Search the Community

Showing results for tags '.b|o[-'.

Found 1 result

Sort By
- Date
- Relevancy

SNOWGLOBE/Babar

Aerosol posted a topic in Reverse engineering & exploit development

Sample of the Babar malware discovered by NSA. It is believed to originate from French intelligence. More info: http://www.spiegel.de/media/media-35683.pdf Cyphort » Blog Archive Babar: Suspected Nation State Spyware In The Spotlight - Cyphort yara rules: [YARA] Barbar/SNOWGLOBE Rules - Pastebin.com babar.exe Strings: !This program cannot be run in DOS mode. `.rdata @.data QVVVWVVSV PSSSSSSh PSSSSSSSj ^tLHt-Hu uS9F`u%V QQSVWd <\tM</tI HtHu4j s[S;7|G;w tR99u2 0A@@Ju 0SSSSS HHtXHHt >If90t 0WWWWW j@j ^V <at9<rt,<wt URPQQhl >=Yt1j u[SSSP t"SS9] ;t$,v- UQPXY]Y[ 0SSSSS 0SSSSS PPPPPPPP PPPPPPPP ^SSSSS j"^SSSSS tGHt.Ht& ^SSSSS 8VVVVV >:u8FV VVVVVQRSSj t+WWVPV /u /i:-" /c start /wait 1000 && del ComSpec cmd.exe DLLPATH D:(D;OICI;FA;;;AN)(A;OICI;FA;;;BG)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FA;;;AU)(A;OICI;FA;;;BA) advapi32.dll CommonProgramFiles ALLUSERSPROFILE COMMON_APPDATA WINDIR USERPROFILE APPDATA kernel32.dll Shell32.dll kernel32 IsWow64Process EnableLUA SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ %%%s%% /s /n %s "%s" %%WINDIR%%\%s\%s regsvr32.exe System32 SysWOW64 Wow64RevertWow64FsRedirection Wow64DisableWow64FsRedirection %COMMON_APPDATA% =j&&LZ66lA??~ }{))R> f""D~**T V22dN::t o%%Jr..\$ &&Lj66lZ??~A 99rKJJ ==zGdd ""Df**T~ ;22dV::tN $$Hl\\ C77nYmm %%Jo..\r >!KK 55j_WW &Lj&6lZ6?~A? ~=zG=d "Df"*T~* 2dV2:tN: x%Jo%.\r. t>!K a5j_5W ggV}++ Lj&&lZ66~A?? bS11*? Xt,,4. RRvM;; MMfU33 PPxD<<% Bc!! 0 ~~zG== Df""T~**; dV22tN:: xxJo%%\r..8$ tt>! pp|B>>q aaj_55 UUPx(( cccc||||wwww{{{{ kkkkoooo gggg++++ YYYYGGGG &&&&6666???? nnnnZZZZ RRRR;;;; [[[[jjjj 9999JJJJLLLLXXXX CCCCMMMM3333 PPPP<<<< ~~~~====dddd]]]] ssss```` """"**** 2222:::: $$$$\\\\ 7777mmmm llllVVVV eeeezzzz xxxx%%%%.... ttttKKKK pppp>>>> ffffHHHH aaaa5555WWWW UUUU(((( BBBBhhhhAAAA ='9-6d _jbF~T 11#?*0 ,4$8_@ t\lHBW QPeA~S >4$8,@ p\lHtW +HpXhE T[$:.6 00006666 CCCCDDDD TTTT{{{{ ####==== ffff(((( vvvv[[[[ IIIImmmm %%%%rrrr ]]]]eeee llllppppHHHHPPPP FFFFWWWW kkkk:::: AAAAOOOOgggg tttt"""" nnnnGGGG VVVV>>>>KKKK yyyy YYYY'''' ____````QQQQ ;;;;MMMM ccccUUUU!!!! bad allocation Unknown exception bad exception EncodePointer DecodePointer FlsFree FlsSetValue FlsGetValue FlsAlloc runtime error TLOSS error SING error DOMAIN error An