Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'Adylkuzz.B.exe'

malicious

Threat Score: 100/100 AV Detection: 88% Labeled as: Malware #nemucod #ransomware #miner #coinminer

Adylkuzz.B.exe

This report is generated from a file or URL submitted to this webservice on May 17th 2017 16:28:49 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v6.50 © Hybrid Analysis

Overview Sample unavailable Re-analyze Hash Seen Before Show Similar Samples Report False-Positive Request Report Deletion

Incident Response

Risk Assessment

Remote Access: Reads terminal service related keys (often RDP related)
Tries to identify its external IP address
Uses network protocols on unusual ports
Persistence: Modifies firewall settings
Spawns a lot of processes
Fingerprint: Reads the active computer name
Reads the cryptographic machine GUID
Tries to identify its external IP address
Network Behavior: Contacts 4 domains and 4 hosts. View all details

Additional Context

Related Sandbox Artifacts

Associated SHA256s: 0b60463468b744f72f50c20f7f8e5ad0801e86123f22d770b8cef64c7ef53caa

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators 15
Anti-Detection/Stealthyness
- Terminates other processes using taskkill
  
  details
  
  Process "taskkill.exe" with commandline "taskkill /f /im hdmanager.exe" (Show Process)
  Process "taskkill.exe" with commandline "taskkill /f /im mmc.exe" (Show Process)
  Process "taskkill.exe" with commandline "taskkill /f /im msiexev.exe" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  9/10
External Systems
- Detected Emerging Threats Alert
  
  details
  
  Detected alert "ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01" (SID: 2022482, Rev: 2, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)
  Detected alert "ET POLICY PE EXE or DLL Windows file download HTTP" (SID: 2018959, Rev: 3, Severity: 1) categorized as "Potential Corporate Privacy Violation"
  Detected alert "ET TROJAN JS/Nemucod.M.gen downloading EXE payload" (SID: 2021954, Rev: 2, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)
  Detected alert "ET POLICY Crypto Coin Miner Login" (SID: 2022886, Rev: 2, Severity: 1) categorized as "A Network Trojan was detected"
  
  source
  
  Suricata Alerts
  
  relevance
  
  10/10
- Sample was identified as malicious by a large number of Antivirus engines
  
  details
  
  46/61 Antivirus vendors marked sample as malicious (75% detection rate)
  12/37 Antivirus vendors marked sample as malicious (32% detection rate)
  
  source
  
  External System
  
  relevance
  
  10/10
- Sample was identified as malicious by at least one Antivirus engine
  
  details
  
  46/61 Antivirus vendors marked sample as malicious (75% detection rate)
  12/37 Antivirus vendors marked sample as malicious (32% detection rate)
  
  source
  
  External System
  
  relevance
  
  8/10
General
- The analysis extracted a file that was identified as malicious
  
  details
  
  41/84 Antivirus vendors marked dropped file "carved_0.exe" as malicious (classified as "Trojan.Generic" with 48% detection rate)
  33/59 Antivirus vendors marked dropped file "carved_1.exe" as malicious (classified as "Trojan.BitCoinMiner" with 55% detection rate)
  
  source
  
  Binary File
  
  relevance
  
  10/10
- The analysis spawned a process that was identified as malicious
  
  details
  
  45/83 Antivirus vendors marked spawned process "<Input Sample>" (PID: 2400) as malicious (classified as "Gen:Variant.Zusy" with 54% detection rate)
  
  source
  
  Monitored Target
  
  relevance
  
  10/10
Network Related
- Malicious artifacts seen in the context of a contacted host
  
  details
  
  Found malicious artifacts related to "45.76.51.128" (ASN: , Owner: ): ...
  URL: http://08.super5566.com/ (AV positives: 7/64 scanned on 05/17/2017 14:32:33)
  URL: http://08.super5566.com/86.exe (AV positives: 9/65 scanned on 05/17/2017 08:57:03)
  URL: http://08.super5566.com/install/106:0%20->%20127:2%20->%2065:0%20->%2067:0%20->%2080:0%20->%2081:0%20->%2082:0%20->%2094:0%20->%2095:0 (AV positives: 5/64 scanned on 05/17/2017 06:34:16)
  URL: http://08.super5566.com/mine.txt (AV positives: 6/64 scanned on 05/17/2017 00:44:43)
  URL: http://08.super5566.com/install/start (AV positives: 6/64 scanned on 05/17/2017 00:23:43)
  File SHA256: e6680bf0d3b32583047e9304d1703c87878c7c82910fbe05efc8519d2ca2df71 (AV positives: 33/61 scanned on 05/17/2017 09:01:07)
  Found malicious artifacts related to "45.77.28.163" (ASN: , Owner: ): ...
  URL: http://a1.super5566.com/ (AV positives: 6/64 scanned on 05/17/2017 13:23:28)
  URL: http://aa1.super5566.com/ (AV positives: 7/64 scanned on 05/17/2017 13:21:49)
  URL: http://aa1.super5566.com/07.lua (AV positives: 5/64 scanned on 05/17/2017 06:34:32)
  URL: http://a1.super5566.com/07.lua (AV positives: 5/64 scanned on 05/17/2017 00:37:06)
  URL: http://aa1.super5566.com/tmp2.exe (AV positives: 6/64 scanned on 05/17/2017 00:27:43)
  File SHA256: d2bb8e2f5219d608950239b65326df0b383c8a34e3d46c276d5ad33f7c59f860 (AV positives: 29/60 scanned on 05/17/2017 00:27:47)
  File SHA256: a932454e5e6c4eaf3bfd9cd5866d38bffb65cbb6881f3d53ac91a09dd1e567c3 (AV positives: 31/61 scanned on 05/16/2017 17:04:54)
  Found malicious artifacts related to "212.129.46.87" (ASN: 12876, Owner: ONLINE S.A.S.): ...
  URL: http://xmr.crypto-pool.fr/ (AV positives: 1/65 scanned on 04/11/2017 02:53:56)
  URL: http://xmr.crypto-pool.fr:3333/ (AV positives: 1/64 scanned on 02/20/2017 17:31:14)
  File SHA256: fd38dcbe0705ee2a0fcc83deb70b14d5f0e8f8a92a4ee2146e3f36e0442bc0b3 (AV positives: 21/61 scanned on 05/07/2017 17:23:34)
  File SHA256: 4f1b149c6e40443ba2a613e656fa72e31a9586a4fe35992eb6ee41deb33dd4da (AV positives: 23/62 scanned on 05/06/2017 05:03:49)
  File SHA256: 81379c0f50f26367a20e59dccc54e2c013dddb1301f41c6bb8a8b3ecdd0a9fdd (AV positives: 34/62 scanned on 04/04/2017 17:58:13)
  
  source
  
  Network Traffic
  
  relevance
  
  10/10
- Tries to identify its external IP address
  
  details
  
  "icanhazip.com"
  
  source
  
  Network Traffic
  
  relevance
  
  6/10
System Security
- Modifies firewall settings
  
  details
  
  Process "netsh.exe" with commandline "netsh advfirewall firewall delete rule name="Chrome"" (Show Process)
  Process "netsh.exe" with commandline "netsh advfirewall firewall delete rule name="Windriver"" (Show Process)
  Process "netsh.exe" with commandline "netsh advfirewall firewall add rule name="Chrome" dir=in program="%PROGRAMFILES%\Google\Chrome\Application\chrome.txt" action=allow" (Show Process)
  Process "netsh.exe" with commandline "netsh advfirewall firewall add rule name="Windriver" dir=in program="%PROGRAMFILES%\Hardware Driver Management\windriver.exe" action=allow" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  8/10
Unusual Characteristics
- Entrypoint in PE header is within an uncommon section
  
  details
  
  "Adylkuzz.B.exe.bin" has an entrypoint in section ".8011"
  
  source
  
  Static Parser
  
  relevance
  
  5/10
- Spawns a lot of processes
  
  details
  
  Spawned process "<Input Sample>" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c taskkill /f /im hdmanager.exe" (Show Process)
  Spawned process "taskkill.exe" with commandline "taskkill /f /im hdmanager.exe" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c taskkill /f /im mmc.exe" (Show Process)
  Spawned process "taskkill.exe" with commandline "taskkill /f /im mmc.exe" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c sc stop WELM" (Show Process)
  Spawned process "sc.exe" with commandline "sc stop WELM" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c sc delete WELM" (Show Process)
  Spawned process "sc.exe" with commandline "sc delete WELM" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static add policy name=netbc" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static add policy name=netbc" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static add filterlist name=block" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static add filterlist name=block" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static add filteraction name=block action=block" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static add filteraction name=block action=block" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static add rule name=block policy=netbc filterlist=block filteraction=block" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static add rule name=block policy=netbc filterlist=block filteraction=block" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static set policy name=netbc assign=y" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static set policy name=netbc assign=y" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c taskkill /f /im msiexev.exe" (Show Process)
  Spawned process "taskkill.exe" with commandline "taskkill /f /im msiexev.exe" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall delete rule name="Chrome"" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh advfirewall firewall delete rule name="Chrome"" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall delete rule name="Windriver"" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh advfirewall firewall delete rule name="Windriver"" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall add rule name="Chrome" dir=in program="%PROGRAMFILES%\Google\Chrome\Application\chrome.txt" action=allow" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh advfirewall firewall add rule name="Chrome" dir=in program="%PROGRAMFILES%\Google\Chrome\Application\chrome.txt" action=allow" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall add rule name="Windriver" dir=in program="%PROGRAMFILES%\Hardware Driver Management\windriver.exe" action=allow" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh advfirewall firewall add rule name="Windriver" dir=in program="%PROGRAMFILES%\Hardware Driver Management\windriver.exe" action=allow" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  8/10
Hiding 4 Malicious Indicators
- All indicators are available only in the private webservice or standalone version

Suspicious Indicators 24
Anti-Detection/Stealthyness
- Queries process information
  
  details
  
  "<Input Sample>" queried SystemProcessInformation at 00039003-00002400-00000105-89232901
  
  source
  
  API Call
  
  relevance
  
  4/10
Anti-Reverse Engineering
- PE file has unusual entropy sections
  
  details
  
  .8011 with unusual entropies 7.97167011538
  
  source
  
  Static Parser
  
  relevance
  
  10/10
Environment Awareness
- Contains ability to measure performance
  
  details
  
  rdtsc (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  10/10
- Reads the active computer name
  
  details
  
  "<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  "taskkill.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  "sc.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  "netsh.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  
  source
  
  Registry Access
  
  relevance
  
  5/10
- Reads the cryptographic machine GUID
  
  details
  
  "taskkill.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
  "netsh.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
External Systems
- Detected Emerging Threats Alert
  
  details
  
  Detected alert "ET POLICY Internal Host Retrieving External IP via icanhazip.com - Possible Infection" (SID: 2017398, Rev: 3, Severity: 2) categorized as "Attempted Information Leak"
  
  source
  
  Suricata Alerts
  
  relevance
  
  10/10
General
- Opened the service control manager
  
  details
  
  "<Input Sample>" called "OpenSCManager" requesting access rights "SC_MANAGER_ALL_ACCESS" (0xf003f)
  "sc.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
  "netsh.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_ALL_ACCESS" (0xf003f)
  
  source
  
  API Call
  
  relevance
  
  10/10
- Requested access to a system service
  
  details
  
  "<Input Sample>" called "OpenService" to access the "" service
  "<Input Sample>" called "OpenService" to access the "" service
  "sc.exe" called "OpenService" to access the "WELM" service requesting "SERVICE_STOP" (0X20) access rights
  "sc.exe" called "OpenService" to access the "WELM" service
  "netsh.exe" called "OpenService" to access the "policyagent" service
  "netsh.exe" called "OpenService" to access the "ServicesActive" service requesting "SERVICE_QUERY_CONFIG" (0X1) access rights
  "netsh.exe" called "OpenService" to access the "NapAgent" service
  "netsh.exe" called "OpenService" to access the "NapAgent" service requesting "SERVICE_QUERY_STATUS" (0X4) access rights
  
  source
  
  API Call
  
  relevance
  
  10/10
- Sent a control code to a service
  
  details
  
  "netsh.exe" called "ControlService" and sent control code "0X24" to the service "NapAgent"
  "netsh.exe" called "ControlService" and sent control code "0X120" to the service "NapAgent"
  "netsh.exe" called "ControlService" and sent control code "0X81" to the service "PolicyAgent"
  
  source
  
  API Call
  
  relevance
  
  10/10
Installation/Persistance
- Drops executable files
  
  details
  
  "carved_0.exe" has type "PE32 executable (console) Intel 80386 (stripped to external PDB) for MS Windows"
  "carved_1.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
  
  source
  
  Binary File
  
  relevance
  
  10/10
Network Related
- Found potential IP address in binary/memory
  
  details
  
  "45.76.51.128"
  "104.20.17.242"
  "45.77.28.163"
  
  source
  
  String
  
  relevance
  
  3/10
Remote Access Related
- Reads terminal service related keys (often RDP related)
  
  details
  
  "<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
System Destruction
- Opens file with deletion access rights
  
  details
  
  "<Input Sample>" opened "C:\Adylkuzz.B.exe" with delete access
  "<Input Sample>" opened "%WINDIR%\Fonts\msiexev.exe" with delete access
  
  source
  
  API Call
  
  relevance
  
  7/10
Unusual Characteristics
- CRC value set in PE header does not match actual value
  
  details
  
  "Adylkuzz.B.exe.bin" claimed CRC 1510110 while the actual is CRC 1505786
  
  source
  
  Static Parser
  
  relevance
  
  10/10
- Imports suspicious APIs
  
  details
  
  GetModuleHandleA
  GetModuleFileNameW
  LoadLibraryA
  Sleep
  
  source
  
  Static Parser
  
  relevance
  
  1/10
- Installs hooks/patches the running process
  
  details
  
  "taskkill.exe" wrote bytes "4053157758581677186a1677653c17770000000000bfb7750000000056ccb775000000007ccab7750000000037683b756a2c1777d62d17770000000020693b750000000029a6b77500000000a48d3b7500000000f70eb77500000000" to virtual address "0x75AE1000" (part of module "NSI.DLL")
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
- Reads information about supported languages
  
  details
  
  "cmd.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
  
  source
  
  Registry Access
  
  relevance
  
  3/10
- Timestamp in PE header is very old or in the future
  
  details
  
  "Adylkuzz.B.exe.bin" claims program is from Thu Jan 1 00:00:00 1970
  
  source
  
  Static Parser
  
  relevance
  
  10/10
Hiding 6 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version

Informative 12
Anti-Reverse Engineering
- Contains ability to register a top-level exception handler (often used as anti-debugging trick)
  
  details
  
  SetUnhandledExceptionFilter@KERNEL32.dll at 7581-955-00423101
  SetUnhandledExceptionFilter@KERNEL32.dll at 7581-1565-00422646
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
Environment Awareness
- Contains ability to query machine time
  
  details
  
  GetSystemTimeAsFileTime@KERNEL32.dll at 7581-747-0041C306
  GetSystemTimeAsFileTime@KERNEL32.dll at 7581-994-0041C34D
  GetSystemTime@KERNEL32.dll at 7581-842-0041153D
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
General
- Contacts domains
  
  details
  
  "xmr.crypto-pool.fr"
  "aa1.super5566.com"
  "08.super5566.com"
  "icanhazip.com"
  
  source
  
  Network Traffic
  
  relevance
  
  1/10
- Contacts server
  
  details
  
  "45.76.51.128:80"
  "188.138.33.220:61833"
  "45.77.28.163:80"
  "212.129.46.87:443"
  
  source
  
  Network Traffic
  
  relevance
  
  1/10
- Contains PDB pathways
  
  details
  
  "d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb"
  
  source
  
  String
  
  relevance
  
  1/10
- Creates mutants
  
  details
  
  "\Sessions\1\BaseNamedObjects\DBWinMutex"
  "DBWinMutex"
  "\Sessions\1\BaseNamedObjects\RasPbFile"
  "\Sessions\1\BaseNamedObjects\Global\3a886eb8-fe40-4d0a-b78b-9e0bcb683fb7"
  
  source
  
  Created Mutant
  
  relevance
  
  3/10
- Runs shell commands
  
  details
  
  "%WINDIR%\system32\cmd.exe /c taskkill /f /im hdmanager.exe" on 2017-5-17.07:31:00.730
  "%WINDIR%\system32\cmd.exe /c taskkill /f /im mmc.exe" on 2017-5-17.07:31:41.260
  "%WINDIR%\system32\cmd.exe /c sc stop WELM" on 2017-5-17.07:32:22.713
  "%WINDIR%\system32\cmd.exe /c sc delete WELM" on 2017-5-17.07:32:22.883
  "%WINDIR%\system32\cmd.exe /c netsh ipsec static add policy name=netbc" on 2017-5-17.07:32:23.103
  "%WINDIR%\system32\cmd.exe /c netsh ipsec static add filterlist name=block" on 2017-5-17.07:33:03.814
  "%WINDIR%\system32\cmd.exe /c netsh ipsec static add filteraction name=block action=block" on 2017-5-17.07:33:44.365
  "%WINDIR%\system32\cmd.exe /c netsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445" on 2017-5-17.07:34:24.986
  "%WINDIR%\system32\cmd.exe /c netsh ipsec static add rule name=block policy=netbc filterlist=block filteraction=block" on 2017-5-17.07:35:05.547
  "%WINDIR%\system32\cmd.exe /c netsh ipsec static set policy name=netbc assign=y" on 2017-5-17.07:35:46.187
  "%WINDIR%\system32\cmd.exe /c taskkill /f /im msiexev.exe" on 2017-5-17.07:36:27.700
  "%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall delete rule name="Chrome"" on 2017-5-17.07:37:08.661
  "%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall delete rule name="Windriver"" on 2017-5-17.07:37:49.532
  "%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall add rule name="Chrome" dir=in program="%PROGRAMFILES%\Google\Chrome\Application\chrome.txt" action=allow" on 2017-5-17.07:38:30.303
  "%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall add rule name="Windriver" dir=in program="%PROGRAMFILES%\Hardware Driver Management\windriver.exe" action=allow" on 2017-5-17.07:39:11.555
  
