ntdll.dll kernel32.dll mpr.dll advapi32.dll rpcrt4.dll user32.dll gdi32.dll msvcrt.dll version.dll mfc42.dll ole32.dll oleaut32.dll wininet.dll shlwapi.dll normaliz.dll iertutil.dll ws2_32.dll nsi.dll odbc32.dll comctl32.dll shell32.dll comdlg32.dll urlmon.dll psapi.dll imm32.dll msctf.dll lpk.dll usp10.dll comctl32.dll odbcint.dll IsDebuggerPresent CheckRemoteDebuggerPresent CreateFileA \\.\NTICE 3221225472 1 3 4294967168 FindWindowA FindWindowA GetSystemDirectoryA GetCurrentProcess GetStartupInfoA GetWindowsDirectoryA GetFileAttributesA TerminateThread LocalAlloc LocalFree TerminateProcess OpenProcess DeleteFileA GetModuleHandleA GetLocaleInfoA CreateProcessA lstrcmpiA GetTempPathA ExitProcess SetFileAttributesA GetFileTime SetFileTime LoadLibraryA GetProcAddress CopyFileA GetVersionExA GetTickCount EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount GetLastError CreateThread ExitThread CreateEventA WaitForSingleObject CreateFileA TransactNamedPipe WriteFile CloseHandle ReadFile MultiByteToWideChar Sleep ExpandEnvironmentStringsA GetModuleFileNameA ReleaseMutex CreateMutexA GetCurrentThread WNetAddConnection2A strcspn _splitpath fprintf _iob toupper __dllonexit _onexit _exit _XcptFilter _acmdln __getmainargs _initterm __setusermatherr _adjust_fdiv __p__commode __p__fmode __set_app_type _except_handler3 _controlfp strncmp _vsnprintf fwrite strchr strcpy memcmp strstr sscanf strncpy strtok mbstowcs strncat wcslen wcscpy _stricmp time srand rand strcmp sprintf wcscat _snprintf __CxxFrameHandler ceil _ftol free malloc memset memcpy strlen atoi _strlwr strcat strrchr fopen fseek fclose fread _strcmpi ??2@YAPAXI@Z exit keybd_event FindWindowExA SendMessageA IsWindow BringWindowToTop SetForegroundWindow SetFocus ShowWindow EnumWindows VkKeyScanA GetClassNameA GetWindowTextA GetMenu FindWindowA GetFileVersionInfoA GetFileVersionInfoSizeA VerQueryValueA kernel32.dll SetErrorMode CreateToolhelp32Snapshot Process32First Process32Next Module32First GetDiskFreeSpaceExA GetLogicalDriveStringsA GetDriveTypeA SearchPathA QueryPerformanceCounter QueryPerformanceFrequency GetComputerNameA RegisterServiceProcess CloseWindow SendMessageA FindWindowA IsWindow DestroyWindow OpenClipboard GetClipboardData CloseClipboard ExitWindowsEx EnumWindows GetWindowInfo GetWindowThreadProcessId ShowWindow IsWindowVisible GetClassNameA RegOpenKeyExA RegCreateKeyExA RegSetValueExA RegQueryValueExA RegDeleteValueA RegDeleteKeyA RegCloseKey RegEnumKeyExA RegEnumValueA RegQueryInfoKeyA OpenThreadToken OpenProcessToken LookupPrivilegeValueA AdjustTokenPrivileges LsaOpenPolicy LsaEnumerateAccountsWithUserRight LsaLookupNames2 LsaAddAccountRights LsaRemoveAccountRights LsaFreeMemory LsaClose LsaNtStatusToWinError OpenSCManagerA OpenServiceA StartServiceA ControlService DeleteService CloseServiceHandle EnumServicesStatusA IsValidSecurityDescriptor CreateServiceA StartServiceCtrlDispatcherA ImpersonateLoggedOnUser LockServiceDatabase QueryServiceLockStatusA ChangeServiceConfig2A UnlockServiceDatabase RegisterServiceCtrlHandlerA SetServiceStatus gdi32.dll CreateDCA CreateDIBSection CreateCompatibleDC GetDeviceCaps GetDIBColorTable SelectObject BitBlt DeleteDC DeleteObject WSAStartup WSASocketA WSAAsyncSelect __WSAFDIsSet WSAIoctl WSAGetLastError WSACleanup socket ioctlsocket connect inet_ntoa inet_addr htons htonl ntohs ntohl send sendto recv recvfrom bind select listen accept setsockopt getsockname gethostname gethostbyname gethostbyaddr getpeername closesocket shutdown InternetGetConnectedState InternetGetConnectedStateEx HttpOpenRequestA HttpSendRequestA FtpGetFileA FtpPutFileA InternetConnectA InternetOpenA InternetOpenUrlA InternetCrackUrlA InternetReadFile InternetCloseHandle Mozilla/4.0 (compatible) 0 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 0 Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl 0 Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl 0 Software\Microsoft\Internet Explorer\Main\FeatureControl 0 Software\Microsoft\Internet Explorer\Main\FeatureControl 0 260 secur32.dll GetUserNameExA kernel32.dll SetFileInformationByHandle Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache 0 Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache 0 Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache 0 Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache 0 Content 0 Content 0 Content 0 SHGetFolderPathW StringFromGUID2 C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini Cookies 0 Cookies 0 Cookies 0 C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies History 0 History 0 History 0 C:\Users\joe\AppData\Local\Microsoft\Windows\History C:\Users\joe\AppData\Local\Microsoft\Windows\History C:\Users\joe\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\joe\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Users\joe\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Users\joe\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini 4294967295 C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 3221225472 3 4 268443654 0 4294967295 C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\ C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 3221225472 3 4 268443654 0 4294967295 C:\Users\joe\AppData\Local\Microsoft\Windows\History\History.IE5\ C:\Users\joe\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 3221225472 3 4 268443654 0 C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\joe\AppData\Local\Microsoft\Windows\History\History.IE5\ C:\Users\joe\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini 4294967295 Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache 0 Extensible Cache 0 60000 feedplat 0 MSHist012007021920070226 0 MSHist012007030520070306 0 MSHist012007030620070307 0 4294967295 4294967295 SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache 0 SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache 0 SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 0 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 0 accept bind closesocket connect getpeername getsockname getsockopt ntohl htonl htons inet_addr inet_ntoa ioctlsocket listen ntohs recv recvfrom select send sendto setsockopt shutdown socket gethostbyname gethostname WSAIoctl WSAGetLastError WSASetLastError WSAStartup WSACleanup __WSAFDIsSet getaddrinfo freeaddrinfo getnameinfo WSALookupServiceBeginW WSALookupServiceNextW WSALookupServiceEnd WSANSPIoctl WSAStringToAddressA WSAStringToAddressW WSAAddressToStringA accept bind closesocket connect getpeername getsockname getsockopt htonl htons ioctlsocket inet_addr inet_ntoa listen ntohl ntohs recv recvfrom select send sendto setsockopt shutdown socket gethostbyaddr gethostbyname getprotobyname getprotobynumber getservbyname getservbyport gethostname WSAAsyncSelect WSAAsyncGetHostByAddr WSAAsyncGetHostByName WSAAsyncGetProtoByNumber WSAAsyncGetProtoByName WSAAsyncGetServByPort WSAAsyncGetServByName WSACancelAsyncRequest WSASetBlockingHook WSAUnhookBlockingHook WSAGetLastError WSASetLastError WSACancelBlockingCall WSAIsBlocking WSAStartup WSACleanup WSAAccept WSACloseEvent WSAConnect WSACreateEvent WSADuplicateSocketA WSADuplicateSocketW WSAEnumNetworkEvents WSAEnumProtocolsA WSAEnumProtocolsW WSAEventSelect WSAGetOverlappedResult WSAGetQOSByName WSAHtonl WSAHtons WSAIoctl WSAJoinLeaf WSANtohl WSANtohs WSARecv WSARecvDisconnect WSARecvFrom WSAResetEvent WSASend WSASendDisconnect WSASendTo WSASetEvent WSASocketA WSASocketW WSAWaitForMultipleEvents WSAAddressToStringA WSAAddressToStringW WSAStringToAddressA WSAStringToAddressW WSALookupServiceBeginA WSALookupServiceBeginW WSALookupServiceNextA WSALookupServiceNextW WSANSPIoctl WSALookupServiceEnd