application has made an attempt to load the C runtime library incorrectly. Please contact the application's support team for more information. - Attempt to use MSIL code from this assembly during native code initialization This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. - not enough space for locale information - Attempt to initialize the CRT more than once. This indicates a bug in your application. - CRT not initialized - unable to initialize heap - not enough space for lowio initialization - not enough space for stdio initialization - pure virtual function call - not enough space for _onexit/atexit table - unable to open console device - unexpected heap error - unexpected multithread lock error - not enough space for thread data This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information. - not enough space for environment - not enough space for arguments - floating point support not loaded Microsoft Visual C++ Runtime Library <program name unknown> Runtime Error! Program: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ CorExitProcess (null) `h```` xpxxxx UTF-16LE UNICODE Complete Object Locator' Class Hierarchy Descriptor' Base Class Array' Base Class Descriptor at ( Type Descriptor' `local static thread guard' `managed vector copy constructor iterator' `vector vbase copy constructor iterator' `vector copy constructor iterator' `dynamic atexit destructor for ' `dynamic initializer for ' `eh vector vbase copy constructor iterator' `eh vector copy constructor iterator' `managed vector destructor iterator' `managed vector constructor iterator' `placement delete[] closure' `placement delete closure' `omni callsig' delete[] new[] `local vftable constructor closure' `local vftable' `udt returning' `copy constructor closure' `eh vector vbase constructor iterator' `eh vector destructor iterator' `eh vector constructor iterator' `virtual displacement map' `vector vbase constructor iterator' `vector destructor iterator' `vector constructor iterator' `scalar deleting destructor' `default constructor closure' `vector deleting destructor' `vbase destructor' `string' `local static guard' `typeof' `vcall' `vbtable' `vftable' operator delete __unaligned __restrict __ptr64 __clrcall __fastcall __thiscall __stdcall __pascal __cdecl __based( GetProcessWindowStation GetUserObjectInformationA GetLastActivePopup GetActiveWindow MessageBoxA USER32.DLL !