  source
  
  Monitored Target
  
  relevance
  
  5/10
- Spawns new processes
  
  details
  
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c taskkill /f /im hdmanager.exe" (Show Process)
  Spawned process "taskkill.exe" with commandline "taskkill /f /im hdmanager.exe" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c taskkill /f /im mmc.exe" (Show Process)
  Spawned process "taskkill.exe" with commandline "taskkill /f /im mmc.exe" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c sc stop WELM" (Show Process)
  Spawned process "sc.exe" with commandline "sc stop WELM" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c sc delete WELM" (Show Process)
  Spawned process "sc.exe" with commandline "sc delete WELM" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static add policy name=netbc" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static add policy name=netbc" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static add filterlist name=block" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static add filterlist name=block" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static add filteraction name=block action=block" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static add filteraction name=block action=block" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static add rule name=block policy=netbc filterlist=block filteraction=block" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static add rule name=block policy=netbc filterlist=block filteraction=block" (Show Process)
  Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c netsh ipsec static set policy name=netbc assign=y" (Show Process)
  Spawned process "netsh.exe" with commandline "netsh ipsec static set policy name=netbc assign=y" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
Installation/Persistance
- Dropped files
  
  details
  
  "carved_0.exe" has type "PE32 executable (console) Intel 80386 (stripped to external PDB) for MS Windows"
  "carved_1.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
  
  source
  
  Binary File
  
  relevance
  
  3/10
- Touches files in the Windows directory
  
  details
  
  "<Input Sample>" touched file "%WINDIR%\Globalization\Sorting\sortdefault.nls"
  "<Input Sample>" touched file "%WINDIR%\system32\tzres.dll"
  "<Input Sample>" touched file "%WINDIR%\system32\en-US\tzres.dll.mui"
  
  source
  
  API Call
  
  relevance
  
  7/10
Network Related
- Found potential URL in binary/memory
  
  details
  
  Pattern match: "pki-crl.symauth.com/ca_219679623e6b4fa507d638cbeba72ecb/LatestCRL.crl07"
  Pattern match: "http://pki-ocsp.symauth.com0"
  Pattern match: "pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0"
  
  source
  
  String
  
  relevance
  
  10/10
Unusual Characteristics
- Matched Compiler/Packer signature
  
  details
  
  "Adylkuzz.B.exe.bin" was detected as "Morphine v1.2 (DLL)"
  
  source
  
  Static Parser
  
  relevance
  
  10/10

File Details

All Details:

Adylkuzz.B.exe

Filename: Adylkuzz.B.exe
Size: 1.4MiB (1450500 bytes)
Type: peexe executable
Description: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Architecture
: WINDOWS
SHA256
: 8200755cbedd6f15eecd8207eba534709a01957b172d7a051b9cc4769ddbf233
MD5
: f2e1d236c5d2c009e1749fc6479a9ede
SHA1
: 262c22ffd66c33da641558f3da23f7584881a782
ssdeep
: 24576:6EpKGrwKydag/jU7IZK8LNmf2+r+eauoUWg6ye2tX9t5WR4MJh:6nGrwKtg7U7I88Zi2/xxyeAt06a
imphash
: 4ec91799cda08417c14bae94b6a450c8
authentihash
: 307e1326f079a7f6fc212435be092ea86f71277d2516a629bbcc2879d74e1b2c
Compiler/Packer
: Morphine v1.2 (DLL)

Resources

Icon

Visualization

Input File (PortEx)

File Sections

Details	Name	Entropy	Virtual Address	Virtual Size	Raw Size	MD5	Characteristics
Name .text Entropy 0 Virtual Address 0x1000 Virtual Size 0x4d754 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	.text	0	0x1000	0x4d754	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name .data Entropy 0 Virtual Address 0x4f000 Virtual Size 0x3a4 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	.data	0	0x4f000	0x3a4	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name .rdata Entropy 0 Virtual Address 0x50000 Virtual Size 0x15e90 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	.rdata	0	0x50000	0x15e90	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name .eh_fram Entropy 0 Virtual Address 0x66000 Virtual Size 0xe64 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	.eh_fram	0	0x66000	0xe64	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name .bss Entropy 0 Virtual Address 0x67000 Virtual Size 0x1750 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	.bss	0	0x67000	0x1750	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name .edata Entropy 0 Virtual Address 0x69000 Virtual Size 0x1d4 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	.edata	0	0x69000	0x1d4	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name .idata Entropy 0 Virtual Address 0x6a000 Virtual Size 0x106c Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	.idata	0	0x6a000	0x106c	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name .CRT Entropy 0 Virtual Address 0x6c000 Virtual Size 0x18 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	.CRT	0	0x6c000	0x18	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name .tls Entropy 0.483984725135 Virtual Address 0x6d000 Virtual Size 0x20 Raw Size 0x200 MD5 c58323ddfec635d51d84cae293cf47f8	.tls	0.483984725135	0x6d000	0x20	0x200	c58323ddfec635d51d84cae293cf47f8	-
Name .8010 Entropy 0 Virtual Address 0x6e000 Virtual Size 0x141970 Raw Size 0x0 MD5 d41d8cd98f00b204e9800998ecf8427e	.8010	0	0x6e000	0x141970	0x0	d41d8cd98f00b204e9800998ecf8427e	-
Name .8011 Entropy 7.97167011538 Virtual Address 0x1b0000 Virtual Size 0x161a90 Raw Size 0x161c00 MD5 6fe75c6f1132619f43bbb11ef0c0490e	.8011	7.97167011538	0x1b0000	0x161a90	0x161c00	6fe75c6f1132619f43bbb11ef0c0490e	-

File Imports

CloseServiceHandle

EnumServicesStatusExW

OpenSCManagerW

OpenServiceW

QueryServiceConfigW

RegisterServiceCtrlHandlerA

RegQueryValueExA

CloseHandle

ExitProcess

FreeLibrary

GetCurrentProcess

GetCurrentThread

GetLastError

GetModuleFileNameW

GetModuleHandleA

GetProcessAffinityMask

LoadLibraryA

LocalAlloc

LocalFree

SetProcessAffinityMask

SetThreadAffinityMask

Sleep

__getmainargs

_chdir

CharUpperBuffW

WSACleanup

WTSSendMessageW

Screenshots

Loading content, please wait...

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 31 processes in total.

Adylkuzz.B.exe (PID: 2400) 45/83
- cmd.exe %WINDIR%\system32\cmd.exe /c taskkill /f /im hdmanager.exe (PID: 2464)
  - taskkill.exe taskkill /f /im hdmanager.exe (PID: 2424)
- cmd.exe %WINDIR%\system32\cmd.exe /c taskkill /f /im mmc.exe (PID: 2440)
  - taskkill.exe taskkill /f /im mmc.exe (PID: 2512)
- cmd.exe %WINDIR%\system32\cmd.exe /c sc stop WELM (PID: 2584)
  - sc.exe sc stop WELM (PID: 2580)
- cmd.exe %WINDIR%\system32\cmd.exe /c sc delete WELM (PID: 2576)
  - sc.exe sc delete WELM (PID: 1968)
- cmd.exe %WINDIR%\system32\cmd.exe /c netsh ipsec static add policy name=netbc (PID: 1552)
  - netsh.exe netsh ipsec static add policy name=netbc (PID: 1460)
- cmd.exe %WINDIR%\system32\cmd.exe /c netsh ipsec static add filterlist name=block (PID: 3280)
  - netsh.exe netsh ipsec static add filterlist name=block (PID: 2728)
- cmd.exe %WINDIR%\system32\cmd.exe /c netsh ipsec static add filteraction name=block action=block (PID: 2732)
  - netsh.exe netsh ipsec static add filteraction name=block action=block (PID: 2672)
- cmd.exe %WINDIR%\system32\cmd.exe /c netsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445 (PID: 2808)
  - netsh.exe netsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445 (PID: 2816)
- cmd.exe %WINDIR%\system32\cmd.exe /c netsh ipsec static add rule name=block policy=netbc filterlist=block filteraction=block (PID: 2128)
  - netsh.exe netsh ipsec static add rule name=block policy=netbc filterlist=block filteraction=block (PID: 2620)
- cmd.exe %WINDIR%\system32\cmd.exe /c netsh ipsec static set policy name=netbc assign=y (PID: 2548)
  - netsh.exe netsh ipsec static set policy name=netbc assign=y (PID: 2908)
- cmd.exe %WINDIR%\system32\cmd.exe /c taskkill /f /im msiexev.exe (PID: 2872)
  - taskkill.exe taskkill /f /im msiexev.exe (PID: 2844)
- cmd.exe %WINDIR%\system32\cmd.exe /c netsh advfirewall firewall delete rule name="Chrome" (PID: 3364)
  - netsh.exe netsh advfirewall firewall delete rule name="Chrome" (PID: 3444)
- cmd.exe %WINDIR%\system32\cmd.exe /c netsh advfirewall firewall delete rule name="Windriver" (PID: 3512)
  - netsh.exe netsh advfirewall firewall delete rule name="Windriver" (PID: 3272)
- cmd.exe %WINDIR%\system32\cmd.exe /c netsh advfirewall firewall add rule name="Chrome" dir=in program="%PROGRAMFILES%\Google\Chrome\Application\chrome.txt" action=allow (PID: 3428)
  - netsh.exe netsh advfirewall firewall add rule name="Chrome" dir=in program="%PROGRAMFILES%\Google\Chrome\Application\chrome.txt" action=allow (PID: 3316)
- cmd.exe %WINDIR%\system32\cmd.exe /c netsh advfirewall firewall add rule name="Windriver" dir=in program="%PROGRAMFILES%\Hardware Driver Management\windriver.exe" action=allow (PID: 3616)
  - netsh.exe netsh advfirewall firewall add rule name="Windriver" dir=in program="%PROGRAMFILES%\Hardware Driver Management\windriver.exe" action=allow (PID: 3564)

Logged Script Calls	Logged Stdout	Extracted Streams	Memory Dumps
Reduced Monitoring	Network Activityy	Network Error	Multiscan Match

Network Analysis

DNS Requests

Domain	Address	Registrar	Country
xmr.crypto-pool.fr	-	-	-
aa1.super5566.com	45.77.28.163	-	United States
08.super5566.com	-	-	-
icanhazip.com	104.20.17.242	-	United States

Contacted Hosts

IP Address

Port/Protocol

Associated Process

Details

45.76.51.128

Associated Artifacts for 45.76.51.128

Details	Associated URL	Threat Level	Positives	Scan Date	Reference
Associated URL http://08.super5566.com/ Threat Level malicious Positives 7/64 Scan Date 05/17/2017 14:32:33 Reference -	http://08.super5566.com/	malicious	7/64	05/17/2017 14:32:33	-
Associated URL http://08.super5566.com/86.exe Threat Level malicious Positives 9/65 Scan Date 05/17/2017 08:57:03 Reference -	http://08.super5566.com/86.exe	malicious	9/65	05/17/2017 08:57:03	-
Associated URL http://08.super5566.com/install/106:0%20->%20127:2%20->%2065:0%20->%2067:0%20->%2080:0%20->%2081:0%20->%2082:0%20->%2094:0%20->%2095:0 Threat Level malicious Positives 5/64 Scan Date 05/17/2017 06:34:16 Reference -	http://08.super5566.com/install/106:0%20->%20127:2%20->%2065:0%20->%2067:0%20->%2080:0%20->%2081:0%20->%2082:0%20->%2094:0%20->%2095:0	malicious	5/64	05/17/2017 06:34:16	-
Associated URL http://08.super5566.com/mine.txt Threat Level malicious Positives 6/64 Scan Date 05/17/2017 00:44:43 Reference -	http://08.super5566.com/mine.txt	malicious	6/64	05/17/2017 00:44:43	-
Associated URL http://08.super5566.com/install/start Threat Level malicious Positives 6/64 Scan Date 05/17/2017 00:23:43 Reference -	http://08.super5566.com/install/start	malicious	6/64	05/17/2017 00:23:43	-

Details	Associated SHA256	Threat Level	Positives	Scan Date	Reference
Associated SHA256 e6680bf0d3b32583047e9304d1703c87878c7c82910fbe05efc8519d2ca2df71 Threat Level malicious Positives 33/61 Scan Date 05/17/2017 09:01:07 Reference VirusTotal	e6680bf0d3b32583047e9304d1703c87878c7c82910fbe05efc8519d2ca2df71	malicious	33/61	05/17/2017 09:01:07	VirusTotal

Details	Domain	Threat Level	Positives	Last Resolved	Reference
Domain 08.super5566.com Threat Level - Positives - Last Resolved 05/16/2017 00:00:00 VirusTotal Report	08.super5566.com	-	-	05/16/2017 00:00:00	Report

TCP

adylkuzz.b.exe
PID: 2400
wuauser.exe
PID: 2976

United States

45.77.28.163

Associated Artifacts for 45.77.28.163

Details	Associated URL	Threat Level	Positives	Scan Date	Reference
Associated URL http://a1.super5566.com/ Threat Level malicious Positives 6/64 Scan Date 05/17/2017 13:23:28 Reference -	http://a1.super5566.com/	malicious	6/64	05/17/2017 13:23:28	-
Associated URL http://aa1.super5566.com/ Threat Level malicious Positives 7/64 Scan Date 05/17/2017 13:21:49 Reference -	http://aa1.super5566.com/	malicious	7/64	05/17/2017 13:21:49	-
Associated URL http://aa1.super5566.com/07.lua Threat Level malicious Positives 5/64 Scan Date 05/17/2017 06:34:32 Reference -	http://aa1.super5566.com/07.lua	malicious	5/64	05/17/2017 06:34:32	-
Associated URL http://a1.super5566.com/07.lua Threat Level malicious Positives 5/64 Scan Date 05/17/2017 00:37:06 Reference -	http://a1.super5566.com/07.lua	malicious	5/64	05/17/2017 00:37:06	-
Associated URL http://aa1.super5566.com/tmp2.exe Threat Level malicious Positives 6/64 Scan Date 05/17/2017 00:27:43 Reference -	http://aa1.super5566.com/tmp2.exe	malicious	6/64	05/17/2017 00:27:43	-

Details	Associated SHA256	Threat Level	Positives	Scan Date	Reference
Associated SHA256 d2bb8e2f5219d608950239b65326df0b383c8a34e3d46c276d5ad33f7c59f860 Threat Level malicious Positives 29/60 Scan Date 05/17/2017 00:27:47 Reference VirusTotal	d2bb8e2f5219d608950239b65326df0b383c8a34e3d46c276d5ad33f7c59f860	malicious	29/60	05/17/2017 00:27:47	VirusTotal
Associated SHA256 a932454e5e6c4eaf3bfd9cd5866d38bffb65cbb6881f3d53ac91a09dd1e567c3 Threat Level malicious Positives 31/61 Scan Date 05/16/2017 17:04:54 Reference VirusTotal	a932454e5e6c4eaf3bfd9cd5866d38bffb65cbb6881f3d53ac91a09dd1e567c3	malicious	31/61	05/16/2017 17:04:54	VirusTotal

Details	Domain	Threat Level	Positives	Last Resolved	Reference
Domain a1.super5566.com Threat Level - Positives - Last Resolved 05/16/2017 00:00:00 VirusTotal Report	a1.super5566.com	-	-	05/16/2017 00:00:00	Report
Domain aa1.super5566.com Threat Level - Positives - Last Resolved 05/16/2017 00:00:00 VirusTotal Report	aa1.super5566.com	-	-	05/16/2017 00:00:00	Report

TCP

wuauser.exe
PID: 2976

United States

212.129.46.87

Associated Artifacts for 212.129.46.87

Details	Associated URL	Threat Level	Positives	Scan Date	Reference
Associated URL http://xmr.crypto-pool.fr/ Threat Level suspicious Positives 1/65 Scan Date 04/11/2017 02:53:56 Reference -	http://xmr.crypto-pool.fr/	suspicious	1/65	04/11/2017 02:53:56	-
Associated URL http://xmr.crypto-pool.fr:3333/ Threat Level suspicious Positives 1/64 Scan Date 02/20/2017 17:31:14 Reference -	http://xmr.crypto-pool.fr:3333/	suspicious	1/64	02/20/2017 17:31:14	-

Details	Associated SHA256	Threat Level	Positives	Scan Date	Reference
Associated SHA256 fd38dcbe0705ee2a0fcc83deb70b14d5f0e8f8a92a4ee2146e3f36e0442bc0b3 Threat Level malicious Positives 21/61 Scan Date 05/07/2017 17:23:34 Reference VirusTotal	fd38dcbe0705ee2a0fcc83deb70b14d5f0e8f8a92a4ee2146e3f36e0442bc0b3	malicious	21/61	05/07/2017 17:23:34	VirusTotal
Associated SHA256 4f1b149c6e40443ba2a613e656fa72e31a9586a4fe35992eb6ee41deb33dd4da Threat Level malicious Positives 23/62 Scan Date 05/06/2017 05:03:49 Reference VirusTotal	4f1b149c6e40443ba2a613e656fa72e31a9586a4fe35992eb6ee41deb33dd4da	malicious	23/62	05/06/2017 05:03:49	VirusTotal
Associated SHA256 81379c0f50f26367a20e59dccc54e2c013dddb1301f41c6bb8a8b3ecdd0a9fdd Threat Level malicious Positives 34/62 Scan Date 04/04/2017 17:58:13 Reference VirusTotal	81379c0f50f26367a20e59dccc54e2c013dddb1301f41c6bb8a8b3ecdd0a9fdd	malicious	34/62	04/04/2017 17:58:13	VirusTotal

Details	Domain	Threat Level	Positives	Last Resolved	Reference
Domain xmr.crypto-pool.fr Threat Level - Positives - Last Resolved 01/12/2017 00:00:00 VirusTotal Report	xmr.crypto-pool.fr	-	-	01/12/2017 00:00:00	Report

TCP

msiexev.exe
PID: 3756

France
ASN: 12876 (ONLINE S.A.S.)

