally
  882. NDA secret
  883. TRENDware
  884. cat Discretionary binary
  885. disgruntled enriches Bezier theyll
  886. Redefinition city Depmod PS
  887. disambiguate Flat extensively employed
  888. Boole VoodooPC
  889. dissociated template Monotone
  890. Anyone alteration enforce reader
  891. derived WinFS effected toggle
  892. Except Shingles Garbage DirectAccess
  893. commodities LED
  894. nantech accredited IMSAI
  895. runner AccuRev
  896. VNS openly Standoff FMCDH
  897. TAP Multisync Outlook date
  898. decades Blur ADSL 2004
  899. Both noticed DUN
  900. designations indenting
  901. WinFS Anyone predictor energies
  902. capacitors rational Industrial
  903. studied sounds
  904. undergraduates
  905. proliferation councils magazines
  906. Go Sarahs Flu series
  907. housewives BeginGetResponse disaster min
  908. Goals lasst Neuromorphic beyond whom
  909. tuned arcade
  910. blit guns multi SETI
  911. paychecks by DriveClone revocation Pool
  912. chameleon ensue Croatian
  913. boarding
  914. Choose student recreating
  915. If Handhelds
  916. Teleprocessing
  917. though Skeptics
  918. penalties
  919. Trustworthy macros multiplayer
  920. strikes behest
  921. friendships placed
  922. unifying results dwindle Aero
  923. int skeptical Uplink fiction
  924. shortcomings unsettled
  925. harming ClientCredentialType
  926. Access PGP row
  927. Is TokenStorage
  928. FLOSS LocalService
  929. RL large established scaling
  930. Berthon
  931. universally Everex reports reset boats
  932. Gonna Storing
  933. keys Mukophadhyay KOKORO
  934. updategrams singly nineteenth hangs
  935. Rivkin
  936. Pingback Unformat Hardware Copyright
  937. D3D10_USAGE_STAGING CAT6 travelers Hastie
  938. eastwards boy's
  939. Show Title
  940. button
  941. msctls_progress32
  942. Finished
  943. like 8086 render EDI
  944. DriveTrust gender 1963 blink Opera
  945. sessions You Crosby sidewalls
  946. other sons
  947. Samples
  948. decoding computers compatibility
  949. Jian Piping 115 AISI coastal
  950. rapidly Bravo some pixel
  951. inconceivable seperator 169
  952. regularly atom fashion
  953. Stuxnet consumer playing XmlAttribute
  954. An historically employeeUtils savvy perceptual
  955. prejudice
  956. BBIAM exploit To People
  957. pamphlet admire obvious PII
  958. article chef Wix
  959. Traveling looming less accuse
  960. directed tastes
  961. much
  962. Author demonstrates
  963. edited 2005 formal VXtreme Activision
  964. Fi cause
  965. mm awayGiven
  966. Remarks Turn Most feature
  967. Managed as Association
  968. Navigation
  969. maximized Linkjacking Install
  970. VMs someones
  971. foundations useful Continued Citizen
  972. ClientVersion Phototypesetter
  973. Menu ck
  974. Unlike partners Makedir Administration Basename
  975. statisticians 217
  976. problem ordering Whichever modern
  977. Guy loader
  978. patients ofprivacy talked
  979. Osbornes Mott
  980. Baltimore
  981. scare Sprint OLTP functions sizzle