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ HH:mm:ss dddd, MMMM dd, yyyy MM/dd/yy December November October September August February January Saturday Friday Thursday Wednesday Tuesday Monday Sunday SunMonTueWedThuFriSat JanFebMarAprMayJunJulAugSepOctNovDec CONOUT$ `h`hhh xppwpp RSDSa2 c:\Documents and Settings\admin\Desktop\Babar64\Babar64\obj\DllWrapper Release\Release.pdb DeleteFileA GetModuleFileNameA GetEnvironmentVariableA lstrcatA lstrcpyA GetShortPathNameA LocalFree CloseHandle LoadLibraryA FreeLibrary LockResource SizeofResource LoadResource FindResourceA KERNEL32.dll GetProcAddress GetModuleHandleA GetCurrentProcess WaitForSingleObject GetStartupInfoA RtlUnwind GetSystemTimeAsFileTime GetCommandLineA GetLastError FindClose FileTimeToSystemTime FileTimeToLocalFileTime GetDriveTypeA FindFirstFileA TerminateProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent HeapFree HeapAlloc RaiseException GetModuleHandleW TlsGetValue TlsAlloc TlsSetValue TlsFree InterlockedIncrement SetLastError GetCurrentThreadId InterlockedDecrement WriteFile GetStdHandle GetCPInfo GetACP GetOEMCP IsValidCodePage WideCharToMultiByte ExitProcess DeleteCriticalSection LeaveCriticalSection EnterCriticalSection MultiByteToWideChar ReadFile SetHandleCount GetFileType SetFilePointer FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW GetEnvironmentStringsW HeapCreate VirtualFree QueryPerformanceCounter GetTickCount GetCurrentProcessId GetFullPathNameA GetCurrentDirectoryA LCMapStringA LCMapStringW HeapSize VirtualAlloc HeapReAlloc GetLocaleInfoA GetStringTypeA GetStringTypeW CompareStringA CompareStringW SetEnvironmentVariableA InitializeCriticalSectionAndSpinCount GetConsoleCP GetConsoleMode SetStdHandle FlushFileBuffers CreateFileA GetTimeZoneInformation WriteConsoleA GetConsoleOutputCP WriteConsoleW SetEndOfFile GetProcessHeap FreeSid CheckTokenMembership RegCloseKey RegQueryValueExA RegCreateKeyExA RegOpenKeyExA ADVAPI32.dll .?AVAutoPathHelper@@ .?AVIAutoPath@@ .?AVCImportSddl@@ .?AVCAbstractImport@@ .?AVbad_alloc@std@@ .?AVexception@std@@ .?AVtype_info@@ .?AVbad_exception@std@@ abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ om]+F` 7TH,H{ 1DL>[l :#;5d2 =U|%F' v#bN<st( aXp|Na9: tX/gk= hsH(~X LARFP< [s'Na5 hS~9p8 aqUpIe2 F!ih,: xp2s.z 95X"K5;oR/ jxaTv(B w_]@E&7 \yvVo} 1MBd#$= <jQCJ-0 [|.1Ln {e.*6b aFC5&. <_QR?. :@AiXm aAR)sDm GS>,Jy] 4C`JB5 DuH\zB *67uxR gNU$=oA ?]Ci<}N ]G&b(HG J<{5RJ _N[+H{ CF0qwL gb>wbY Y8L~}R <VRYb! \*sQ#9\ PygEc~ mcMtmh4a t`.a7?