Contacted Countries

HTTP Traffic

No relevant HTTP requests were made.

Suricata Alerts

Event	Category	Description	SID
local -> 104.20.17.242:80 (TCP)	Attempted Information Leak	ET POLICY Internal Host Retrieving External IP via icanhazip.com - Possible Infection	2017398
local -> 45.76.51.128:80 (TCP)	A Network Trojan was detected	ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01	2022482
45.76.51.128 -> local:61835 (TCP)	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP	2018959
45.76.51.128 -> local:61835 (TCP)	A Network Trojan was detected	ET TROJAN JS/Nemucod.M.gen downloading EXE payload	2021954
45.77.28.163 -> local:61839 (TCP)	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP	2018959
local -> 212.129.46.87:443 (TCP)	A Network Trojan was detected	ET POLICY Crypto Coin Miner Login	2022886
local -> 212.129.46.87:443 (TCP)	A Network Trojan was detected	ET POLICY Crypto Coin Miner Login	2022886

ET rules applied using Suricata. Find out more about proofpoint ET Intelligence here.

Extracted Strings

Download All Memory Strings (18KiB)

!!!!!!!!!!!!!!!!""""""""""""""""################$$$$$$$$$$$$$$$$$$$%%%%%%%%%%%%%%%%%%%&&&&&&&&&&&&&&&&&&&&''''''''''''''''''''(((((((((((()))))))))))*M

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!!!!!!!!!!!"""""""""""###########$$$$$$$$$$$&&&&&&&&&&&'''''''''''((((((((((()))))))))))***********+++++++++++,,,,,,,,,,,-----------...........///////////000000000001111111111122222222222333333333334444444444455555555555777777777778888888888899999999999:::::::::::;;;;;;;;;;;<<<<<<<<<<<===========>>>>>>>>>>>???????????@@@@@@@@@@@AAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCDDDDDDDDDDDEEEEEEEEEEEFFFFFFFFFFFHHHHHCONSTS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!!!!!!###$$$$$adjustrequest

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!!!"""",,,,,...///000033335http

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!!""""#######$$$%%%%%%%%*******+++++++,report

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!##%'last_out

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!6R3dH^3d*

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

!@scripts\luasocket\socket_url.luaS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

![,9m"u({t

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

!\$QLV\$DF

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

!a9x)fzt^

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

!FILE_SHARE_READ

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!ftExit

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!table

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!tbl_m

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!This program cannot be run in DOS mode.$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

!~>;5D'J

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

"%s"%s

Unicode based on Dropped File (carved_1.exe.1495031615758)

"%s":%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

"*z5'~c;E

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

"base

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

"GENERIC_WRITE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#((--2266=CCDDEEIILLLLMMMMNNNNSQXVZZbase

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#(n&s

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.005B0000.00000020.mdmp)

#+#1.64E9LHWOWWlfs

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#format

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#GENERIC_READ

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#null

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#tbl_m

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#WD^F1lHk

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

#|QGO05,8

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

$>Gy3*L

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

$chunk

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

$opt1

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

$opt2

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

$STILL_ACTIVE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%#-3JjFd)%

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

%$|jMk>

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

%.*ls(%u)%ls

Unicode based on Dropped File (carved_1.exe.1495031615758)

%.14g

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

%.35s expected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%;(.*)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%?(.*)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%c,%][w#

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

%ERROR_BAD_EXE_FORMAT

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%jT80W\}?

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

%lower

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%p:%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%ppid

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%s %s

Unicode based on Dropped File (carved_1.exe.1495031615758)

%s %s %s

Unicode based on Dropped File (carved_1.exe.1495031615758)

%s at line %d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s expected, got %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s near '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%s%s%d

Unicode based on Dropped File (carved_1.exe.1495031615758)

%s.%d.tmp

Unicode based on Dropped File (carved_1.exe.1495031615758)

%s.dll

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s: %p

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s: closed file

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s: invalid mode

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s: not a file

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s:%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s:%d: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

%u.%u.%u.%u%n

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall add rule name="Chrome" dir=in program="%PROGRAMFILES%\Google\Chrome\Application\chrome.txt" action=allow

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall add rule name="Windriver" dir=in program="%PROGRAMFILES%\Hardware Driver Management\windriver.exe" action=allow

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall delete rule name="Chrome"

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall delete rule name="Windriver"

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static add filteraction name=block action=block

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static add filterlist name=block

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static add policy name=netbc

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static add rule name=block policy=netbc filterlist=block filteraction=block

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static set policy name=netbc assign=y

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c sc delete WELM

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c sc stop WELM

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c taskkill /f /im hdmanager.exe

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c taskkill /f /im mmc.exe

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c taskkill /f /im msiexev.exe

Ansi based on Process Commandline (cmd.exe)

&e_2u;P,

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

&ERROR_FILE_NOT_FOUND

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

&ftCreate

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

&hash=

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

&hwid=

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Unicode based on Dropped File (carved_1.exe.1495031615758)

&status

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' cannot be indexed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' cannot be indexed with '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' expected (to close '%s' at line %d)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' has no '%s' metamethod

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' has no member named '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' is not callable

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

''C2J

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

'=' or 'in' expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'@tzrnD

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

'choose

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'create

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'decodet

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'for' initial value must be a number

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'for' limit must be a number

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'for' step must be a number

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'Grfvz

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

'IDLE_PRIORITY_CLASS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'location

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'module' not called from a Lua function

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'package.%s' must be a string

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

'package.loaders' must be a table

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

'package.preload' must be a table

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'port

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'reduced

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'result

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'setfenv' cannot change environment of given object

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'sourcet

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'tostring' must return a string to 'print'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'wrapt

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'z;)#$++G

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

(&B)...

Unicode based on Dropped File (carved_1.exe.1495031615758)

(&E):

Unicode based on Dropped File (carved_1.exe.1495031615758)

(&W)...

Unicode based on Dropped File (carved_1.exe.1495031615758)

((^1WA

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

(*temporary)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

(*vararg)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

([^/]*/%.%.)$

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

([^/]*/%.%./)/%.$

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(Acffffsysinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(binary)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

(errno

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for control)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for generator)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for index)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

(for limit)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for state)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for step)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(k.JcN>X

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

(null)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

(reqt

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

({7ss2{\

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

)>t\d

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

*>failure_action

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

*_>RnFFI9P

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

*char

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

*encodet

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

*messages***

Ansi based on Dropped File (carved_1.exe.1495031615758)

+B]ZfG`gp

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

+code

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

+headers

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

+parsed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

+socket

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

+t}XY?4O

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

+Uu0h^Iy

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

+yCtx>BJ/

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

,$}V7,$Pw!,

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

,]VKh#r`h

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

,host

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

-$3`}-$fp

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

-+ #0

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

---------

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

---filter

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

--server

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

-[mX@LlEY

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

-el -s2 "-d%s" "-p%s" "-sp%s"

Unicode based on Dropped File (carved_1.exe.1495031615758)

-oXLB

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

./0123

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.2JQJ

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

.7I~f~2KJ|

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

.8010

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

.?AVbad_alloc@std@@

Ansi based on Dropped File (carved_1.exe.1495031615758)

.?AVbad_exception@std@@

Ansi based on Dropped File (carved_1.exe.1495031615758)

.?AVexception@std@@

Ansi based on Dropped File (carved_1.exe.1495031615758)

.?AVtype_info@@

Ansi based on Dropped File (carved_1.exe.1495031615758)

.?AW4RAR_EXIT@@

Ansi based on Dropped File (carved_1.exe.1495031615758)

.\?.dll;!\?.dll;!\loadall.dll

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

.\?.lua;!\lua\?.lua;!\lua\?\init.lua;

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

.Cd0+,Cdv

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

.edata

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

.headers

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.HKiy0%t~

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

.idata

Ansi based on Dropped File (carved_0.exe.1495031615757)

.length

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.math

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.rdata

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

.rsrc

Ansi based on Dropped File (carved_1.exe.1495031615758)

.sink

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.step

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.string

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.text

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

.}vTC TZ

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

// InstallService typedef struct _SC_ACTION { int Type; int Delay; } SC_ACTION, *LPSC_ACTION; typedef struct _SERVICE_FAILURE_ACTIONS { int dwResetPeriod; const char *lpRebootMsg; const char *lpCommand; int cActions; SC_ACTION *lpsaActions; } SERVICE_FAILURE_ACTIONS, *LPSERVICE_FAILURE_ACTIONS; typedef struct _SERVICE_DESCRIPTION { const char *lpDescription; } SERVICE_DESCRIPTION, *LPSERVICE_DESCRIPTION; typedef struct _SERVICE_STATUS { int dwServiceType; int dwCurrentState; int dwControlsAccepted; int dwWin32ExitCode; int dwServiceSpecificExitCode; int dwCheckPoint; int dwWaitHint; } SERVICE_STATUS, *LPSERVICE_STATUS; bool ControlService(int hService, int dwControl, LPSERVICE_STATUS lpServiceStatus); int OpenServiceA(int hSCManager, const char *lpServiceName, int dwDesiredAccess); int OpenSCManagerA(const char *lpMachineName, const char *lpDatabaseName, int dwDesi

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

/[*ZkC5:d

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

/adjusturi

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

/lockfile.lfs

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

0123456789ABCDEF

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0123456789abcdef

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0123456789abcdefghijklmnopqrstuvwxyz-

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

08deee3d3f0}"/> The ID below indicates application support for Windows 7 --> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/> The ID below indicates application support for Windows 8 --> <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/> </application></compatibility><asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"> <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"> <dpiAware>true</dpiAware> </asmv3:windowsSettings></asmv3:application></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD

Ansi based on Dropped File (carved_1.exe.1495031615758)

0@.bss

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

0@.idata

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

0Ap(#{Y__Qn

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

0empty

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0floor

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0N8s,X|Pq

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

0pump

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0q$z)'q$/

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

0sink

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0source

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0|6dXf*6$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

1,userinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

104.20.17.242

Ansi based on PCAP Processing (PCAP)

130430000000Z

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

140929000000Z

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

170514051302Z0#

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

1CZ/!mk.EU`

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

1ms2em85

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

1string

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

2,8V'8;(g#6c

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

225addeeM

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

240926235959Z0A1"0

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

2ApWo'I$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

2n6M^W!9?68jP

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

33!D3

Ansi based on Dropped File (carved_1.exe.1495031615758)

330429235959Z0J1

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

3>vxxxxhttp

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

3\dJ%\dT[

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

3errmsg

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

3f{Xd:a{X

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

3mu&-

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

3size

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

3YH\ddr\dL

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

3Z<8rk*O

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

45.76.51.128

Ansi based on PCAP Processing (PCAP)

45.77.28.163

Ansi based on PCAP Processing (PCAP)

4mime

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

4tH\d$S\$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

5.^pg`H]P

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

5D0`ql

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

5Fb5R5zBG1

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

6'oOHh0Wi

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

6service_status

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

7/(TyhN2c

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

70$N;

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

7code

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

7full

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

7ltn12

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

7path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

7relative_path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

8888888888887

Ansi based on Dropped File (carved_1.exe.1495031615758)

8@VgW1GPy

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

8filter

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

8metat

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

8OlU|ZO5AV

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

9#wiT=gqL]y4

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

9WYVDL-nSHz6

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

:([^:%]]*)$

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

:4,,a

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

:base

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

:error loading module '%s' from file '%s':%s

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

:s`,4]8m%

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

:service_description

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

:~Ql1hy<Ev;M_

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

;body

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

;client

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

;server

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

;The Institute of Electrical and Electronics Engineers, Inc.10

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

</html>

Unicode based on Dropped File (carved_1.exe.1495031615758)

</li></ul>

Unicode based on Dropped File (carved_1.exe.1495031615758)

</li><br><br>)<ul><li>

Unicode based on Dropped File (carved_1.exe.1495031615758)

</style>

Unicode based on Dropped File (carved_1.exe.1495031615758)

<body

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Unicode based on Dropped File (carved_1.exe.1495031615758)

<eof>

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<goto %s> jumps into the scope of local '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<head><meta http-equiv="content-type" content="text/html; charset=

Unicode based on Dropped File (carved_1.exe.1495031615758)

<html>

Unicode based on Dropped File (carved_1.exe.1495031615758)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<name>

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<name> or '...' expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<style>

Unicode based on Dropped File (carved_1.exe.1495031615758)

Unicode based on Dropped File (carved_1.exe.1495031615758)

<TCd 3nCdBI

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

<Wjh?n\k}|

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

=(debug command)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=(load)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=C*FhBbE<!

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

=fQN%d-%d-%d

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

=nreqt

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=pe32

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=stdin

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

=table

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=userinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

>1k}3r\7r

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

>Oz"s-oI{

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

>USV:(bj-hJw

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

?*<>|"

Unicode based on Dropped File (carved_1.exe.1495031615758)

?,d\aC,;

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

?`U[`LoM

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

?path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

?receiveheaders

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

?unsafe

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

@%s@%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

@.data

Ansi based on Dropped File (carved_1.exe.1495031615758)

@lua_debug>

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

@RPPNle_M

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

@scripts\luasocket\ltn12.luaZ

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

@scripts\luasocket\socket.luam

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

@scripts\process.luad

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

[#|ZC$f'2C$F

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[3}]s{N,d2

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[[/@]dzgV]$o

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[[vYB$OfB$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[builtin#%d]:

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

[d<!s&hhd

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[msvcrt.dll

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[PX3(<|fM]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[SC] OpenService FAILED 1060:

Unicode based on Runtime Data (sc.exe , STDOUT)

[SC] OpenService FAILED 1060:The specified service does not exist as an installed service.