  982. correspondents FAT mat fourth transcripts
  983. Vendors Computer
  984. referent Same retinal
  985. Logout
  986. violins 1682 shippable
  987. shell32
  988. \Windows
  989. rastrevn
  990. Cannot connect with DDEPOP1.EXE!
  991. Failure
  992. %-20s
  993. %10ld
  994. Child
  995. Application
  996. Error
  997. Cannot register class 4555
  998. ntdll
  999. AVI Files
  1000. *.avi
  1001. hand.exe
  1002. map/set<T> too long
  1003. vector<T> too long
  1004. invalid map/set<T> iterator
  1005. bad cast
  1006. e+000
  1007. GAIsProcessorFeaturePresent
  1008. KERNEL32
  1009. 1#QNAN
  1010. 1#INF
  1011. 1#IND
  1012. 1#SNAN
  1013. _nextafter
  1014. _logb
  1015. frexp
  1016. _hypot
  1017. _cabs
  1018. ldexp
  1019. floor
  1020. atan2
  1021. log10
  1022. GlobalDeleteAtom
  1023. lstrlenA
  1024. GetLocaleInfoA
  1025. FreeLibrary
  1026. HeapAlloc
  1027. GlobalAddAtomA
  1028. GlobalLock
  1029. WaitForSingleObject
  1030. SetEvent
  1031. GetTickCount
  1032. GlobalAlloc
  1033. LoadLibraryW
  1034. Sleep
  1035. CreateEventA
  1036. HeapCreate
  1037. GetFileAttributesW
  1038. GlobalUnlock
  1039. GetLastError
  1040. GetProcAddress
  1041. GlobalGetAtomNameA
  1042. GlobalFree
  1043. LoadLibraryA
  1044. GetModuleHandleA
  1045. WinExec
  1046. CloseHandle
  1047. DeleteFileW
  1048. CreateThread
  1049. lstrcpyA
  1050. KERNEL32.dll
  1051. RegisterClassA
  1052. SetDlgItemTextA
  1053. DestroyIcon
  1054. UnpackDDElParam
  1055. DialogBoxParamA
  1056. GetDlgItemTextA
  1057. GetDlgCtrlID
  1058. LoadCursorA
  1059. SetClipboardData
  1060. UpdateWindow
  1061. LoadImageA
  1062. SetWindowTextA
  1063. GetSystemMetrics
  1064. ReleaseCapture
  1065. DefMDIChildProcA
  1066. OpenClipboard
  1067. CheckRadioButton
  1068. DispatchMessageA
  1069. PostMessageA
  1070. FreeDDElParam
  1071. IsDlgButtonChecked
  1072. GetSysColorBrush
  1073. ShowWindow
  1074. LoadAcceleratorsA
  1075. CheckDlgButton
  1076. GetCursorPos
  1077. SetWindowPos
  1078. GetSysColor
  1079. DefWindowProcA
  1080. EndDialog
  1081. GetDlgItem
  1082. TranslateAcceleratorA
  1083. EmptyClipboard
  1084. EnableMenuItem
  1085. ReleaseDC
  1086. PeekMessageA
  1087. SetScrollPos
  1088. CreateWindowExA
  1089. GetClipboardData
  1090. GetWindowLongA
  1091. EnumPropsA
  1092. CreateAcceleratorTableA
  1093. SetCursorPos
  1094. InvalidateRect
  1095. MessageBoxA
  1096. GetScrollInfo
  1097. SetRect
  1098. RegisterClipboardFormatA
  1099. TrackPopupMenuEx
  1100. GetKeyboardLayout
  1101. OffsetRect
  1102. GetMenu
  1103. SetDlgItemInt
  1104. GetForegroundWindow
  1105. ShowCursor
  1106. TranslateMessage
  1107. GetDC
  1108. BeginPaint
  1109. SendMessageA
  1110. GetClientRect
  1111. wsprintfA
  1112. LoadIconA
  1113. IsClipboardFormatAvailable
  1114. LoadBitmapA
  1115. GetFocus
  1116. DeleteMenu
  1117. LoadStringA
  1118. GetSubMenu
  1119. DrawTextA
  1120. KillTimer
  1121. GetTopWindow
  1122. SendDlgItemMessageA
  1123. PostQuitMessage
  1124. RegisterClassExA
  1125. InsertMenuItemA