WSAInstallServiceClassA WSAInstallServiceClassW WSARemoveServiceClass WSAGetServiceClassInfoA WSAGetServiceClassInfoW WSAEnumNameSpaceProvidersA WSAEnumNameSpaceProvidersW WSAEnumNameSpaceProvidersExA WSAEnumNameSpaceProvidersExW WSAGetServiceClassNameByClassIdA WSAGetServiceClassNameByClassIdW WSASetServiceA WSASetServiceW WSCDeinstallProvider WSCInstallProvider WSCEnumProtocols WSCGetProviderPath WSCInstallNameSpace WSCInstallNameSpaceEx WSCUnInstallNameSpace WSCEnableNSProvider WPUCompleteOverlappedRequest WSAProviderConfigChange WSCWriteProviderOrder WSCWriteNameSpaceOrder WSCUpdateProvider WSAAdvertiseProvider WSAUnadvertiseProvider WSAProviderCompleteAsyncCall getaddrinfo GetAddrInfoW getnameinfo GetNameInfoW freeaddrinfo inet_pton InetPtonW inet_ntop InetNtopW SetAddrInfoExA SetAddrInfoExW GetAddrInfoExA GetAddrInfoExW FreeAddrInfoEx WSCInstallProviderAndChains WSASendMsg WSAPoll System\CurrentControlSet\Services\WinSock2\Parameters 0 AppId_Catalog 0 058B5BBC 0 Protocol_Catalog9 0 0 1 1 00000007 0 Catalog_Entries 0 000000000001 0 000000000002 0 000000000003 0 000000000004 0 000000000005 0 000000000006 0 000000000007 0 000000000008 0 000000000009 0 000000000010 0 000000000011 0 000000000012 0 000000000013 0 000000000014 0 0 NameSpace_Catalog5 0 0 1 1 00000008 0 Catalog_Entries 0 000000000001 0 000000000002 0 000000000003 0 000000000004 0 000000000005 0 000000000006 0 0 System\CurrentControlSet\Services\Winsock2\Parameters 0 4294967295 SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 0 4294967295 icmp.dll IcmpCreateFile IPHLPAPI.DLL dhcpcsvc.dll dnsapi.dll winnsi.dll dhcpcsvc6.dll IcmpCloseHandle IcmpSendEcho netapi32.dll SYSTEM\Setup 0 1040 0 3668 0 0 0 0 0 0x8c 0xee 0x12 0 0x20 0xea 0xa0 0x6d 0x30 0xea 0xa0 0x6d 0x80 0xfc 0x92 0x77 0x9 0x7c 0x81 0x76 0xe0 0xee 0x12 0 0x10 0x4 0 0 0xb0 0xee 0x12 0 0xc8 0xee 0x12 0 0xe0 0xee 0x12 0 0x18 0 0 0 0 0 4 1 0x34 0x62 0xef 0 0xe0 0xf1 0x1 0x10 0 0 0 0 0xf4 0xee 0x12 0 0xb5 0x15 0xf 0x76 0x5c 0x1 0 0 0 0 0x40 0 0x8c 0xee 0x12 0 0x20 0xea 0xa0 0x6d 0x30 0xea 0xa0 0x6d 0x80 0xfc 0x92 0x77 0x9 0x7c 0x81 0x76 4 1 0xe0 0xf1 0x1 0x10 0 0 0 0 0xf4 0xee 0x12 0 0xb5 0x15 0xf 0x76 0x5c 0x1 0 0 0 0 0x40 0 0x8c 0xee 0x12 0 0x20 0xea 0xa0 0x6d 0x30 0xea 0xa0 0x6d 0x80 0xfc 0x92 0x77 0x9 0x7c 0x81 0x76 0xe0 0xee 0x12 0 4 1 0x20 0xea 0xa0 0x6d 0x30 0xea 0xa0 0x6d 0x80 0xfc 0x92 0x77 0x9 0x7c 0x81 0x76 0xe0 0xee 0x12 0 0x10 0x4 0 0 0xb0 0xee 0x12 0 0xc8 0xee 0x12 0 0xe0 0xee 0x12 0 0x18 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 104 8 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 80 NetShareAdd NetShareDel NetShareEnum NetScheduleJobAdd NetApiBufferFree NetRemoteTOD NetUserAdd NetUserDel NetUserEnum NetUserGetInfo NetMessageBufferSend DnsFlushResolverCache DnsFlushResolverCacheEntry_A GetIpNetTable DeleteIpNetEntry GetIfTable GetTcpTable GetUdpTable WNetAddConnection2A WNetAddConnection2W WNetCancelConnection2A WNetCancelConnection2W ShellExecuteA SHChangeNotify SQLDriverConnect SQLSetEnvAttr SQLExecDirect SQLAllocHandle SQLFreeHandle SQLDisconnect GetModuleFileNameExA GetModuleBaseNameA EnumProcessModules EnumProcesses GetProcessMemoryInfo PathRemoveFileSpecA C:\Windows\system\system.exe C:\Users\joe\Desktop\binary\0da20c6938d385af3e766cc7b07967db-99.exe C:\Windows\system\system.exe 0 5 0xd 0xf0 0xad 0xba 0xd 0xf0 0xad 0xba 0xd 0xf0 0xad 0xba 0xd 0xf0 0xad 0xba 0xd 0xf0 0xad 0xba 0xd 0xf0 0xad 0xba 0xd 0xf0 0xad 0xba 0xd 0xf0 0xad 0xba 0xd 0xf0 0xad 0xba 0xd 0xf0 0xad 0xba 0xd 0xf0 0xad 65536 0 59356 59356 1239332 0x4d 0x5a 0x90 0 0x3 0 0 0 0x4 0 0 0 0xff 0xff 0 0 0xb8 0 0 0 0 0 0 0 0x40 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0xa8 0 0 0 0xa5 0x99 0xc8 0xbd 0xe1 0xf8 0xa6 0xee 0xe1 65536 59356 260 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon 0 C:\Windowsexplorer.exe 2147483648 1 3 128