Unicode based on Runtime Data (sc.exe )

[string "

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

[TAGG

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[VHC$SYiC

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

\)f1g0O

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

\;?!-

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

\\Bd@CfBdr

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

\dA@:\$l$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

\Hod@Srod")

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

\REGISTRY\MACHINE\SOFTWARE\Classes

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

\Sessions\1\Windows\ApiPort

Unicode based on Runtime Data (Adylkuzz.B.exe )

\XKUM%"3p

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

\}zI;ns-i

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

]+%l x)Byw

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

]du?]d;\

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

]l:I:

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

]n'9,-9qa

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

]Vb@C=bjJ

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

]~NncMt![(

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

^$*+?.([%-

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

^%[(.+)%]$matchhost

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

^([%w][%w%+%-%.]*)%:

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

^//([^/]*)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

^@3uFu!MM[

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

^l5V:GeU

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

^OC$TW0Cd

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

_%s@%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

__alignof

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__alignof__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__asm

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__asm__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__attribute

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__attribute__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__attribute__((vector_size(

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

__based(

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

__builtin_va_list

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__cdecl

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__clrcall

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

__complex

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__complex__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__const

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__const__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__declspec

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__extension__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__fastcall

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__getmainargs

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

__gnuc_va_list

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__index

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

__index__newindex__gc__mode__eq__len__lt__le__concat__call__add__sub__mul__div__mod__pow__unm__metatable__tostring__new__pairs__ipairs

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

__inline

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__inline__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__int16

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__int32

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__int64

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__int8

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__mode

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

__pascal

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

__ptr32

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__ptr64

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__rar_

Unicode based on Dropped File (carved_1.exe.1495031615758)

__restrict

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__restrict__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__signed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__signed__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__stdcall

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__thiscall

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__tmp_rar_sfx_access_check_%u

Unicode based on Dropped File (carved_1.exe.1495031615758)

__tostring

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__unaligned

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

__unload

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__volatile

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__volatile__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

_Bool

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

_CdqlrC$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

_chdir

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

_Complex

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

_COPYRIGHT

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_DESCRIPTION

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_Jv_RegisterClasses

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

_LOADED

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_LOADLIB

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_NAME

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

_PACKAGE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

_PRELOAD

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_SETSIZE

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_VERSION

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_VMEVENTS

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

`.8011

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

`.rdata

Ansi based on Dropped File (carved_1.exe.1495031615758)

`3$p;M3$=

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

`@.eh_framd

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

`_[Q8})4

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

`copy constructor closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`default constructor closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`dynamic atexit destructor for '

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`dynamic initializer for '

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`eh vector constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`eh vector copy constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`eh vector destructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`eh vector vbase constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`eh vector vbase copy constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`h````

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`local static guard'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`local static thread guard'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`local vftable constructor closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`local vftable'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`managed vector constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`managed vector copy constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`managed vector destructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`omni callsig'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`o{+7GQ1r1

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

`placement delete closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`placement delete[] closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`RTTI

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`scalar deleting destructor'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`string'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`typeof'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`udt returning'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vbase destructor'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vbtable'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vcall'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector copy constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector deleting destructor'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector destructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector vbase constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector vbase copy constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vftable'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`virtual displacement map'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Unicode based on Dropped File (carved_1.exe.1495031615758)

a61kdOckd

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

a9n2tsW&x*

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

a\TCrgOK:4f

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Ansi based on Dropped File (carved_1.exe.1495031615758)

abcdefghijklmnopqrstuvwxyz

Ansi based on Dropped File (carved_1.exe.1495031615758)

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

abort

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

about:blank

Unicode based on Dropped File (carved_1.exe.1495031615758)

absolute

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

absolute_path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

AC type

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

access

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

activation.php?code=

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

activelines

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

address

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Address already in use

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

address already in use

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Address family not supported by protocol family

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

AddressFamily

Unicode based on Runtime Data (Adylkuzz.B.exe )

adjustheaders

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

adjustproxy

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

adjustrequest

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

AdjustTokenPrivileges

Ansi based on Dropped File (carved_1.exe.1495031615758)

adjusturi

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

advapi32

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ADVAPI32.DLL

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

ADVAPI32.dll

Ansi based on Dropped File (carved_1.exe.1495031615758)

Agyd-

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00469000.00000004.mdmp)

ai_family not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

ai_socktype not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

alias

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

already connected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ambiguous syntax (function call x new statement)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.

Ansi based on Runtime Data (netsh.exe )

anreqt

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

April

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

ASKNEXTVOL

Unicode based on Dropped File (carved_1.exe.1495031615758)

assertion failed!

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

at %p

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

AtrMuO\U0EI

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

attempt to %s %s '%s' (a %s value)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to %s a %s value

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to call a %s value

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to compare %s with %s

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to compare '%s' with '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to compare two %s values

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to concatenate '%s' and '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to get length of '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to load chunk with wrong mode

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to perform arithmetic on '%s' and '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to redefine '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to use a closed file

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to write to constant location

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to yield across C-call boundary

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attributes

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

August

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

AuthenticodeEnabled

Unicode based on Runtime Data (Adylkuzz.B.exe )

authority

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

authoritypath

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

AutodialDLL

Unicode based on Runtime Data (Adylkuzz.B.exe )

auxiliar

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

aW"[az,Cl,

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

b<style>body{font-family:"Arial,

Unicode based on Dropped File (carved_1.exe.1495031615758)

b?hW-iJwn

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

B]$h7o]$q

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

bad action while in __gc metamethod

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Bad address

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

bad allocation

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

bad argument #%d to '%s' (%s)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bad callback

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bad exception

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

bad FPU precision (use D3DCREATE_FPU_PRESERVE with DirectX)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bad light userdata pointer

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Bad protocol option

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

bad storage class

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

BANNED

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Base Class Array'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Base Class Descriptor at (

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

base out of range

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

base64

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

base_path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

base_url

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Bheaders

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

binary

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

bit_and

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bit_lshift

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bit_not

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bit_or

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bit_rshift

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bit_xor

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

block device

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

BMza9%Cza

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

boolean

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

boolean 'on' field expected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

boolean or proxy expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

break

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Bstatus

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

buffer

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

build

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

build_path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bytecode instructions

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

bytecodes

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

C type

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

c*Kxm

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

C++ exception

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

c+IUd'@~A

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

c1v i

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

C\dDAn\$-

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

C]d% n]$L

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

calling '%s' on bad self (%s)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Cannot %s server %sError: 0x%X

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Cannot assign requested address

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot change a protected metatable

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot close standard file

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot convert '%s' to '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot load incompatible bytecode

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot load malformed bytecode

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot load module '%s': %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot obtain information from file `%s'

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot open %s: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot read %s: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot resolve symbol '%s': %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot resume dead coroutine

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot resume non-suspended coroutine

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot resume running coroutine

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Cannot send after socket shutdown

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot use '...' outside a vararg function

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

canonic

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cB$:atB$'`bB

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Cd)2(CdCH

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

cdata

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cdata<%s>: %d

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cdata<%s>: %p

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

CdL;,Cdm

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

CdM@C$,

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

cdyb_>?v

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

CdZU=Cdd_

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

CEIPEnable

Unicode based on Runtime Data (Adylkuzz.B.exe )

chain

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

change

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

char device

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

char(%d)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

CharUpperBuffW

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

CharUpperW

Ansi based on Dropped File (carved_1.exe.1495031615758)

chdir

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

check_int

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ched20.dll

Unicode based on Dropped File (carved_1.exe.1495031615758)

children

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

chunk

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

chunk has more than %d local variables

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

chunk has too many lines

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

chunk has too many syntax levels

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Class

Unicode based on Runtime Data (Adylkuzz.B.exe )

class

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Class Hierarchy Descriptor'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

closed

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

closed directory

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

closed file

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

CloseHandle

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

CloseServiceHandle

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

CLSIDFromString

Ansi based on Dropped File (carved_1.exe.1495031615758)

CoCreateInstance

Ansi based on Dropped File (carved_1.exe.1495031615758)

COMCTL32.dll

Ansi based on Dropped File (carved_1.exe.1495031615758)

COMDLG32.dll

Ansi based on Dropped File (carved_1.exe.1495031615758)

CommDlgExtendedError

Ansi based on Dropped File (carved_1.exe.1495031615758)

CompareStringW

Ansi based on Dropped File (carved_1.exe.1495031615758)

Complete Object Locator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

complex

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ComputerName

Unicode based on Runtime Data (Adylkuzz.B.exe )

concatenate

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

config

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

configSleep

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

connect

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

connect6

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

connection refused

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Connection refused

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Connection reset by peer

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Connection timed out

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

CONOUT$

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

const

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

constants

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

CONSTS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

control structure too long

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

CopyFiles

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

CopyRect

Ansi based on Dropped File (carved_1.exe.1495031615758)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

CorExitProcess

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

coroutine

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

coroutine expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

count

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cpath

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

CPU not supported

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

CREATE_ALWAYS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

CreateCompatibleBitmap

Ansi based on Dropped File (carved_1.exe.1495031615758)

CreateCompatibleDC

Ansi based on Dropped File (carved_1.exe.1495031615758)

CreateDirectoryW

Ansi based on Dropped File (carved_1.exe.1495031615758)

CreateEventW

Ansi based on Dropped File (carved_1.exe.1495031615758)

CreateFileA

Ansi based on Dropped File (carved_1.exe.1495031615758)

CreateFileMappingW

Ansi based on Dropped File (carved_1.exe.1495031615758)

CreateFileW

Ansi based on Dropped File (carved_1.exe.1495031615758)

CreateHardLinkW

Ansi based on Dropped File (carved_1.exe.1495031615758)

CreateSemaphoreW

Ansi based on Dropped File (carved_1.exe.1495031615758)

CreateStreamOnHGlobal

Ansi based on Dropped File (carved_1.exe.1495031615758)

CreateThread

Ansi based on Dropped File (carved_1.exe.1495031615758)

CreateThread failed

Unicode based on Dropped File (carved_1.exe.1495031615758)

CreateWindowExW

Ansi based on Dropped File (carved_1.exe.1495031615758)

Crypt32.dll

Unicode based on Dropped File (carved_1.exe.1495031615758)

CryptProtectMemory

Ansi based on Dropped File (carved_1.exe.1495031615758)

CryptProtectMemory failed

Unicode based on Dropped File (carved_1.exe.1495031615758)

CryptUnprotectMemory

Ansi based on Dropped File (carved_1.exe.1495031615758)

CryptUnprotectMemory failed

Unicode based on Dropped File (carved_1.exe.1495031615758)

cselfpath

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Csock

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ctype

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ctype<%s>

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

currentdir

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

currentline

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cut_le_str

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

CW6X2Ez

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

CWDIllegalInDLLSearch

Unicode based on Runtime Data (Adylkuzz.B.exe )

C}:'5]LDR

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

D$%zcVM7

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

D(null)

Unicode based on Dropped File (carved_1.exe.1495031615758)

D+W=MEdUO

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

d2#j@AXY"wQ

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

d8s')q$%N

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Ansi based on Dropped File (carved_1.exe.1495031615758)

D_9j'Sa^<

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

dddd, MMMM dd, yyyy

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

deactivation.php?hash=

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

debug

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

December

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

declaration specifier expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

DecodePointer

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

default

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

DefWindowProcW

Ansi based on Dropped File (carved_1.exe.1495031615758)

delete

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

delete[]

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

DeleteCriticalSection

Ansi based on Dropped File (carved_1.exe.1495031615758)

DeleteDC

Ansi based on Dropped File (carved_1.exe.1495031615758)

DeleteFileW

Ansi based on Dropped File (carved_1.exe.1495031615758)

DeleteObject

Ansi based on Dropped File (carved_1.exe.1495031615758)

Destination address required

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

DestroyIcon

Ansi based on Dropped File (carved_1.exe.1495031615758)

DestroyWindow

Ansi based on Dropped File (carved_1.exe.1495031615758)

DeviceIoControl

Ansi based on Dropped File (carved_1.exe.1495031615758)

dgram

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

DhSnap

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

DialogBoxParamW

Ansi based on Dropped File (carved_1.exe.1495031615758)

directory

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

directory metatable

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

dirty

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Disable

Unicode based on Runtime Data (Adylkuzz.B.exe )

DisableEngine

Unicode based on Runtime Data (Adylkuzz.B.exe )

DisableLocalOverride

Unicode based on Runtime Data (Adylkuzz.B.exe )

DisableMetaFiles

Unicode based on Runtime Data (Adylkuzz.B.exe )

DisableUserModeCallbackFilter

Unicode based on Runtime Data (Adylkuzz.B.exe )

DispatchMessageW

Ansi based on Dropped File (carved_1.exe.1495031615758)

DisplayString

Unicode based on Runtime Data (Adylkuzz.B.exe )

DllInstall

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

DllRegisterServer

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Domain

Unicode based on Runtime Data (Adylkuzz.B.exe )

DOMAIN error

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

DosDateTimeToFileTime

Ansi based on Dropped File (carved_1.exe.1495031615758)

double

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

down-recursion

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

DownloadAndRun

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

dRCdxohCd^)

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Dumping first %d bytes:

Unicode based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

duplicate label '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

dYA#7X!)`:

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

DynASM 1.3.0

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

d|2^I

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

d|]dxwF]dF5p

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

e/U]b8Sd,

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

e1@(<$y)2

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

e^I1xX

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

E`\dY^Z\d/(

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

EDodYF~od7$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

eHCd9^rCdo

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

ehttp://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

elseif

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

empty

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

en-US

Unicode based on Runtime Data (Adylkuzz.B.exe )

Enabled

Unicode based on Runtime Data (Adylkuzz.B.exe )

EnableWindow

Ansi based on Dropped File (carved_1.exe.1495031615758)

encode

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

EncodePointer

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

EndDialog

Ansi based on Dropped File (carved_1.exe.1495031615758)

ent-type" content="text/html; charset=

Unicode based on Dropped File (carved_1.exe.1495031615758)

EnterCriticalSection

Ansi based on Dropped File (carved_1.exe.1495031615758)

EnumServicesStatusExW

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

err_or_new

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

errkeys

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

errmsg

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

error

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ERROR

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Error at hooking API "%S"

Unicode based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

error in error handling

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

error loading module '%s' from file '%s':%s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ERROR: The process "hdmanager.exe" not found.

Unicode based on Runtime Data (taskkill.exe )

ERROR: The process "mmc.exe" not found.

Unicode based on Runtime Data (taskkill.exe )

ERROR: The process "msiexev.exe" not found.

Unicode based on Runtime Data (taskkill.exe )

ERROR_BAD_EXE_FORMAT

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ERROR_FILE_NOT_FOUND

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

except

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

exitcode

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ExitProcess

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

expand

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ExpandEnvironmentStringsW

Ansi based on Dropped File (carved_1.exe.1495031615758)

EXPIRED

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Explorer

Unicode based on Dropped File (carved_1.exe.1495031615758)

extern

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

external hook

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

extra

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

F,04J

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

F9v:]aj*

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

f_.?r

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

false

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

family

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Fatal Error

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

fbc:N:

Ansi based on Dropped File (carved_1.exe.1495031615758)

fCV E")~c

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

fdefault

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

February

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

fhsocket

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

field

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

field '%s' missing in date table

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

file (%p)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

file (closed)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

File exists

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

FILE*

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

FILE_ATTRIBUTE_NORMAL

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

FILE_SHARE_DELETE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

FILE_SHARE_READ

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

FILE_SHARE_WRITE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

filename

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

FileTimeToLocalFileTime

Ansi based on Dropped File (carved_1.exe.1495031615758)

FileTimeToSystemTime

Ansi based on Dropped File (carved_1.exe.1495031615758)

filter

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

filtered

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

FindClose

Ansi based on Dropped File (carved_1.exe.1495031615758)

FindFirstFileW

Ansi based on Dropped File (carved_1.exe.1495031615758)

FindNextFileW

Ansi based on Dropped File (carved_1.exe.1495031615758)

FindResourceW

Ansi based on Dropped File (carved_1.exe.1495031615758)

FindWindowExW

Ansi based on Dropped File (carved_1.exe.1495031615758)

flnSu

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

float

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

floor

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

FlsAlloc

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

FlsFree

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

FlsGetValue

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

FlsSetValue

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

flush

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

FlushFileBuffers

Ansi based on Dropped File (carved_1.exe.1495031615758)

Fonts

Unicode based on Runtime Data (Adylkuzz.B.exe )

format

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

fparsed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

FQWWTe"[T

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

FreeEnvironmentStringsA

Ansi based on Dropped File (carved_1.exe.1495031615758)

FreeEnvironmentStringsW

Ansi based on Dropped File (carved_1.exe.1495031615758)

FreeLibrary

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

frequency

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Friday

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

from_pid

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

frU%D4fr

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ftKern

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ftUser

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

function

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

function arguments expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

function at line %d has more than %d %s

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

function or expression too complex

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

function or level expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

function too long for return fixup

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

function: builtin#%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

fu{Y]Q=(p

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

FXf)U

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.005B0000.00000020.mdmp)

g8r"r"3c2

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

g_hMiners

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

GCC: (tdm-1) 5.1.0

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GCC: (tdm-2) 4.8.1

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

gcconsts

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

gdi32.dll

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GDI32.dll

Ansi based on Dropped File (carved_1.exe.1495031615758)

GENERIC_READ

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GENERIC_WRITE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

get length of

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GetACP

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetActiveWindow

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

getaddrinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GetClassNameW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetClientRect

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetCommandLineA

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetCommandLineW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetConsoleCP

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetConsoleMode

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetConsoleOutputCP

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetCPInfo

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetCurrentDirectoryW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetCurrentProcess

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

GetCurrentProcessId

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetCurrentThread

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

GetCurrentThreadId

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetDateFormatW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetDC

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetDeviceCaps

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetDlgItem

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetDlgItemTextW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetEnvironmentStrings

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetEnvironmentStringsW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetExitCodeProcess

Ansi based on Dropped File (carved_1.exe.1495031615758)

getfamily

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

getfd

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

GetFileAttributesW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetFileType

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetFullPathNameW

Ansi based on Dropped File (carved_1.exe.1495031615758)

gethostname

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GetLastActivePopup

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

GetLastError

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

GetLocaleInfoA

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetLocaleInfoW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetLongPathNameW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetMessageW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetModuleFileNameA

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetModuleFileNameW

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

GetModuleHandleA

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

GetModuleHandleW

Ansi based on Dropped File (carved_1.exe.1495031615758)

getnameinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GetNumberFormatW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetObjectW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetOEMCP

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetOpenFileNameW

Ansi based on Dropped File (carved_1.exe.1495031615758)

getoption

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GetParent

Ansi based on Dropped File (carved_1.exe.1495031615758)

GETPASSWORD1

Unicode based on Dropped File (carved_1.exe.1495031615758)

getpeername

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GetProcAddress

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetProcessAffinityMask

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

GetProcessWindowStation

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

GetSaveFileNameW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetShortPathNameW

Ansi based on Dropped File (carved_1.exe.1495031615758)

getsockname

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

getsockopt failed

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

GetStartupInfoA

Ansi based on Dropped File (carved_1.exe.1495031615758)

getstats

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GetStdHandle

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetStringTypeA

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetStringTypeW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetSysColor

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetSystemMetrics

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetSystemTime

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetSystemTimeAsFileTime

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetTempPathW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetTickCount

Ansi based on Dropped File (carved_1.exe.1495031615758)

gettime

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GetTimeFormatW

Ansi based on Dropped File (carved_1.exe.1495031615758)

gettimes

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GetUserObjectInformationA

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

GetWindow

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetWindowLongW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetWindowRect

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetWindowTextW

Ansi based on Dropped File (carved_1.exe.1495031615758)

gfind

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ghash

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

global

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

GlobalAlloc

Ansi based on Dropped File (carved_1.exe.1495031615758)

gmatch

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

gP/bb:QDM

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Graceful shutdown in progress

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

gt1N\osJr

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

GWFE-

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

gwgw`

Ansi based on Dropped File (carved_1.exe.1495031615758)

gwS37%w`

Ansi based on Dropped File (carved_1.exe.1495031615758)

H1"^Z/e93%

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

handle

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

hasError

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

hasWanIP

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

hb]$W

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

headers

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

HeapAlloc

Ansi based on Dropped File (carved_1.exe.1495031615758)

HeapCreate

Ansi based on Dropped File (carved_1.exe.1495031615758)

HeapFree

Ansi based on Dropped File (carved_1.exe.1495031615758)

HeapReAlloc

Ansi based on Dropped File (carved_1.exe.1495031615758)

HeapSize

Ansi based on Dropped File (carved_1.exe.1495031615758)

HelperDllName

Unicode based on Runtime Data (Adylkuzz.B.exe )

hex2binary

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

hex2binaryaux

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

hexsum

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

hexval

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

HH:mm:ss

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

hhash

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

HHJ?!|dt@F

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Hider

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

high_bit

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

hOpen

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

host and serv cannot be both nil

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Host is down

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

host not found

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Host not found

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

host or service not provided, or not known

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Hostname

Unicode based on Runtime Data (Adylkuzz.B.exe )

hProcess

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

hRichEdit20W

Unicode based on Dropped File (carved_1.exe.1495031615758)

hService

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

http://pki-ocsp.symauth.com0

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

HV;2$0VJ2

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

hZ60w6)A6fA

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

I1ovuw.oF

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

i@;v/1j)l

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

iceext.sys

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Icko$xZjo$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

icommand

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

IDLE_PRIORITY_CLASS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

IEEE Root CA0

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

iMOVEFILE_DELAY_UNTIL_REBOOT

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

in function '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

in function <%s:%d>

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

in main chunk

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

index

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

index out of range

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

inet4

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

inet6

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Infinity

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

InHistory

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

InitCommonControlsEx

Ansi based on Dropped File (carved_1.exe.1495031615758)

InitializeCriticalSection

Ansi based on Dropped File (carved_1.exe.1495031615758)

InitializeCriticalSectionAndSpinCount

Ansi based on Dropped File (carved_1.exe.1495031615758)

inline

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

insert

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Install

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

InstallService

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

int16_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

int32_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

int64_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

int8_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

interface

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

InterlockedDecrement

Ansi based on Dropped File (carved_1.exe.1495031615758)

InterlockedIncrement

Ansi based on Dropped File (carved_1.exe.1495031615758)

interpreter

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Interrupted function call

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

intptr_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid 'interface' ip address

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

invalid 'multiaddr' ip address

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Invalid argument

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

invalid attribute name

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

invalid C type

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid capture index

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid escape sequence

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid format

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid format (repeated flags)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid format (width or precision too long)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid key to 'next'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid level

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid long string delimiter

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid object passed to 'auxiliar.c:__tostring'

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

invalid option

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid option '%%%c' to 'format'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid option '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid order function for sorting

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid pattern capture

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid receive pattern

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

invalid replacement value (a %s)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid string position

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

invalid timeout mode

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

invalid value

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid value (%s) at index %d in table for 'concat'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid value for ai_flags

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

io_err

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ip expected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ipleObjects error %d, GetLastError %d

Unicode based on Dropped File (carved_1.exe.1495031615758)

ipv6-v6only

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

IsDBCSLeadByte

Ansi based on Dropped File (carved_1.exe.1495031615758)

IsDebuggerPresent

Ansi based on Dropped File (carved_1.exe.1495031615758)

isdst

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

IsValidCodePage

Ansi based on Dropped File (carved_1.exe.1495031615758)

isvararg

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

IsWindow

Ansi based on Dropped File (carved_1.exe.1495031615758)

IsWindowVisible

Ansi based on Dropped File (carved_1.exe.1495031615758)

it,w{g5Q(

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Izi`]Rb6%

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

j0\dva\d

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

j3db5e3$3h}

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

J\dVM0\d|

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

J_{{2o~"j

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

JanFebMarAprMayJunJulAugSepOctNovDec

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

January

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

jC$YfGC$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

jfN$p}ZB;

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

JIT compiler disabled, CPU does not support SSE2

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

jit.opt

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

jit.util

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

jMOVEFILE_REPLACE_EXISTING

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

jmsctls_progress32

Unicode based on Dropped File (carved_1.exe.1495031615758)

jzN]"&-<

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

K\$\kf\$mZp\

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

K]d/Ff]$*

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

kc3d0q3d3

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

keep-open

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

keepalive

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

kernel32

Unicode based on Dropped File (carved_1.exe.1495031615758)

KERNEL32.dll

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

KERNEL32.DLL

Unicode based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

kh@K/,VqBU

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

KN [TZ!(

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Ktable

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

K~X$&oXdg

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

L =tAJjY_x

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

L>YA|"wIEjM

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

l[:NnjG

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

laddress

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Laddrinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

last_in

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

last_out

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

lastlinedefined

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

lastUpdata

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Lauthority

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Lbacklog

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Lbase

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

lClassName

Unicode based on Dropped File (carved_1.exe.1495031615758)

LCMapStringA

Ansi based on Dropped File (carved_1.exe.1495031615758)

LCMapStringW

Ansi based on Dropped File (carved_1.exe.1495031615758)

LD: main.c: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

LeaveCriticalSection

Ansi based on Dropped File (carved_1.exe.1495031615758)

lei2str

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

length

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

level out of range

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

lexical element too long

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Lhttp://pki-crl.symauth.com/ca_219679623e6b4fa507d638cbeba72ecb/LatestCRL.crl07

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

li><br><br>)<li>

Unicode based on Dropped File (carved_1.exe.1495031615758)

libgcj-16.dll

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

LibraryPath

Unicode based on Runtime Data (Adylkuzz.B.exe )

LICENSEDLG

Unicode based on Dropped File (carved_1.exe.1495031615758)

linedefined

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

linger

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

linktype

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

listen

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

LN5uDBADTQ}vhS

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

LoadAppInit_DLLs

Unicode based on Runtime Data (Adylkuzz.B.exe )

LoadBitmapW

Ansi based on Dropped File (carved_1.exe.1495031615758)

LoadCursorW

Ansi based on Dropped File (carved_1.exe.1495031615758)

loaded

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

loaders

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

LoadIconW

Ansi based on Dropped File (carved_1.exe.1495031615758)

loadlib

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

LOADLIB: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

LoadLibraryA

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

LoadLibraryW

Ansi based on Dropped File (carved_1.exe.1495031615758)

LoadStringW

Ansi based on Dropped File (carved_1.exe.1495031615758)

local

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

local variables

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

LocalAlloc

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

LocalFileTimeToFileTime

Ansi based on Dropped File (carved_1.exe.1495031615758)

LocalFree

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

lock metatable

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

lock_dir

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

logpath

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

long double

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

lookup

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

LookupPrivilegeValueW

Ansi based on Dropped File (carved_1.exe.1495031615758)

loop in gettable

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

loop in settable

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

loop or previous error loading module '%s'

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Lport

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

lport

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

lpTitle; DWORD dwX; DWORD dwY; DWORD dwXSize; DWORD dwYSize; DWORD dwXCountChars; DWORD dwYCountChars; DWORD dwFillAttribute; DWORD dwFlags; WORD wShowWindow; WORD cbReserved2; PBYTE lpReserved2; HANDLE hStdInput; HANDLE hStdOutput; HANDLE hStdError; } STARTUPINFOA,*LPSTARTUPINFOA; typedef struct { DWORD dwLowDateTime; DWORD dwHighDateTime; } FILETIME,*PFILETIME,*LPFILETIME; BOOL CreateProcessA(LPCSTR,LPSTR,LPVOID,LPVOID,BOOL,DWORD,PVOID,LPCSTR,LPSTARTUPINFOA,LPPROCESS_INFORMATION); DWORD GetLastError(void); BOOL GetExitCodeProcess(HANDLE,PDWORD); BOOL GetProcessTimes(HANDLE hProcess, LPFILETIME lpCreationTime, LPFILETIME lpExitTime, LPFILETIME lpKernelTime, LPFILETIME lpUserTime); typedef struct _SECURITY_ATTRIBUTES { DWORD nLength; LPVOID lpSecurityDescriptor; BOOL bInheritHandle; } SECURITY_A

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ltn12

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Lua 5.1

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Lua function expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

LUA_CPATH

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

LUA_NOENV

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

LUA_PATH

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

LuaFileSystem 1.6.2

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

LuaFileSystem is a Lua library developed to complement the set of functions related to file systems offered by the standard Lua distribution

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

LuaJIT 2.0.3

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

luaJIT_BC_%s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

luaJIT_BC_config

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_hider

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_install

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_ltn12

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_main

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_md5

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_mime

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_miner

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_process

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_socket

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_socket_headers

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_socket_http

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_socket_url

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_sysinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaJIT_BC_updater

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

luaopen_%s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

LuaSocket 3.0-rc1

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

lXdIEX$I<`X$P

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

m!p89IMN4

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

m'K#"1g~

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

M\dWhL\

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

MachinePreferredUILanguages

Unicode based on Runtime Data (Adylkuzz.B.exe )

main function has more than %d %s

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Main()

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

make_link is not supported on Windows

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

make_set

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

malformed number

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

malformed pattern (ends with '%')

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

malformed pattern (missing ']')

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Mapping

Unicode based on Runtime Data (Adylkuzz.B.exe )

MapViewOfFile

Ansi based on Dropped File (carved_1.exe.1495031615758)

MapWindowPoints

Ansi based on Dropped File (carved_1.exe.1495031615758)

March

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

marker

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Maximum allowed array size (%u) is exceeded

Unicode based on Dropped File (carved_1.exe.1495031615758)

maxmcode

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

MaxRpcSize

Unicode based on Runtime Data (Adylkuzz.B.exe )

MaxSockaddrLength

Unicode based on Runtime Data (Adylkuzz.B.exe )

mb\d1VX\d

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

MbP?l

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

MC$f{:C$3]t

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

memory allocation failure

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

memorystatusex

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Message too long

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

MessageBoxA

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

MessageBoxW

Ansi based on Dropped File (carved_1.exe.1495031615758)

metamethod

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

metat

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

method

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Microsoft Visual C++ Runtime Library

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

MIME 1.0.3

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

mime.core

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Miner

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Mingw runtime failure:

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

MinSockaddrLength

Unicode based on Runtime Data (Adylkuzz.B.exe )

missing '[' after '%f' in pattern

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

missing declaration for symbol '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

mkdir

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

MM/dd/yy

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

modification

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

module

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

module '%s' not found:%s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Monday

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

month

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

MOVEFILE_COPY_ALLOWED

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

MoveFileExW

Ansi based on Dropped File (carved_1.exe.1495031615758)

MoveFileW

Ansi based on Dropped File (carved_1.exe.1495031615758)

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Unicode based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

mpadLen

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

mscoree.dll

Unicode based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

multiaddr

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

MultiByteToWideChar

Ansi based on Dropped File (carved_1.exe.1495031615758)

N,Aph,8I:

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

N4Y_cOW

Ansi based on Dropped File (carved_1.exe.1495031615758)

n^[BCh<~:;

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

N`n5=-ILv

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

name conflict for module '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

named pipe

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

NameSpace_Callout

Unicode based on Runtime Data (Adylkuzz.B.exe )

namewhat

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

NapAgent

Unicode based on Runtime Data (netsh.exe )

nconsts

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

netsh advfirewall firewall add rule name="Chrome" dir=in program="%PROGRAMFILES%\Google\Chrome\Application\chrome.txt" action=allow

Ansi based on Process Commandline (netsh.exe)

netsh advfirewall firewall add rule name="Windriver" dir=in program="%PROGRAMFILES%\Hardware Driver Management\windriver.exe" action=allow

Ansi based on Process Commandline (netsh.exe)

netsh advfirewall firewall delete rule name="Chrome"

Ansi based on Process Commandline (netsh.exe)

netsh advfirewall firewall delete rule name="Windriver"

Ansi based on Process Commandline (netsh.exe)

netsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445

Ansi based on Process Commandline (netsh.exe)

netsh ipsec static add filteraction name=block action=block

Ansi based on Process Commandline (netsh.exe)

netsh ipsec static add filterlist name=block

Ansi based on Process Commandline (netsh.exe)

netsh ipsec static add policy name=netbc

Ansi based on Process Commandline (netsh.exe)

netsh ipsec static add rule name=block policy=netbc filterlist=block filteraction=block

Ansi based on Process Commandline (netsh.exe)

netsh ipsec static set policy name=netbc assign=y

Ansi based on Process Commandline (netsh.exe)

Network dropped connection on reset

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Network is down

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Network is unreachable

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Network subsystem is unavailable

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

new[]

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

NewMiner

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

NewThread

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

newtry

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

nexit

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Next_Catalog_Entry_ID

Unicode based on Runtime Data (Adylkuzz.B.exe )

NF3N4/6w5

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

nil or table expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

nlink

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

nM];lN8r8

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

nNVSf5@[R

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

No buffer space available

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

no calling environment

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

no field package.preload['%s']

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

no file '%s'

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

no loop to break

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

no module '%s' in file '%s'

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

No route to host

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

no value

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

non-recoverable failure in name resolution

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Nonauthoritative host not found

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Nonrecoverable name lookup error

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

normal

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

not enough memory

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

November

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

nOwYvw

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

nparams

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

NTF_EXPONENT_DIGITS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ntice.sys

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Num_Catalog_Entries

Unicode based on Runtime Data (Adylkuzz.B.exe )

number

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

number 'interface' field expected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

number 'timeout' field expected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

nY$ZqCY$w\UY

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

NYI: cannot call this C function (yet)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

NYI: packed bit fields

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

O$Q:7

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

O'k*:&44_

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

o+0c2

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00469000.00000004.mdmp)

OAv\d~H\\$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

October

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

odM^$od/0

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

OemToCharBuffA

Ansi based on Dropped File (carved_1.exe.1495031615758)

Oheaders

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

OImXZ!mGj

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

ole32.dll

Ansi based on Dropped File (carved_1.exe.1495031615758)

OLEAUT32.dll

Ansi based on Dropped File (carved_1.exe.1495031615758)

OleInitialize

Ansi based on Dropped File (carved_1.exe.1495031615758)

OleUninitialize

Ansi based on Dropped File (carved_1.exe.1495031615758)

Om7{)n @9M*

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

omsgLen

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

OmZY2}/

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

OOBEInProgress

Unicode based on Runtime Data (Adylkuzz.B.exe )

OpenFileMappingW

Ansi based on Dropped File (carved_1.exe.1495031615758)

OpenProcessToken

Ansi based on Dropped File (carved_1.exe.1495031615758)

OpenSCManagerW

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

OpenServiceW

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Operation already in progress

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Operation not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Operation now in progress

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

operator

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Orelative_parsed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Orelative_url

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

other

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

P>`k,<0v$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

p@.bss

Ansi based on Dropped File (carved_0.exe.1495031615757)

P]dK"}]$N

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

P`.data

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

PA<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="WinRAR SFX" type="win32"/><description>WinRAR SFX module</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security></trustInfo><dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"/> </dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> The ID below indicates application support for Windows Vista --> <supportedOS Id="{e2011457-1546-43c5-a5fe-

Ansi based on Dropped File (carved_1.exe.1495031615758)

package

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

PackedCatalogItem

Unicode based on Runtime Data (Adylkuzz.B.exe )

pairs

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

PANIC: unprotected error in call to Lua API (

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

params

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

parse

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

parse_path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

parsed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

partial

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

password

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

path too long: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

pattern too complex

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

PeekMessageW

Ansi based on Dropped File (carved_1.exe.1495031615758)

perform arithmetic on

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Permission denied

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

permission denied

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

permissions

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

pExit

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

PGVR.OUo|eY

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

pn;"R|TqR

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

policyagent

Unicode based on Runtime Data (netsh.exe )

PolicyAgent

Unicode based on Runtime Data (netsh.exe )

PostMessageW

Ansi based on Dropped File (carved_1.exe.1495031615758)

power

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

PreferExternalManifest

Unicode based on Runtime Data (Adylkuzz.B.exe )

PreferredUILanguages

Unicode based on Runtime Data (Adylkuzz.B.exe )

preload

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

PRINTF_EXPONENT_DIGITS

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

process

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

process_cls

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

PROCESS_QUERY_INFORMATION

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

PROCESS_TERMINATE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

PROCESSOR_ARCHITECTURE_AMD64

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

PROCESSOR_ARCHITECTURE_IA64

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ProgramFilesDir

Unicode based on Dropped File (carved_1.exe.1495031615758)

protect

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

protect_segment

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

proto

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Protocol family not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Protocol not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Protocol wrong type for socket

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ProviderId

Unicode based on Runtime Data (Adylkuzz.B.exe )

ProviderInfo

Unicode based on Runtime Data (Adylkuzz.B.exe )

proxy

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

PTgx;

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

ptrdiff_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

PwImK8si

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Q?Af'@(l2

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Q?Gn?`~53

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Q\ ,4J+U

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Q_Gh'

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

qB$opxBdS

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

QbO0y]E=%;

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

qhFile

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

qpwrp

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

QueryPerformanceCounter

Ansi based on Dropped File (carved_1.exe.1495031615758)

QueryServiceConfigW

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

quoted-printable

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

qvodIp8od

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

r"%wP

Ansi based on Dropped File (carved_1.exe.1495031615758)

R6002- floating point support not loaded

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6008- not enough space for arguments

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6009- not enough space for environment

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6016- not enough space for thread data

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6017- unexpected multithread lock error

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6018- unexpected heap error

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6019- unable to open console device

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6024- not enough space for _onexit/atexit table

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6025- pure virtual function call

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6026- not enough space for stdio initialization

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6027- not enough space for lowio initialization

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6028- unable to initialize heap

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6030- CRT not initialized

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6031- Attempt to initialize the CRT more than once.This indicates a bug in your application.