  1126. PackDDElParam
  1127. GetWindowRect
  1128. SetTimer
  1129. GetDlgItemInt
  1130. CloseClipboard
  1131. GetMessageA
  1132. SetCursor
  1133. DestroyWindow
  1134. EndPaint
  1135. USER32.dll
  1136. TextOutA
  1137. UpdateColors
  1138. ExtTextOutA
  1139. GetStockObject
  1140. EndDoc
  1141. SetTextAlign
  1142. GetTextMetricsA
  1143. CreatePen
  1144. GetTextExtentPointA
  1145. SelectPalette
  1146. RealizePalette
  1147. StartDocA
  1148. CreateCompatibleBitmap
  1149. PlayEnhMetaFile
  1150. GetKerningPairsA
  1151. CreateCompatibleDC
  1152. GetEnhMetaFileDescriptionA
  1153. SelectObject
  1154. DeleteObject
  1155. SetBkMode
  1156. CopyEnhMetaFileA
  1157. SetBkColor
  1158. SetDCBrushColor
  1159. CreateFontIndirectA
  1160. GetDeviceCaps
  1161. CreateFontA
  1162. CreateDIBSection
  1163. DeleteDC
  1164. SetTextColor
  1165. StartPage
  1166. GetEnhMetaFileA
  1167. DeleteEnhMetaFile
  1168. LineTo
  1169. BitBlt
  1170. EndPage
  1171. MoveToEx
  1172. CreatePolygonRgn
  1173. GDI32.dll
  1174. PrintDlgA
  1175. GetSaveFileNameA
  1176. GetOpenFileNameA
  1177. COMDLG32.dll
  1178. RegQueryValueExA
  1179. RegOpenKeyExA
  1180. ADVAPI32.dll
  1181. SHGetDesktopFolder
  1182. SHAppBarMessage
  1183. SHBrowseForFolderA
  1184. SHGetFileInfoA
  1185. SHGetSpecialFolderLocation
  1186. SHGetMalloc
  1187. SHGetPathFromIDListA
  1188. SHELL32.dll
  1189. CoInitialize
  1190. CoWaitForMultipleHandles
  1191. ole32.dll
  1192. ODBC32.dll
  1193. GopherGetLocatorTypeW
  1194. WININET.dll
  1195. SHCreateStreamOnFileEx
  1196. SHLWAPI.dll
  1197. ImageList_Add
  1198. ImageList_ReplaceIcon
  1199. ImageList_Create
  1200. COMCTL32.dll
  1201. RpcServerUseProtseqEpA
  1202. RPCRT4.dll
  1203. GdipFree
  1204. GdipCreateBitmapFromScan0
  1205. GdipGetImageGraphicsContext
  1206. GdipAlloc
  1207. GdipDisposeImage
  1208. GdipCloneImage
  1209. gdiplus.dll
  1210. glClear
  1211. glNormal3f
  1212. glBegin
  1213. OPENGL32.dll
  1214. ImmGetContext
  1215. ImmIsIME
  1216. ImmReleaseContext
  1217. ImmGetDescriptionA
  1218. ImmSetOpenStatus
  1219. ImmGetConversionStatus
  1220. ImmGetOpenStatus
  1221. IMM32.dll
  1222. InterlockedIncrement
  1223. InterlockedDecrement
  1224. InitializeCriticalSection
  1225. DeleteCriticalSection
  1226. EnterCriticalSection
  1227. LeaveCriticalSection
  1228. HeapFree
  1229. TerminateProcess
  1230. GetCurrentProcess
  1231. UnhandledExceptionFilter
  1232. SetUnhandledExceptionFilter
  1233. IsDebuggerPresent
  1234. GetCommandLineA
  1235. GetStartupInfoA
  1236. RtlUnwind
  1237. RaiseException
  1238. LCMapStringA
  1239. WideCharToMultiByte
  1240. MultiByteToWideChar
  1241. LCMapStringW
  1242. GetCPInfo
  1243. SetHandleCount
  1244. GetStdHandle
  1245. GetFileType
  1246. VirtualFree
  1247. VirtualAlloc
  1248. HeapReAlloc
  1249. GetModuleHandleW
  1250. ExitProcess
  1251. WriteFile
  1252. GetModuleFileNameA
  1253. GetACP
  1254. GetOEMCP
  1255. IsValidCodePage
  1256. TlsGetValue
  1257. TlsAlloc
  1258. TlsSetValue
  1259. TlsFree