{ H[mN] |I1hC:c sc,c?o 0>3&Ol S9\fu/ OU{Wa) 8D@49` F&Hh74Z @I?,$> ]<~6F7 {I||I| i4@,K<Yoz,%> t7zG.+ aaR:kqF *vK/Y\ [4'-]h AX#xoF P,7'x* 7kE2. 9 -5,2 ZRse`Wg x'Z$p9 &ze;@n \F4~[&s Vo$R+ @%csxA@q 5a&M M MBCU0;| ]sI$Uf g?]IBADa 0e)3 p [EC1iF4tf Wg1B+: a5['n!D ol$'iHJ u&pf;# [B`t# .Ue&N1/ Il`C$e $NH0tg Ur9L!. nbLS0tx P(<L| "`A/2Q Vo`9!v zVma+K >WwsLP D'ezQ|0IgEp {q!"9v~ l(XB.U8 Z@{iq=fK 8z0!$/b? )*>.<x b1c4ap$ )c82q7 ^R*aa; On~T^[ }Rg+#w dxO|Y<H77 9UjZ|Wmv gu3Z?@ ;Y[mHj hR%&Bvz ~q5EpLP EQ418DVi6 }4Hj,; 2;(#5 w|=p{-fa nwdF,F6 Ec|S@= qT,Mz# .E Y)F utG`)p |69z!Z {.V>nV- +1(|$Cx4\ v9%H#] ,9@7SD1& _l<<W/r lE R:! FY?F*& f/0#n] e~%JT5 gHS ((7` 79l#fO 4$gFMN1 /9ba7f )+dEzS St:%H~8 Beh*w^e: p&7.^j\ l}4/WdU l]]]Ve c4\]Wj L-at.6 *CVr__ q6|lYN `h6VwJ +/B!NI$s pJ-^c9 k}$a)_ +,kyEsz *Kw,Fk S=#yjQ \nh9gy ^rX9"= I)`Y4> a-t8-E 242/OL Crn#]ZN BNo5O( {xp|S, K4y=v*z K;\|<^h 1syS,f En=_O@Z qW+rEV Hm]z5g (NF!K\+ %aH<`P 65%}sfihgzYQ *i{P9Gh C+E'r0@ !ux!l" [-<]]mI: yG <M*=y W@f:1b Ahh*k~a Aw[qq4 i`p8]4 |kLeXf >Trs@":;Cs yQ;J0OL ^(J<1^ vyM]}OZ V?;;d7g n/M_1r |#U_I_ ~eI.zd Br_kmi )w<7`rl |f%q /i|T$K Bmy5>n -lyV>= NHceu} Ut<K[7 DSJ.)" wY-K$4 o5dAf4[yTVVZo!I F\tzQ:D d>0_Qt ul_""M AV'rS8x ,MB:f$ S&~wV8 Se@(,R 8s,FBw %oO{l^ ni{)s9s >,3B^y MQmIFSn ]NTgbX >*aZgs KZzKQmvXI n`oH`3 TjyG6ln 7b-A< %NN{`QX PyN~-V RtnvAg 4cW{ht xgkdtG 6fq,L] RIX*d@ oaaE!7A 3t}[J~ S]N7VF cRGm}Ox OY:l]0 XTd2_y j?jb.! L@"{bi^ wRJZu@V [A{&QE1 SHXw?" \osz`F )2[cNmD: UIf eU Yxf+A)Yt ;%,_yK(XK SOU)!= `<mQ+_ '=[ZE<}8 jE"c{T <^28,I {M R[% sCfslwS, ]42H5c= nuig| tHLYk! "KZVlc "H/$i5 r+c9c 7 x1GeiAjzX &`!ZH5 Q|hKYk oJ{e+y 1rQC;} (W<]}%TXL G|0D+O vR3Da/ S@-doG& B=srce rH<tZ|7 ,iRiOH yQDJ4Y ~burG\ G'orq'B 8 mtn/ T.P#a* hMZo2% VxILR; >L$8u\l !g$t"c TyxT+- ^.)W\W FDPAmqh qil@m hWvBCY M?,3p] |%YxeFlA '.`~7Or Jkb=(> Zht#P Oh]b6~ $t@gE} T~}V#b #Ab{Yu 7chi#/ z$8P-y#> 4+NQF 9.0S"a5 +Q*']Y& @})tsT.,I z\!yc0V Hy37Bp f?BD{'U{ =!^* L.dBZaJ @(B]`M cF(Skm 1bQ*x~m 8uc!Ds |!0QP_ _DJ"'A 9}{mJ#RQ P2b(C?C '4-0GO F##STX4 $N=0LtT? 8,^20N 2E;k:m %CC+"_^ /|LPyk} |7#6|y Yy-/8J hQ[XGN^ u[1Myu 1iq"b[ 6xGZyW GU zBX !YS@MUu nF^#ZL?o KLkFE{ Bp:?HUU {B7R=} /q=q|C %F7f|y o*K+%Z} <~(1jF` '(B$mH }%dXe[ 'Dv>) (Ssm` cl~tRn cEkH%B %V&pQa|6A zu<XN' IX?Q = [jWW|d %-&!yn KHm0fKq ,(!U0f aUsw;# \[6BmR l@@Jj/ #Eha[= &EbhET M5%>.6 `\^Q|U{ d.afS= 0uHk]P 9;Y[+{\+ 8rXcHb }noHG8 f+tteo Do{VN* u$"+EJiW -}{}m:* R<CN[WL s%rg;Y V\h [Le Cv?urg aAslMr0 {kt')~ "x<A[4 5Y1#h} s'8]w 7c~t`W S*tJj.