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6032- not enough space for locale information

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6033- Attempt to use MSIL code from this assembly during native code initializationThis indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6034An application has made an attempt to load the C runtime library incorrectly.Please contact the application's support team for more information.

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

RABu-BTk

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

RaiseException

Ansi based on Dropped File (carved_1.exe.1495031615758)

RarHtmlClassName

Unicode based on Dropped File (carved_1.exe.1495031615758)

reader function must return a string

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ReadFile

Ansi based on Dropped File (carved_1.exe.1495031615758)

receive

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

receive09body

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

receivebody

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

receiveheaders

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

receivestatusline

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

RegCloseKey

Ansi based on Dropped File (carved_1.exe.1495031615758)

RegCreateKeyExW

Ansi based on Dropped File (carved_1.exe.1495031615758)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

RegisterClassExW

Ansi based on Dropped File (carved_1.exe.1495031615758)

RegisterServiceCtrlHandlerA

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

RegOpenKeyExW

Ansi based on Dropped File (carved_1.exe.1495031615758)

RegQueryValueExA

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

RegQueryValueExW

Ansi based on Dropped File (carved_1.exe.1495031615758)

RegSetValueExW

Ansi based on Dropped File (carved_1.exe.1495031615758)

release.exe

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

ReleaseDC

Ansi based on Dropped File (carved_1.exe.1495031615758)

ReleaseSemaphore

Ansi based on Dropped File (carved_1.exe.1495031615758)

RemoveDirectoryW

Ansi based on Dropped File (carved_1.exe.1495031615758)

RENAMEDLG

Unicode based on Dropped File (carved_1.exe.1495031615758)

repeat

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

REPLACEFILEDLG

Unicode based on Dropped File (carved_1.exe.1495031615758)

report

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

reportTable

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

reqline

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

request

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

require

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

require("main")

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ResetEvent

Ansi based on Dropped File (carved_1.exe.1495031615758)

Resource temporarily unavailable

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

restrict

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

result

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

retry

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

return

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

reuseaddr

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

rewind

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

riched20.dll

Unicode based on Dropped File (carved_1.exe.1495031615758)

riched32.dll

Unicode based on Dropped File (carved_1.exe.1495031615758)

rM\d.Mw\d|

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

rmdir

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Rname

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

rOI_Eg6t o

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

rrrrr

Ansi based on Dropped File (carved_1.exe.1495031615758)

rrrrrmm

Ansi based on Dropped File (carved_1.exe.1495031615758)

rrrrrr

Ansi based on Dropped File (carved_1.exe.1495031615758)

rrrrrrr

Ansi based on Dropped File (carved_1.exe.1495031615758)

rrrrrrrr

Ansi based on Dropped File (carved_1.exe.1495031615758)

Rstring

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

RtlUnwind

Ansi based on Dropped File (carved_1.exe.1495031615758)

rtmp%d

Unicode based on Dropped File (carved_1.exe.1495031615758)

runas

Unicode based on Dropped File (carved_1.exe.1495031615758)

running

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

runtime code generation failed, restricted kernel?

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

runtime error

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Runtime Error!Program:

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Rvalue

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

s>ZY-/2F0

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

S?s6:&;J

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

S]0xfu?J_

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

s`~0H*}]3+Q

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

SafeDllSearchMode

Unicode based on Runtime Data (Adylkuzz.B.exe )

Saturday

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

sbiedll.dll

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

sc delete WELM

Ansi based on Process Commandline (sc.exe)

sc stop WELM

Ansi based on Process Commandline (sc.exe)

SC$^C$C$K]j

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

sc_action

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SC_ACTION_RESTART

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SC_MANAGER_ALL_ACCESS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

scheme

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

searchpath

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SeCreateSymbolicLinkPrivilege

Unicode based on Dropped File (carved_1.exe.1495031615758)

seeall

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

segment_set

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

select

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

select failed

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

SelectObject

Ansi based on Dropped File (carved_1.exe.1495031615758)

sendbody

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SendDlgItemMessageW

Ansi based on Dropped File (carved_1.exe.1495031615758)

sendheaders

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SendMessageW

Ansi based on Dropped File (carved_1.exe.1495031615758)

sendrequestline

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

September

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

SeRestorePrivilege

Unicode based on Dropped File (carved_1.exe.1495031615758)

Serial_Access_Num

Unicode based on Runtime Data (Adylkuzz.B.exe )

service not supported for socket type

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

SERVICE_ALL_ACCESS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SERVICE_AUTO_START

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SERVICE_CONFIG_DESCRIPTION

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SERVICE_CONFIG_FAILURE_ACTIONS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SERVICE_CONTROL_STOP

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SERVICE_ERROR_IGNORE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SERVICE_WIN32_OWN_PROCESS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ServiceMain

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ServiceMain()

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ServicesActive

Unicode based on Runtime Data (netsh.exe )

SeSecurityPrivilege

Unicode based on Dropped File (carved_1.exe.1495031615758)

SetCurrentDirectoryW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetDlgItemTextW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetDllDirectoryW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetEndOfFile

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetEnvironmentVariableW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetEvent

Ansi based on Dropped File (carved_1.exe.1495031615758)

setfd

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SetFileAttributesW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetFilePointer

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetFileSecurityW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetFileTime

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetFocus

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetForegroundWindow

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetHandleCount

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetLastError

Ansi based on Dropped File (carved_1.exe.1495031615758)

setmode

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

setoption

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

setpausesetstepmul

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

setpeername

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SetProcessAffinityMask

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

setsockname

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

setsockopt failed

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

setstats

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SetStdHandle

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetThreadAffinityMask

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

SetThreadPriority

Ansi based on Dropped File (carved_1.exe.1495031615758)

settimeout

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SetUnhandledExceptionFilter

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetWindowLongW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetWindowPos

Ansi based on Dropped File (carved_1.exe.1495031615758)

SetWindowTextW

Ansi based on Dropped File (carved_1.exe.1495031615758)

sfxcmd

Unicode based on Dropped File (carved_1.exe.1495031615758)

sfxname

Unicode based on Dropped File (carved_1.exe.1495031615758)

SHAutoComplete

Ansi based on Dropped File (carved_1.exe.1495031615758)

SHBrowseForFolderW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SHChangeNotify

Ansi based on Dropped File (carved_1.exe.1495031615758)

Shell.Explorer

Unicode based on Dropped File (carved_1.exe.1495031615758)

SHELL32.dll

Ansi based on Dropped File (carved_1.exe.1495031615758)

ShellExecuteExW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SHFileOperationW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SHGetFileInfoW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SHGetMalloc

Ansi based on Dropped File (carved_1.exe.1495031615758)

SHGetPathFromIDListW

Ansi based on Dropped File (carved_1.exe.1495031615758)

SHGetSpecialFolderLocation

Ansi based on Dropped File (carved_1.exe.1495031615758)

SHLWAPI.dll

Ansi based on Dropped File (carved_1.exe.1495031615758)

short

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

short_src

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

shouldreceivebody

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

shouldredirect

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ShowWindow

Ansi based on Dropped File (carved_1.exe.1495031615758)

shutdown

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

sice.sys

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

signed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

simplify

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SING error

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

sinkt

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

siwvid.sys

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

size of C type is unknown or too large

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

size_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

sizeof

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

sleep

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Sleep

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

SM_SERVERR2

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

small

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

smdR[@#u

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

snk_err

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

snkerr

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

socket

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Socket is already connected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Socket is not connected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Socket operation on nonsocket

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Socket type not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

socket.core

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Software caused connection abort

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Software\Microsoft\Windows\CurrentVersion

Unicode based on Dropped File (carved_1.exe.1495031615758)

Software\WinRAR SFX

Unicode based on Dropped File (carved_1.exe.1495031615758)

source

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

sourcet

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

src_err

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

srequest

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

stack overflow

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

stack overflow (%s)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

stack traceback:

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

stackslots

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

standard file is closed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

start

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

STARTDLG

Unicode based on Dropped File (carved_1.exe.1495031615758)

STARTF_USESTDHANDLES

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Startup

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Startup()

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

state

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

static

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

STATIC

Unicode based on Dropped File (carved_1.exe.1495031615758)

status

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

stderr

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

stdin

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

stdout

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

STILL_ACTIVE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

StoresServiceClassInfo

Unicode based on Runtime Data (Adylkuzz.B.exe )

str2bei

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

str2lei

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

stream

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

StretchBlt

Ansi based on Dropped File (carved_1.exe.1495031615758)

string

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

string 'interface' field expected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

string 'multiaddr' field expected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

string length overflow

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

string slice too long

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

string too long

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

string/function/table expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

struct

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

stuff

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

subunescape

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Successful WSAStartup not yet performed

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Sunday

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

SunMonTueWedThuFriSat

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

SupportedNameSpace

Unicode based on Runtime Data (Adylkuzz.B.exe )

suspended

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

symlinkattributes

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

syntax error

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

syser.sys

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

sysinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SYSTEM

Unicode based on Runtime Data (Adylkuzz.B.exe )

system error %d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

SystemSetupInProgress

Unicode based on Runtime Data (Adylkuzz.B.exe )

SystemTimeToFileTime

Ansi based on Dropped File (carved_1.exe.1495031615758)

T%OW_S; 9l

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

t)*!LuEN8

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

t1mks},>8h

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

T7a^D6=R]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

t:blank

Unicode based on Dropped File (carved_1.exe.1495031615758)

table

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

table index is NaN

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

table index is nil

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

table overflow

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

tail return

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

tail-recursion

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Targline

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

taskkill /f /im hdmanager.exe

Ansi based on Process Commandline (taskkill.exe)

taskkill /f /im mmc.exe

Ansi based on Process Commandline (taskkill.exe)

taskkill /f /im msiexev.exe

Ansi based on Process Commandline (taskkill.exe)

tbl2number

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

tbl_m

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

tbl_n

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

tcp-nodelay

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

tcp{any}

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

tcp{client}

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

tcp{master}

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

tcp{server}

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

temporary failure in name resolution

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

TerminateProcess

Ansi based on Dropped File (carved_1.exe.1495031615758)

Tf_log

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

TH32CS_SNAPPROCESS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

The procedure entry point %s could not be located in the module %s

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

The specified service does not exist as an installed service.

Unicode based on Runtime Data (sc.exe , STDOUT)

Theaders

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

This application has requested the Runtime to terminate it in an unusual way.Please contact the application's support team for more information.

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

thread

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Thread failed

Unicode based on Dropped File (carved_1.exe.1495031615758)

Thread pool initialization failed.

Unicode based on Dropped File (carved_1.exe.1495031615758)

Thursday

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

timeout

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Tline

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

TLOSS error

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

TlsAlloc

Ansi based on Dropped File (carved_1.exe.1495031615758)

TlsFree

Ansi based on Dropped File (carved_1.exe.1495031615758)

TlsGetValue

Ansi based on Dropped File (carved_1.exe.1495031615758)

TlsSetValue

Ansi based on Dropped File (carved_1.exe.1495031615758)

tmpname

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

to_bits

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

tohostname

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

too many arguments

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

too many callbacks

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

too many captures

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

too many initializers for '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

too many nested functions

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Too many open files

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Too many processes

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

too many results to unpack

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

too many sockets

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

tosend

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

touch

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

TpCrcD){4

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

tPtXKKB/

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

trace

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

transform

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

TranslateMessage

Ansi based on Dropped File (carved_1.exe.1495031615758)

TransparentEnabled

Unicode based on Runtime Data (Adylkuzz.B.exe )

Transports

Unicode based on Runtime Data (Adylkuzz.B.exe )

tredirect

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

trequest

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

TSAppCompat

Unicode based on Runtime Data (Adylkuzz.B.exe )

TSUserEnabled

Unicode based on Runtime Data (Adylkuzz.B.exe )

Tuesday

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Type Descriptor'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

type parameter

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

type=activation&code=

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

type=deactivation&hash=

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

typedef

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

typedef struct _MEMORYSTATUSEX { DWORD dwLength; DWORD dwMemoryLoad; DWORDLONG ullTotalPhys; DWORDLONG ullAvailPhys; DWORDLONG ullTotalPageFile; DWORDLONG ullAvailPageFile; DWORDLONG ullTotalVirtual; DWORDLONG ullAvailVirtual; DWORDLONG ullAvailExtendedVirtual; } MEMORYSTATUSEX,*LPMEMORYSTATUSEX; typedef struct _SYSTEM_INFO { union { DWORD dwOemId; struct { WORD wProcessorArchitecture; WORD wReserved; }; }; DWORD dwPageSize; PVOID lpMinimumApplicationAddress; PVOID lpMaximumApplicationAddress; DWORD dwActiveProcessorMask; DWORD dwNumberOfProcessors; DWORD dwProcessorType; DWORD dwAllocationGranularity; WORD wProcessorLevel; WORD wProcessorRevision; } SYSTEM_INFO,*LPSYSTEM_INFO; typedef struct _OSVERSIONINFOEXA { DWORD dwOSVersionInfoSize; DWORD dwMajorVersion;

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

typedef struct tagPROCESSENTRY32 { DWORD dwSize; DWORD cntUsage; DWORD th32ProcessID; DWORD th32DefaultHeapID; DWORD th32ModuleID; DWORD cntThreads; DWORD th32ParentProcessID; LONG pcPriClassBase; DWORD dwFlags; CHAR szExeFile[260]; } PROCESSENTRY32,*PPROCESSENTRY32,*LPPROCESSENTRY32; HANDLE CreateToolhelp32Snapshot(DWORD,DWORD); BOOL Process32First(HANDLE,LPPROCESSENTRY32); BOOL Process32Next(HANDLE,LPPROCESSENTRY32); HANDLE OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId); BOOL TerminateProcess(HANDLE,UINT); BOOL CloseHandle(HANDLE); typedef struct _PROCESS_INFORMATION { HANDLE hProcess; HANDLE hThread; DWORD dwProcessId; DWORD dwThreadId; } PROCESS_INFORMATION,*PPROCESS_INFORMATION,*LPPROCESS_INFORMATION; typedef struct _STARTUPINFOA { DWORD cb; LPSTR lpReserved; LPSTR lpDesktop; LPSTR

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

u4a5*>Nb&B

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

u@PG6;0

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

U]$!x]$g n]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

u^#;_@[?U

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

UF:32k)+w@

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

uF[}x$F&/S7

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

uint16_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

uint32_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

uint64_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

uint8_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

uintptr_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

UiZjAXd

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

uknown family

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

uKW@C

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Umime

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Unable to change working directory to '%s'%s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

unable to dump given function

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unable to generate a unique filename

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unable to get ModuleFileName

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

unable to initialize library

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

unable to open fileerror

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unb64

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unbalanced pattern

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

undeclared or implicit tag '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

undefined label '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unescape

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unexpected symbol

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unfinished capture

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unfinished long comment

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unfinished long string

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unfinished string

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

UnhandledExceptionFilter

Ansi based on Dropped File (carved_1.exe.1495031615758)

union

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

UNKNOWN

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

unknown error

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Unknown error

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Unknown exception

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

unknown or malformed optimization flag '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Unknown pseudo relocation bit size %d.

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Unknown pseudo relocation protocol version %d.