  1260. SetLastError
  1261. GetCurrentThreadId
  1262. ReadFile
  1263. GetConsoleCP
  1264. GetConsoleMode
  1265. FlushFileBuffers
  1266. SetFilePointer
  1267. FreeEnvironmentStringsA
  1268. GetEnvironmentStrings
  1269. FreeEnvironmentStringsW
  1270. GetEnvironmentStringsW
  1271. QueryPerformanceCounter
  1272. GetCurrentProcessId
  1273. GetSystemTimeAsFileTime
  1274. HeapSize
  1275. GetUserDefaultLCID
  1276. EnumSystemLocalesA
  1277. IsValidLocale
  1278. GetStringTypeA
  1279. GetStringTypeW
  1280. InitializeCriticalSectionAndSpinCount
  1281. WriteConsoleA
  1282. GetConsoleOutputCP
  1283. WriteConsoleW
  1284. SetStdHandle
  1285. CreateFileA
  1286. GetLocaleInfoW
  1287. SetEndOfFile
  1288. GetProcessHeap
  1289. .?AV_Locimp@locale@std@@
  1290. Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
  1291. .?AVtype_info@@
  1292. abcdefghijklmnopqrstuvwxyz
  1293. ABCDEFGHIJKLMNOPQRSTUVWXYZ
  1294. abcdefghijklmnopqrstuvwxyz
  1295. ABCDEFGHIJKLMNOPQRSTUVWXYZ
  1296. .?AVbad_exception@std@@
  1297. .?AV?$codecvt@DDH@std@@
  1298. .?AVGdiplusBase@Gdiplus@@
  1299. .?AVImage@Gdiplus@@
  1300. .?AVBitmap@Gdiplus@@
  1301. .?AV?$ctype@D@std@@
  1302. .?AUctype_base@std@@
  1303. .?AVcodecvt_base@std@@
  1304. .?AVfacet@locale@std@@
  1305. .?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
  1306. .?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
  1307. .?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
  1308. .?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
  1309. .?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
  1310. .?AV?$_Iosb@H@std@@
  1311. .?AVios_base@std@@
  1312. .?AVruntime_error@std@@
  1313. .?AVexception@std@@
  1314. .?AVout_of_range@std@@
  1315. .?AVlogic_error@std@@
  1316. .?AVfailure@ios_base@std@@
  1317. v'v]!
  1318. W=~'`\*
  1319. s)-:?
  1320. =$aK|B
  1321. F6[Nr:
  1322. QlSq.
  1323. Population
  1324. .?AVlength_error@std@@
  1325. .?AVbad_cast@std@@
  1326. .?AVbad_alloc@std@@
  1327. -:_^1
  1328. TT.uvP
  1329. F(null)
  1330. mscoree.dll
  1331. KERNEL32.DLL
  1332. %.8x
  1333. %.2x
  1334. stream
  1335. user32.dll
  1336. SubnetPVersi Windows anda menyokong IPv6. Namun, protokol tersebut masih tidak dipasangFJika anda mahu guna IPv6, anda perlu pasangkannya secara manual dahulu,Baca FAQ di laman web untuk maklumat lanjut.
  1337. Dibatalkan!
  1338. Tegangkan
  1339. Keperluan asas,Tiada adaptor WiFi yang bersesuaian dijumpai5Servis Windows WiFi diperlukan tetapi tidak berjalan.&Adakah anda mahu jalankannya sekarang?
  1340. VS_VERSION_INFO
  1341. StringFileInfo
  1342. 040904b0
  1343. CompanyName
  1344. MaxProfit Group
  1345. FileDescription
  1346. MaxProfit Pro RU
  1347. FileVersion
  1348. 3.0.0.41
  1349. InternalName
  1350. MaxProfit
  1351. LegalCopyright
  1352. 2015 MaxProfit Group
  1353. OriginalFilename
  1354. MaxProfit.exe
  1355. ProductName
  1356. MaxProfit Pro RU
  1357. ProductVersion
  1358. 3.0.0.41
  1359. VarFileInfo
  1360. Translation
  1361.  
  1362.  
  1363.  