* 4ImD1 `Q2\xD w{x0^5 {~9rDXaL *7_S.GY {y@B3< AC]=i& _@Cl&N /%WYdp+3; >)N[lt& H8:A,1'\ K_(!g& pSh[Ue "$xMHs .2ev_c F$G Tu S|f?aVk\ C(G2qw6 X-3F(| jy#tma qYD1v#M 5ayCi_ "eiRc\k bO5*&| TAh5,:m aj#uN` l]Uw:| lMIEf:Bk"Z Xe"Z`iqM ,G"qao 8Dt4>& bf>BdN L9\'sN d|2Us!V @&{[b .B|O[- Z/[)t0 /DKX^E?4 &Ll~iX 6wD:]- eJ%qb'W p!Cj!nY s}p>6y V%cAsx $,IM 1D{Kq/ Rz"BM| JZ{0o# V?M?!b tV\"j)OY OLm]%& PpCSdy Yh /X% E*AO-s>@ e)R60L m'C&g\W4 4p=zBm dWWH1hv 7^[HxB oS'"fk+p ~Qv>Cx ;g+lVh }7C-? k?=Hl. sI<gvs aUJ=L+Z y$#Sc|b R_C\(G Aq)>dv( {_v==\r< @#fQ]5 `9t(F5dE-U u0-BXe8 rRo4jb B>B40e fCg;U8 A});@] +E9c[= EhP1%t !NI]&[ w]qK~6X 5P7<'M<cz MDhiW] 7$-' SuAr#JqC 8*0Tn{K Gp{?5a `[W Ux /Rg.se }U9BMp4a( 8;GH~J xP*v~$ GAg`Va N2M`vvF y5wx} D59;ql LKE97_F :\S5n;mJ* vd6XI0 l1x"yExe &F0I" #T!)/Ygfm V=@-<8 Oi)Jcx ~t/"Kg Y7\`]! *i:*$: 7,^"|;n;" #Ie6{n `1ZACjq v1\CZJ $vQg)s YG]#!.x NqB<eH P1Ncr! RsR F>XJ{j .Ss@*W |S4KAS4JL <sEb.y9 .\vuPP .PFNTZ )`*lEG j&>mgQ` |$g~%8 ms$9"P O)3EltW C5 ;b@ n=zyMV; ^CodcK+\h jSC]>m& ChdkjOy q>Z]\% ?X*rX] p['iO\ 3(4bu?;L |nD?@ E=d?h&y ]?&xAF XO 4LL ~EoCT: ihhK&- kz+;t~ c]xE]; p})t v<gD5K !:eI019 r,A:{k VSF8$9H })58II Fgea;7 hsKWOZ R+3E,= R51/`*$8B xS%ls9 ;^a\wM[ Ovv1t}x 5nMlVDI P@t<;1QhR 5u?4nH LjqB>: 6jMDJH VqO^<b 6'u @ML 23HO#@k =V%+'# |_D$Z>4 ia_[pI *Ivv/2L ?[`5&X 9~u3S]_ {[~{gl5 W?!7\~ R-OoMI =bTpWdf <kGN\}V<d |O)k{Oc kT!NUrO R{9^v5 k(+/$Z <.3Z"Z lK\-0m, 0#jQiI KJEpkq3 Rs.'F} .0(K YQ Us_Ycy M# 5od 4d_sj\ }_ag%J q~""4i bhV94' `nzs^R FFL=lX ,d@!?tU #*_PUv! NcJ@gC$ wlRds kcQiE5 oLN\G!+ QW'U~F XPt|e, 7XV8*B z*j7G5 1fyncl ; (SXscZ Q:6Li v%3Dj(S| $3Q6r( YUL(un `*?'gT s~+Tth NbX2? P&`*k% ]RS=O6g; r[W+r8 #GC%)O wRqA:k` V|>bBu QaIQ8E VyI!cZW pv{7S]1 a[n350p HPZ=K b=LAil %=\$(F Kgy#S V,VmNN :x/n#} .=WPoDT &NA?;G] B@v'jR> <.B^Cx<| ,*X"d? &~KT`7 xFQny$t d.'VR 5Q@R`INv CW4p } 1A$B&O ;zl.3G W~qJ_-A &'4^LDB c{3+$nl 0RD&_aw 2r_ust +\9f>c R-H,E7D w&]^$i jovO@K gDWb{V (V{l`? e{.t4j21 MZMVKK A_lynd .4j{l[3R {[@r y}wQe}t )g=l'%* "'%!}'||X YACH7* uZ90*Q +B`loW [f@r<M 4T<S6e}? x&C4PFV _9dB1GK8 !@BXpU AM9P7?R q*=?^Jm (M#l%n r7=eB?D )xB5vab`l Ke8Cdd\ ot]Rwyc go"Qu& <Ygcre DXW&2<U !#(m|2^# NSrST*w iXn,C% FAJhSJ F\qHxg >nV~6|- ]o<Jk:D q[{U&zTO shS|Ip axI}F6 \0)=}/5 b-P?3Z7 HQq'qM -w#2Sn BQ:^* &sb+rx ?jAQm{a 5Pc|kZ !MMc3n$ ~Kl+-o4 ko|;&? btGtAf~^E 9+8Kvl G4ts=d h*k?N;8 pL;`Z*_ GOE?-6 X8D0^.u ^;$"4+ ]Fe}9> E8aS&. jx['o o>2Up;* >_~_lp fT<l&*$ );IG F;!S=I uzLVdVi ;7Cxw6 f~2:]3 nQxm@c vk_5B}` FfVxK/? 