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

unlock

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

UnmapViewOfFile

Ansi based on Dropped File (carved_1.exe.1495031615758)

unsigned

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

unsigned char

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unspec

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

unsupported option `%.35s'

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

until

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

until-closed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

up-recursion

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Updater

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

UpdateWindow

Ansi based on Dropped File (carved_1.exe.1495031615758)

upval

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

upvalue

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

upvalues

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

url_escape

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

UseDelayedAcceptance

Unicode based on Runtime Data (Adylkuzz.B.exe )

USER32.dll

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

USER32.DLL

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

user32.dll

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

userdata

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

userdata length overflow

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

userinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

USq88

Ansi based on Dropped File (carved_1.exe.1495031615758)

UTF-16LE

Unicode based on Dropped File (carved_1.exe.1495031615758)

utf-8"></head>

Unicode based on Dropped File (carved_1.exe.1495031615758)

UU888

Ansi based on Dropped File (carved_1.exe.1495031615758)

uvX_]+~nq

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

V2/("ys]q

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

V\\$C:\$V

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

va_list

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Valid name, no data record of requested type

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

value

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

value expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

variable names

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

VB4W0`

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

VbcqY'vO"

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

VER_NT_WORKSTATION

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

VER_SUITE_WH_SERVER

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

VeriSignMPKI-2-4000

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Version

Unicode based on Runtime Data (Adylkuzz.B.exe )

versioninfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

vi%i3~Pw

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

VInstallPath

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

VirtualAlloc

Ansi based on Dropped File (carved_1.exe.1495031615758)

VirtualFree

Ansi based on Dropped File (carved_1.exe.1495031615758)

VirtualQuery failed for %d bytes at address %p

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

VM handler failed:

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

VMProtect Client 889964171

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

VMProtect Software CA

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

VMProtect Software CA0

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

VMProtect Software0

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

VMProtect Software1

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

volatile

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

W;qdr(q$J

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

W>~JWPq|/

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

WaitForInputIdle

Ansi based on Dropped File (carved_1.exe.1495031615758)

WaitForMultipleObjects error %d, GetLastError %d

Unicode based on Dropped File (carved_1.exe.1495031615758)

WaitForSingleObject

Ansi based on Dropped File (carved_1.exe.1495031615758)

WCdC0mCdAB[

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

wchar_t

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Wcode

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Wednesday

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

WFnh@`RCi(h

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

while

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

WideCharToMultiByte

Ansi based on Dropped File (carved_1.exe.1495031615758)

Windows

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

winhttp.dll

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

WinRAR

Unicode based on Dropped File (carved_1.exe.1495031615758)

WINRAR.SFX

Ansi based on Dropped File (carved_1.exe.1495031615758)

winrarsfxmappingfile.tmp

Unicode based on Dropped File (carved_1.exe.1495031615758)

WinSock 2.0 Provider ID

Unicode based on Runtime Data (Adylkuzz.B.exe )

Winsock.dll version out of range

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

WinSock_Registry_Version

Unicode based on Runtime Data (Adylkuzz.B.exe )

Wow6432Node

Unicode based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Wp$Ib@p$dWVp

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

wPhd+Xjhd)>

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

WriteConsoleA

Ansi based on Dropped File (carved_1.exe.1495031615758)

WriteConsoleW

Ansi based on Dropped File (carved_1.exe.1495031615758)

WriteFile

Ansi based on Dropped File (carved_1.exe.1495031615758)

wrong number of arguments for function call

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

wrong number of arguments to 'insert'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

wrong number of type parameters

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

WS2_32.dll

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

WSACleanup

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

wSNX[(W

Ansi based on Dropped File (carved_1.exe.1495031615758)

WTSAPI32.dll

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

WTSSendMessageW

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

wuauser.exe

Unicode based on Runtime Data (Adylkuzz.B.exe )

wvsprintfW

Ansi based on Dropped File (carved_1.exe.1495031615758)

Wwgu"'P

Ansi based on Dropped File (carved_1.exe.1495031615758)

W~3OWH{6kB@

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

X]$gDu]$Bqc]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Xltn12

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Xppath

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

xWX$7-X$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Y%d[+>?4tur;

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Y(for index)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

y)#{`b@<&

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

y1?yFNnb)

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

y2d:KT2$g

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

y6fY~%^$Qg

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Y\$Wdt\$bYb\

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Y__index__newindex__gc__mode__eq__len__lt__le__concat__call__add__sub__mul__div__mod__pow__unm__metatable__tostring__new__pairs__ipairs

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Y_LOADED

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

YGCQ(?wD6mU

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

ygon9

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Ykernel32.dll

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

yMKJPg:Gj,

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

YtjW8?

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Yvolatile

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

yWT8"\1V|#]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

ZAJdSwH/H

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

ZEv(*v

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

zfghiA

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

zoutput

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

zY. w!Ak'

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Zys&kg_QH

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

{.X2Nm&T,

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

{{{{0

Ansi based on Dropped File (carved_1.exe.1495031615758)

{|OJ@( f8

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

|]d/u]dNxO

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

|{T5skTD|=lCz

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

}]$sPP]$VuF]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

}p$U~jp$x_|p

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

~]$TkS]$m^E]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

~X[(W

Ansi based on Dropped File (carved_1.exe.1495031615758)

~{CdbeACd

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

!!!!!!!!!!!!!!!!""""""""""""""""################$$$$$$$$$$$$$$$$$$$%%%%%%%%%%%%%%%%%%%&&&&&&&&&&&&&&&&&&&&''''''''''''''''''''(((((((((((()))))))))))*M

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!!!!!!###$$$$$adjustrequest

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!!!"""",,,,,...///000033335http

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!!""""#######$$$%%%%%%%%*******+++++++,report

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!@scripts\luasocket\socket_url.luaS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

![,9m"u({t

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

!\$QLV\$DF

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

!a9x)fzt^

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

!This program cannot be run in DOS mode.$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

#((--2266=CCDDEEIILLLLMMMMNNNNSQXVZZbase

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%.*ls(%u)%ls

Unicode based on Dropped File (carved_1.exe.1495031615758)

%;(.*)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%?(.*)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%c,%][w#

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

%ERROR_BAD_EXE_FORMAT

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%jT80W\}?

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

%s.%d.tmp

Unicode based on Dropped File (carved_1.exe.1495031615758)

%s: closed file

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s:%d: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

%u.%u.%u.%u%n

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall add rule name="Chrome" dir=in program="%PROGRAMFILES%\Google\Chrome\Application\chrome.txt" action=allow

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall add rule name="Windriver" dir=in program="%PROGRAMFILES%\Hardware Driver Management\windriver.exe" action=allow

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall delete rule name="Chrome"

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh advfirewall firewall delete rule name="Windriver"

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static add filteraction name=block action=block

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static add filterlist name=block

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static add policy name=netbc

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static add rule name=block policy=netbc filterlist=block filteraction=block

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c netsh ipsec static set policy name=netbc assign=y

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c sc delete WELM

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c sc stop WELM

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c taskkill /f /im hdmanager.exe

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c taskkill /f /im mmc.exe

Ansi based on Process Commandline (cmd.exe)

%WINDIR%\system32\cmd.exe /c taskkill /f /im msiexev.exe

Ansi based on Process Commandline (cmd.exe)

'%s' expected (to close '%s' at line %d)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'port

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(&B)...

Unicode based on Dropped File (carved_1.exe.1495031615758)

(&E):

Unicode based on Dropped File (carved_1.exe.1495031615758)

(&W)...

Unicode based on Dropped File (carved_1.exe.1495031615758)

((^1WA

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

(*temporary)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

(*vararg)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

([^/]*/%.%.)$

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

([^/]*/%.%./)/%.$

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(Acffffsysinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(binary)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

(for control)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for generator)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for index)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

(for limit)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for state)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for step)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(k.JcN>X

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

(null)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

({7ss2{\

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

)>t\d

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

,$}V7,$Pw!,

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

-[mX@LlEY

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

./0123

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.?AVbad_alloc@std@@

Ansi based on Dropped File (carved_1.exe.1495031615758)

.?AVbad_exception@std@@

Ansi based on Dropped File (carved_1.exe.1495031615758)

.?AVexception@std@@

Ansi based on Dropped File (carved_1.exe.1495031615758)

.?AVtype_info@@

Ansi based on Dropped File (carved_1.exe.1495031615758)

.?AW4RAR_EXIT@@

Ansi based on Dropped File (carved_1.exe.1495031615758)

.\?.dll;!\?.dll;!\loadall.dll

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

.\?.lua;!\lua\?.lua;!\lua\?\init.lua;

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

.}vTC TZ

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

/[*ZkC5:d

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

/lockfile.lfs

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Ansi based on Dropped File (carved_1.exe.1495031615758)

0@.bss

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

0@.idata

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

0Ap(#{Y__Qn

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

0q$z)'q$/

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

104.20.17.242

Ansi based on PCAP Processing (PCAP)

1CZ/!mk.EU`

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

3\dJ%\dT[

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

3f{Xd:a{X

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

3YH\ddr\dL

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

45.76.51.128

Ansi based on PCAP Processing (PCAP)

45.77.28.163

Ansi based on PCAP Processing (PCAP)

4tH\d$S\$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

5.^pg`H]P

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

7/(TyhN2c

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

:([^:%]]*)$

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

:error loading module '%s' from file '%s':%s

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

:s`,4]8m%

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

:service_description

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

;The Institute of Electrical and Electronics Engineers, Inc.10

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

</li></ul>

Unicode based on Dropped File (carved_1.exe.1495031615758)

</li><br><br>)<ul><li>

Unicode based on Dropped File (carved_1.exe.1495031615758)

<goto %s> jumps into the scope of local '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<head><meta http-equiv="content-type" content="text/html; charset=

Unicode based on Dropped File (carved_1.exe.1495031615758)

<name> or '...' expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Unicode based on Dropped File (carved_1.exe.1495031615758)

<Wjh?n\k}|

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

=(debug command)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=(load)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

>1k}3r\7r

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

>USV:(bj-hJw

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

@%s@%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

@.data

Ansi based on Dropped File (carved_1.exe.1495031615758)

@scripts\luasocket\ltn12.luaZ

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

@scripts\luasocket\socket.luam

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

@scripts\process.luad

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

[3}]s{N,d2

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[[/@]dzgV]$o

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[[vYB$OfB$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[builtin#%d]:

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

[d<!s&hhd

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[msvcrt.dll

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[PX3(<|fM]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

[SC] OpenService FAILED 1060:

Unicode based on Runtime Data (sc.exe , STDOUT)

[SC] OpenService FAILED 1060:The specified service does not exist as an installed service.

Unicode based on Runtime Data (sc.exe )

\)f1g0O

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

\;?!-

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

\\Bd@CfBdr

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

\dA@:\$l$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

\Hod@Srod")

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

\REGISTRY\MACHINE\SOFTWARE\Classes

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

\Sessions\1\Windows\ApiPort

Unicode based on Runtime Data (Adylkuzz.B.exe )

\}zI;ns-i

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

]+%l x)Byw

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

]du?]d;\

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

]l:I:

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

]Vb@C=bjJ

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

]~NncMt![(

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

^$*+?.([%-

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

^%[(.+)%]$matchhost

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

^([%w][%w%+%-%.]*)%:

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

^//([^/]*)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

^@3uFu!MM[

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

__attribute__((vector_size(

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

__getmainargs

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

`@.eh_framd

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

`_[Q8})4

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

`local static guard'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`local static thread guard'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`local vftable constructor closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`local vftable'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`placement delete[] closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

a\TCrgOK:4f

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Address family not supported by protocol family

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ai_family not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

ai_socktype not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

ambiguous syntax (function call x new statement)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.

Ansi based on Runtime Data (netsh.exe )

assertion failed!

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to %s %s '%s' (a %s value)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

b<style>body{font-family:"Arial,

Unicode based on Dropped File (carved_1.exe.1495031615758)

B]$h7o]$q

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

bad argument #%d to '%s' (%s)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bad FPU precision (use D3DCREATE_FPU_PRESERVE with DirectX)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Base Class Descriptor at (

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

C\dDAn\$-

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

C]d% n]$L

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

calling '%s' on bad self (%s)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Cannot %s server %sError: 0x%X

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

cannot use '...' outside a vararg function

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Cd)2(CdCH

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

char(%d)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

chunk has more than %d local variables

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

COMCTL32.dll

Ansi based on Dropped File (carved_1.exe.1495031615758)

COMDLG32.dll

Ansi based on Dropped File (carved_1.exe.1495031615758)

CommDlgExtendedError

Ansi based on Dropped File (carved_1.exe.1495031615758)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

CPU not supported

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

C}:'5]LDR

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

D(null)

Unicode based on Dropped File (carved_1.exe.1495031615758)

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Ansi based on Dropped File (carved_1.exe.1495031615758)

delete[]

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

DisableLocalOverride

Unicode based on Runtime Data (Adylkuzz.B.exe )

Dumping first %d bytes:

Unicode based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

dYA#7X!)`:

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

DynASM 1.3.0

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

d|]dxwF]dF5p

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

e/U]b8Sd,

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

e1@(<$y)2

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

E`\dY^Z\d/(

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

ehttp://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

error in error handling

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

error loading module '%s' from file '%s':%s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ERROR: The process "hdmanager.exe" not found.

Unicode based on Runtime Data (taskkill.exe )

ERROR: The process "mmc.exe" not found.

Unicode based on Runtime Data (taskkill.exe )

ERROR: The process "msiexev.exe" not found.

Unicode based on Runtime Data (taskkill.exe )

ERROR_BAD_EXE_FORMAT

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

F9v:]aj*

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

fbc:N:

Ansi based on Dropped File (carved_1.exe.1495031615758)

file (%p)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

file (closed)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

FileTimeToLocalFileTime

Ansi based on Dropped File (carved_1.exe.1495031615758)

fu{Y]Q=(p

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

GCC: (tdm-1) 5.1.0

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GCC: (tdm-2) 4.8.1

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

getaddrinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GetCommandLineA

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetCommandLineW

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetCPInfo

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetCurrentProcess

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

GetCurrentProcessId

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetExitCodeProcess

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetLastError

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

GetLocaleInfoA

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetLocaleInfoW

Ansi based on Dropped File (carved_1.exe.1495031615758)

getnameinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

GetProcAddress

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetProcessAffinityMask

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

GetProcessWindowStation

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

getsockopt failed

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

GetStartupInfoA

Ansi based on Dropped File (carved_1.exe.1495031615758)

GetUserObjectInformationA

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

gP/bb:QDM

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

HH:mm:ss

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

HHJ?!|dt@F

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

http://pki-ocsp.symauth.com0

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

i@;v/1j)l

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

icommand

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

InstallService

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid format (repeated flags)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid format (width or precision too long)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid object passed to 'auxiliar.c:__tostring'

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

invalid replacement value (a %s)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

invalid value (%s) at index %d in table for 'concat'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ipleObjects error %d, GetLastError %d

Unicode based on Dropped File (carved_1.exe.1495031615758)

it,w{g5Q(

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

j0\dva\d

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

J\dVM0\d|

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

J_{{2o~"j

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

JIT compiler disabled, CPU does not support SSE2

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

jmsctls_progress32

Unicode based on Dropped File (carved_1.exe.1495031615758)

K\$\kf\$mZp\

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

K]d/Ff]$*

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

kh@K/,VqBU

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

KN [TZ!(

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

l[:NnjG

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

LD: main.c: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Lhttp://pki-crl.symauth.com/ca_219679623e6b4fa507d638cbeba72ecb/LatestCRL.crl07

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

listen

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

local

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

local variables

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

LocalAlloc

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

LocalFileTimeToFileTime

Ansi based on Dropped File (carved_1.exe.1495031615758)

LocalFree

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

lport

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Lport

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

LuaFileSystem 1.6.2

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

LuaJIT 2.0.3

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

M\dWhL\

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Main()

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

make_link is not supported on Windows

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

malformed pattern (ends with '%')

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

malformed pattern (missing ']')

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Maximum allowed array size (%u) is exceeded

Unicode based on Dropped File (carved_1.exe.1495031615758)

mb\d1VX\d

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

MC$f{:C$3]t

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

MIME 1.0.3

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Mingw runtime failure:

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

MM/dd/yy

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Unicode based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

mscoree.dll

Unicode based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

n^[BCh<~:;

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

netsh advfirewall firewall add rule name="Chrome" dir=in program="%PROGRAMFILES%\Google\Chrome\Application\chrome.txt" action=allow

Ansi based on Process Commandline (netsh.exe)

netsh advfirewall firewall add rule name="Windriver" dir=in program="%PROGRAMFILES%\Hardware Driver Management\windriver.exe" action=allow

Ansi based on Process Commandline (netsh.exe)

netsh ipsec static add filter filterlist=block any srcmask=32 srcport=0 dstaddr=me dstport=445 protocol=tcp description=445

Ansi based on Process Commandline (netsh.exe)

new[]

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

nNVSf5@[R

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

no field package.preload['%s']

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Nonrecoverable name lookup error

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ntice.sys

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

NYI: cannot call this C function (yet)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

OAv\d~H\\$

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Om7{)n @9M*

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

OmZY2}/

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Operation not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

p@.bss

Ansi based on Dropped File (carved_0.exe.1495031615757)

P]dK"}]$N

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Ansi based on Dropped File (carved_1.exe.1495031615758)

PANIC: unprotected error in call to Lua API (

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

PROCESS_QUERY_INFORMATION

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Protocol family not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Protocol not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Q?Af'@(l2

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

R6002- floating point support not loaded

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6031- Attempt to initialize the CRT more than once.This indicates a bug in your application.

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6032- not enough space for locale information

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

R6034An application has made an attempt to load the C runtime library incorrectly.Please contact the application's support team for more information.