  1364. • 0x418020 InitializeCriticalSection
  1365. • 0x418024 Sleep
  1366. • 0x418028 LeaveCriticalSection
  1367. • 0x41802c GetProcAddress
  1368. • 0x418030 IsValidCodePage
  1369. • 0x418034 SetStdHandle
  1370. • 0x418038 GetCommandLineA
  1371. • 0x41803c LoadLibraryA
  1372. • 0x418040 GetModuleHandleA
  1373. • 0x418044 GetErrorMode
  1374. • 0x418048 GetSystemTime
  1375. • 0x41804c CreateThread
  1376. • 0x418050 GetTickCount
  1377. • 0x418054 UnlockFileEx
  1378. • 0x418058 WaitForSingleObject
  1379. • 0x41805c GetEnvironmentStringsW
  1380. • 0x418060 GetCurrentProcess
  1381. • 0x418064 GetProcessIoCounters
  1382. • 0x418068 EnterCriticalSection
  1383. • 0x41806c TryEnterCriticalSection
  1384. • 0x418070 InterlockedIncrement
  1385. • 0x418074 InterlockedDecrement
  1386. • 0x418078 EncodePointer
  1387. • 0x41807c DecodePointer
  1388. • 0x418080 DeleteCriticalSection
  1389. • 0x418084 GetLastError
  1390. • 0x418088 HeapFree
  1391. • 0x41808c HeapAlloc
  1392. • 0x418090 ReadConsoleInputA
  1393. • 0x418094 SetConsoleMode
  1394. • 0x418098 GetConsoleMode
  1395. • 0x41809c GetCommandLineW
  1396. • 0x4180a0 HeapSetInformation
  1397. • 0x4180a4 GetStartupInfoW
  1398. • 0x4180a8 RaiseException
  1399. • 0x4180ac RtlUnwind
  1400. • 0x4180b0 WideCharToMultiByte
  1401. • 0x4180b4 LCMapStringW
  1402. • 0x4180b8 MultiByteToWideChar
  1403. • 0x4180bc GetCPInfo
  1404. • 0x4180c0 TerminateProcess
  1405. • 0x4180c4 UnhandledExceptionFilter
  1406. • 0x4180c8 SetUnhandledExceptionFilter
  1407. • 0x4180cc IsDebuggerPresent
  1408. • 0x4180d0 IsProcessorFeaturePresent
  1409. • 0x4180d4 SetHandleCount
  1410. • 0x4180d8 GetStdHandle
  1411. • 0x4180dc InitializeCriticalSectionAndSpinCount
  1412. • 0x4180e0 GetFileType
  1413. • 0x4180e4 HeapCreate
  1414. • 0x4180e8 GetModuleHandleW
  1415. • 0x4180ec ExitProcess
  1416. • 0x4180f0 WriteFile
  1417. • 0x4180f4 GetModuleFileNameW
  1418. • 0x4180f8 TlsAlloc
  1419. • 0x4180fc TlsGetValue
  1420. • 0x418100 TlsSetValue
  1421. • 0x418104 TlsFree
  1422. • 0x418108 SetLastError
  1423. • 0x41810c GetCurrentThreadId
  1424. • 0x418110 SetFilePointer
  1425. • 0x418114 CreateFileW
  1426. • 0x418118 CloseHandle
  1427. • 0x41811c FreeEnvironmentStringsW
  1428. • 0x418120 QueryPerformanceCounter
  1429. • 0x418124 GetCurrentProcessId
  1430. • 0x418128 GetSystemTimeAsFileTime
  1431. • 0x41812c GetLocaleInfoW
  1432. • 0x418130 HeapSize
  1433. • 0x418134 GetConsoleCP
  1434. • 0x418138 FlushFileBuffers
  1435. • 0x41813c ReadFile
  1436. • 0x418140 GetACP
  1437. • 0x418144 GetOEMCP
  1438. • 0x418148 GetUserDefaultLCID
  1439. • 0x41814c GetLocaleInfoA
  1440. • 0x418150 EnumSystemLocalesA
  1441. • 0x418154 IsValidLocale
  1442. • 0x418158 GetStringTypeW
  1443. • 0x41815c HeapReAlloc
  1444. • 0x418160 LoadLibraryW
  1445. • 0x418164 WriteConsoleW
  1446.  
  1447.  
  1448.  
  1449. |====================================================================|
  1450. | |
  1451. | All Password Found |
  1452. | |
  1453. | ! BANG BANG ! |
  1454. | |
  1455. |====================================================================|
  1456.  
  1457. ------------------- Windows Secrets passwords -----------------
  1458.  
  1459. [*] Local SAM hashes
  1460.  
  1461. Hashes found !!!
  1462. hashes:
  1463.  
  1464.  
  1465.  
  1466. Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
  1467.  
  1468. Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
  1469.  
  1470. RICH:1000:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
  1471.  
  1472. [*] LSA Secrets
  1473.  
  1474. Password In Hex found !!!
  1475. Category: DPAPI_SYSTEM
  1476. password in hex: 010000009db1ffd48bbde26885aff1e4a61d0f23117627a7210a49aa937d4c738b487ee57615ae0b3721aa30
  1477.  
  1478.  
  1479. [+] 2 passwords have been found.
  1480. For more information launch it again with the -v option
  1481.  
  1482. elapsed time = 160.155999899
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!