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

RegCloseKey

Ansi based on Dropped File (carved_1.exe.1495031615758)

RegCreateKeyExW

Ansi based on Dropped File (carved_1.exe.1495031615758)

RegisterServiceCtrlHandlerA

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

RegOpenKeyExW

Ansi based on Dropped File (carved_1.exe.1495031615758)

release.exe

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

report

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

reportTable

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

require("main")

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

rM\d.Mw\d|

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Runtime Error!Program:

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

s`~0H*}]3+Q

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

service not supported for socket type

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

SERVICE_CONFIG_DESCRIPTION

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SERVICE_CONFIG_FAILURE_ACTIONS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SERVICE_ERROR_IGNORE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SERVICE_WIN32_OWN_PROCESS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ServiceMain()

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

SHGetFileInfoW

Ansi based on Dropped File (carved_1.exe.1495031615758)

siwvid.sys

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

smdR[@#u

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Socket type not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Software\Microsoft\Windows\CurrentVersion

Unicode based on Dropped File (carved_1.exe.1495031615758)

stack overflow (%s)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Startup()

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

StoresServiceClassInfo

Unicode based on Runtime Data (Adylkuzz.B.exe )

string/function/table expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

SupportedNameSpace

Unicode based on Runtime Data (Adylkuzz.B.exe )

t)*!LuEN8

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

taskkill /f /im hdmanager.exe

Ansi based on Process Commandline (taskkill.exe)

taskkill /f /im mmc.exe

Ansi based on Process Commandline (taskkill.exe)

taskkill /f /im msiexev.exe

Ansi based on Process Commandline (taskkill.exe)

tcp{any}

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

tcp{client}

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

tcp{master}

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

tcp{server}

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

The specified service does not exist as an installed service.

Unicode based on Runtime Data (sc.exe , STDOUT)

This application has requested the Runtime to terminate it in an unusual way.Please contact the application's support team for more information.

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Thread pool initialization failed.

Unicode based on Dropped File (carved_1.exe.1495031615758)

TpCrcD){4

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Transports

Unicode based on Runtime Data (Adylkuzz.B.exe )

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

U]$!x]$g n]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

u^#;_@[?U

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

UF:32k)+w@

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

uF[}x$F&/S7

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Unknown pseudo relocation protocol version %d.

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

unsupported option `%.35s'

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

V2/("ys]q

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

V\\$C:\$V

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

versioninfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

VirtualQuery failed for %d bytes at address %p

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

VM handler failed:

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

WaitForMultipleObjects error %d, GetLastError %d

Unicode based on Dropped File (carved_1.exe.1495031615758)

WFnh@`RCi(h

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

winhttp.dll

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

WinSock 2.0 Provider ID

Unicode based on Runtime Data (Adylkuzz.B.exe )

Winsock.dll version out of range

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

WinSock_Registry_Version

Unicode based on Runtime Data (Adylkuzz.B.exe )

wSNX[(W

Ansi based on Dropped File (carved_1.exe.1495031615758)

wuauser.exe

Unicode based on Runtime Data (Adylkuzz.B.exe )

W~3OWH{6kB@

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

X]$gDu]$Bqc]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Y(for index)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

y)#{`b@<&

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

Y\$Wdt\$bYb\

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

yWT8"\1V|#]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

zY. w!Ak'

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

{.X2Nm&T,

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

{{{{0

Ansi based on Dropped File (carved_1.exe.1495031615758)

{|OJ@( f8

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

|]d/u]dNxO

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

}]$sPP]$VuF]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

~]$TkS]$m^E]

Ansi based on Memory/File Scan (Adylkuzz.B.exe.bin)

~X[(W

Ansi based on Dropped File (carved_1.exe.1495031615758)

/adjusturi

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

exitcode

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

laddress

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

lport

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

[builtin#%d]:

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

to_bits

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

build

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

chain

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

fhsocket

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

parse

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

stuff

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

This application has requested the Runtime to terminate it in an unusual way.Please contact the application's support team for more information.

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

#null

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

absolute

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

connect6

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

gettimes

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

password

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

sendbody

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

simplify

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

snk_err

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

snkerr

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

unescape

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

userinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

VInstallPath

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!!!!!!!!!!!!!!!!""""""""""""""""################$$$$$$$$$$$$$$$$$$$%%%%%%%%%%%%%%%%%%%&&&&&&&&&&&&&&&&&&&&''''''''''''''''''''(((((((((((()))))))))))*M

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!!""""#######$$$%%%%%%%%*******+++++++,report

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#+#1.64E9LHWOWWlfs

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!!!!!!###$$$$$adjustrequest

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!##%'last_out

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

at %p

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Base Class Array'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Base Class Descriptor at (

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Class Hierarchy Descriptor'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Complete Object Locator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

delete

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

delete[]

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

filtered

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

in function '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

in function <%s:%d>

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

in main chunk

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

new[]

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Type Descriptor'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

!!!"""",,,,,...///000033335http

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!@scripts\luasocket\socket_url.luaS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!FILE_SHARE_READ

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!ftExit

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!table

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

!tbl_m

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

"%s":%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

"base

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

"GENERIC_WRITE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#((--2266=CCDDEEIILLLLMMMMNNNNSQXVZZbase

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#(n&s

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.005B0000.00000020.mdmp)

#format

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#GENERIC_READ

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

#tbl_m

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

$chunk

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

$opt1

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

$opt2

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

$STILL_ACTIVE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%.14g

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

%.35s expected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%;(.*)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%?(.*)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%ERROR_BAD_EXE_FORMAT

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%lower

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%p:%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%ppid

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%s at line %d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s expected, got %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s near '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

%s.dll

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s: %p

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s: closed file

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s: invalid mode

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s: not a file

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s:%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

%s:%d: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

%u.%u.%u.%u%n

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

&ERROR_FILE_NOT_FOUND

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

&ftCreate

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

&hash=

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

&hwid=

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

&status

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' cannot be indexed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' cannot be indexed with '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' expected (to close '%s' at line %d)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' has no '%s' metamethod

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' has no member named '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'%s' is not callable

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'=' or 'in' expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'choose

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'create

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'decodet

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'for' initial value must be a number

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'for' limit must be a number

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'for' step must be a number

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'IDLE_PRIORITY_CLASS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'location

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'module' not called from a Lua function

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'package.%s' must be a string

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

'package.loaders' must be a table

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

'package.preload' must be a table

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'port

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'reduced

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'result

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'setfenv' cannot change environment of given object

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'sourcet

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'tostring' must return a string to 'print'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

'wrapt

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(*temporary)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

(*vararg)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

([^/]*/%.%.)$

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

([^/]*/%.%./)/%.$

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(Acffffsysinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(binary)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

(errno

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for control)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for generator)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for index)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

(for limit)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for state)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(for step)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

(null)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

(reqt

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

*>failure_action

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

*char

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

*encodet

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

+code

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

+headers

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

+parsed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

+socket

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

,host

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

-+ #0

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

---------

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

---filter

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

--server

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

./0123

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.\?.dll;!\?.dll;!\loadall.dll

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

.\?.lua;!\lua\?.lua;!\lua\?\init.lua;

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

.headers

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.length

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.math

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.sink

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.step

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

.string

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

/lockfile.lfs

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

0123456789abcdef

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0123456789ABCDEF

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0123456789abcdefghijklmnopqrstuvwxyz-

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

0empty

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0floor

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0pump

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0sink

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

0source

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

1,userinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

1string

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

225addeeM

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

3>vxxxxhttp

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

3errmsg

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

3size

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

4mime

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

6service_status

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

7code

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

7full

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

7ltn12

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

7path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

7relative_path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

8filter

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

8metat

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

:([^:%]]*)$

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

:base

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

:error loading module '%s' from file '%s':%s

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

:service_description

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

;body

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

;client

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

;server

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<body

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<eof>

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<goto %s> jumps into the scope of local '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<name>

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<name> or '...' expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

<path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=(debug command)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=(load)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=fQN%d-%d-%d

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

=nreqt

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=pe32

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=stdin

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

=table

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

=userinfo

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

?path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

?receiveheaders

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

?unsafe

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

@%s@%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

@lua_debug>

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

@scripts\luasocket\ltn12.luaZ

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

@scripts\luasocket\socket.luam

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

@scripts\process.luad

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

[string "

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

\;?!-

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

\REGISTRY\MACHINE\SOFTWARE\Classes

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

\Sessions\1\Windows\ApiPort

Unicode based on Runtime Data (Adylkuzz.B.exe )

^$*+?.([%-

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

^%[(.+)%]$matchhost

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

^([%w][%w%+%-%.]*)%:

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

^//([^/]*)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

_%s@%d

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

__alignof

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__alignof__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__asm

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__asm__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__attribute

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__attribute__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__attribute__((vector_size(

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

__based(

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

__builtin_va_list

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__cdecl

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__clrcall

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

__complex

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__complex__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__const

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__const__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__declspec

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__extension__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__fastcall

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__gnuc_va_list

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__index

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

__index__newindex__gc__mode__eq__len__lt__le__concat__call__add__sub__mul__div__mod__pow__unm__metatable__tostring__new__pairs__ipairs

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

__inline

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__inline__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__int16

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__int32

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__int64

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__int8

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__mode

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

__pascal

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

__ptr32

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__ptr64

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__restrict

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__restrict__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__signed

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__signed__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__stdcall

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__thiscall

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__tostring

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__unaligned

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

__unload

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__volatile

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

__volatile__

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

_Bool

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

_Complex

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

_COPYRIGHT

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_DESCRIPTION

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_Jv_RegisterClasses

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

_LOADED

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_LOADLIB

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_NAME

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

_PACKAGE

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

_PRELOAD

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_SETSIZE

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_VERSION

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

_VMEVENTS

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

`copy constructor closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`default constructor closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`dynamic atexit destructor for '

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`dynamic initializer for '

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`eh vector constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`eh vector copy constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`eh vector destructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`eh vector vbase constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`eh vector vbase copy constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`h````

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`local static guard'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`local static thread guard'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`local vftable constructor closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`local vftable'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`managed vector constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`managed vector copy constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`managed vector destructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`omni callsig'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`placement delete closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`placement delete[] closure'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`RTTI

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`scalar deleting destructor'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`string'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`typeof'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`udt returning'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vbase destructor'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vbtable'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vcall'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector copy constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector deleting destructor'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector destructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector vbase constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vector vbase copy constructor iterator'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`vftable'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

`virtual displacement map'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

abort

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

absolute_path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

AC type

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

access

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

activation.php?code=

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

activelines

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

address

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Address already in use

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

address already in use

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Address family not supported by protocol family

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

AddressFamily

Unicode based on Runtime Data (Adylkuzz.B.exe )

adjustheaders

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

adjustproxy

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

adjustrequest

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

adjusturi

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

advapi32

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Agyd-

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00469000.00000004.mdmp)

ai_family not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

ai_socktype not supported

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

alias

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

already connected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ambiguous syntax (function call x new statement)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

anreqt

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

April

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

assertion failed!

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to %s %s '%s' (a %s value)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to %s a %s value

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to call a %s value

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to compare %s with %s

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to compare '%s' with '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to compare two %s values

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to concatenate '%s' and '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to get length of '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to load chunk with wrong mode

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to perform arithmetic on '%s' and '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to redefine '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to use a closed file

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to write to constant location

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attempt to yield across C-call boundary

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

attributes

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

August

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

AuthenticodeEnabled

Unicode based on Runtime Data (Adylkuzz.B.exe )

authority

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

authoritypath

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

AutodialDLL

Unicode based on Runtime Data (Adylkuzz.B.exe )

auxiliar

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bad action while in __gc metamethod

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Bad address

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

bad allocation

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

bad argument #%d to '%s' (%s)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bad callback

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bad exception

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

bad FPU precision (use D3DCREATE_FPU_PRESERVE with DirectX)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bad light userdata pointer

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Bad protocol option

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

bad storage class

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

BANNED

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

base out of range

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

base64

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

base_path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

base_url

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Bheaders

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

binary

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

bit_and

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bit_lshift

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bit_not

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bit_or

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bit_rshift

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bit_xor

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

block device

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

boolean

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

boolean 'on' field expected

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

boolean or proxy expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

break

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Bstatus

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

buffer

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

build_path

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

bytecode instructions

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

bytecodes

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

C type

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

C++ exception

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

calling '%s' on bad self (%s)

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Cannot %s server %sError: 0x%X

Unicode based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

Cannot assign requested address

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot change a protected metatable

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot close standard file

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot convert '%s' to '%s'

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot load incompatible bytecode

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot load malformed bytecode

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot load module '%s': %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot obtain information from file `%s'

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot open %s: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot read %s: %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot resolve symbol '%s': %s

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot resume dead coroutine

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot resume non-suspended coroutine

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cannot resume running coroutine

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Cannot send after socket shutdown

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cannot use '...' outside a vararg function

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

canonic

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cdata

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cdata<%s>: %d

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cdata<%s>: %p

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

CEIPEnable

Unicode based on Runtime Data (Adylkuzz.B.exe )

change

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

char device

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

char(%d)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

chdir

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

check_int

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

children

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

chunk

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

chunk has more than %d local variables

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

chunk has too many lines

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

chunk has too many syntax levels

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Class

Unicode based on Runtime Data (Adylkuzz.B.exe )

class

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

closed

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

closed directory

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

closed file

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

complex

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ComputerName

Unicode based on Runtime Data (Adylkuzz.B.exe )

concatenate

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

config

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

configSleep

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

connect

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Connection refused

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

connection refused

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Connection reset by peer

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

Connection timed out

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

CONOUT$

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

const

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

constants

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

CONSTS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

control structure too long

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

CopyFiles

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

CorExitProcess

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

coroutine

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

coroutine expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

count

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cpath

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

CPU not supported

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

CREATE_ALWAYS

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

cselfpath

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Csock

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

ctype

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

ctype<%s>

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

currentdir

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

currentline

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

cut_le_str

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

CWDIllegalInDLLSearch

Unicode based on Runtime Data (Adylkuzz.B.exe )

dddd, MMMM dd, yyyy

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

deactivation.php?hash=

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

debug

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

December

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0046E000.00000040.mdmp)

declaration specifier expected

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

DecodePointer

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00400000.00000002.mdmp)

default

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Destination address required

Ansi based on Hybrid Analysis (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.00401000.00000040.mdmp)

dgram

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

DhSnap

Ansi based on Memory/File Scan (Adylkuzz.B.exe , 00039003-00002400.00000000.39504.0044F000.00000004.mdmp)

Extracted Files

Malicious 2
- carved_0.exe
  
  Overview Download Disabled VirusTotal Report Metadefender Report Hash Seen Before
  
  Size
  912KiB (933376 bytes)
  
  Type
  peexe executable
  
  Description
  PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
  
  AV Scan Result
  Labeled as "Trojan.Generic" (41/84)
  
  Context
  08.super5566.com
  
  MD5
  
  f8159e8a136bfbc0e7e399cdf048b4e0
  
  SHA1
  
  4e165fca1b1bf1a1f735cada3f54815a5bd12a78
  
  SHA256
  
  e6680bf0d3b32583047e9304d1703c87878c7c82910fbe05efc8519d2ca2df71
- carved_1.exe
  
  Overview Download Disabled VirusTotal Report Hash Seen Before
  
  Size
  257KiB (263037 bytes)
  
  Type
  peexe executable
  
  Description
  PE32 executable (GUI) Intel 80386, for MS Windows
  
  AV Scan Result
  Labeled as "Trojan.BitCoinMiner" (33/59)
  
  Context
  aa1.super5566.com
  
  MD5
  
  2d001c3d5e3509a7e7d4a72aa6e423ce
  
  SHA1
  
  e3d1e1bb37e2f40fa1cd57def08cad39853847e5
  
  SHA256
  
  a7000b2618512f1cb24b51f4ae2f34d332b746183dfad6483aba04571ba8b2f9

Adylkuzz.B.exe

Incident Response

Risk Assessment

Additional Context

Related Sandbox Artifacts

Indicators

Malicious Indicators 15

Suspicious Indicators 24

Informative 12

File Details

Adylkuzz.B.exe

Resources

Visualization

File Sections

File Imports

Screenshots

Hybrid Analysis

Network Analysis

DNS Requests

Contacted Hosts

Contacted Countries

HTTP Traffic

Suricata Alerts

Extracted Strings

Extracted Files

Malicious 2

carved_0.exe

carved_1.exe

Notifications

Runtime

Community

Anonymous commented 3 years ago updated

Anonymous commented 4 months ago updated

Adylkuzz.B.exe

Incident Response

Risk Assessment

Additional Context

Related Sandbox Artifacts

Indicators

Malicious Indicators 15

Suspicious Indicators 24

Informative 12

File Details

Adylkuzz.B.exe

Resources

Visualization

File Sections

File Imports

Screenshots

System Resource Monitor

Hybrid Analysis

Network Analysis

DNS Requests

Contacted Hosts

Contacted Countries

HTTP Traffic

Suricata Alerts

Extracted Strings

Extracted Files

Malicious 2

carved_0.exe

carved_1.exe

Notifications

Runtime

Community

Anonymous commented 3 years ago updated

Anonymous commented 4 months ago updated

Latest News

Vetting required

Request Report Deletion

Link