8,G)(O/cH f4qv/ss~&I} 8?Bs*I/ -a"v5V ]B#{(|w SG(*2k `t:K+V Ge9nL y;}3bf ziNxb < 4hGY BZ}WH\& TQ3~`{ DkgM[U K%ZDp* l49_,)h h?bn"@jPC* 0Uq'?xd :%A4jD $zjj1Xgs aID}m> SpA?3]G.B LsR}T7 ?bMny} U6{ #~ M.]@Eff jzwkeP EbXQH )^ag_" q+:*o: u<&e<( DH?-lZGB }<[~%a ,{oD5) ]}/"`3 pV3t{h ]:e=[7- 1P+U2N Yiv4a3 :'B:X@ eX7tau ;,-{?h KV-/E5 cUMHT' :>%F>N+ |XtPKK |>yPzl bhcbG- c&7MjEW 6pi}a@ hcYW2= DXeW:ZD]=W6 s{QJ"5t# 2,Ft@ D(DJ<J )m 5(S 4 N\D5!( ggI XFD ayWfItuq] !l1Fz% ]6D%(86 azDO/c _7q9P> H,GLfH 0hPQug) uuM,, :fE{/F- |#aG\' _)w?~z }O0m76 x0%it[ Z94l%H |?a-H! A60]0\^ F;mn&U">nIq sb 1Gz 4c~,1,1H. Uh/ST2 #P% ?*. b%4e(?8 $u7e_NN ?o]@8%7 +n`9W ^\9~kdMR "]p1a= 2co{}C)d' YWN-QE cNUx,M% FfMVo!m EA"q#g W||2j: &:45g6 ez7*2p% FYjSYvfv bC"x1A i|~}]" Pvk[=`o~L& pfSvdQ a*wqF\A G\'nJ| 0K@B9~ O<|49 EY7!v: +,YUJ| khP<&3 tsV){O 468DF}#= fxS{}od Q74Wrr Mq/!)O y]\_qB[ G)<yNz 5.P]Tm g_2al# k/RS7f%&8 vE~{ @ B)",Wu H[$121 ^/vYGF l1bifyPH <|A:E,Bdw /eSn8B )L~yQm Dmq\_yC= S>GC:Y oq"5Ug X8lJu& sBXzNV; v0lf-' \02X%O 4mv Oq Y/3hX~ Se_)E" =*D5%s jtD=u~`Q sHI^Bs L6T9GT I nSF^RH x]I:=B **{x;^ Q}/R:X St?mC$/ Y'N,?&Q l_@hz{ AZ&+{m pY5NwK c4)d%m T%f-`l r/&3E W~<7fa6 J{FpA 7`CPsT KT@Xr UL!V(Qa^ E&I)#t \<lToW- 9}N}k2E)~ \yHQ(D;] e1'S2~ A~6#)O C7Q#+H v[UHXQa= oQT="cw LHrD2 _#&gI2 #0w^`8 <TekU6 <nhO6(~_^ ndda?;8 7ogDC0 VD+}C{ ;rzZ}.@, lPo+ZV ;[## \@ @FImM3 'I81d+> MyxW^&"Y fs$[# `b:I;d OpRJB7% N}?yEQ &K?(7O;6 z!b N0 v38at$^v)* !l{K`HH K1s@mE O[% mzW @'{jMZ K@yzRn Nlkr%6 ? %Ko' K&u-l! Y-FutJ RAe3S D.2m} h R#GITXz[ R"]FFP *!r+G+7^ 1CC(.2 >p:b8? ,y'.WMI Iz0Ah:Z m>bRq} !u7[~/ \%f&E/\ 64V8SQ Iz?A*9 ($(ssw7L z;{m`n$ yI~*nk%A }rp"N*T \cFR#f?V j~oAtei XPuw3n 5!@E;> FEz:!a ~E3>&E. <+~P&- Lh7d'l h>f?M8' :el+&k `7vEaj ]3x]Su #_.;oT 1]2i. ~*p5s M)xEEE A-cplk ONR/WP ql )23 4E_w)[ }yuvqL 7!S_le O-@0Ew &4}rkF swlA5=@WZ "ji&K^ &BCbx#^m -eYu@j -w`2+V l&$Qsg fhebq- G=@4pA X6Hve5Z be8~x3vx LC'ym> $-nn?; /fh6.| V2W04y]] <l@P.;+ DQU',2iy 0G?pzkT {Xg-I gGQ!UO 0w^7_OxE 51Dj0F\f 71eaU6 %zQG7y M}=k<f> <ckf{f' Ait+Fx^b qsD}KB //:eX* !&,B&t <TGml [7}H7B ].tOq& PC5m\w15g _}uSt? =sI>_G<, _iEJ$6 )Un@KP %Dk$Of Kq#2}{ g7}[{|{ (~}=\G SPAL_D a'"Wc\p Hli/.ye ^v98Ee/ q~IxJN e=ra(B( xD0S,Y&s m<Z.(lI $g)caP l+6KHlw ~jD1Rb 7m:4Am =y$usj2@ AnL%K3 Z![7\ LWd| a sGe]j1F`Yz wYq5i& (byIZ- JnM3mR LKgL;M &7?AS^Y 5nPngW+bP _N'|pi"yU IMlNHq 9gyu(&l ?xU1yA ]>&22 @igsjX L1Exm}" v8z1!rm mK%GIK Lyjl@Dz 7RwpVSn O+`]ZB -aNg=` ON=k:v S.w2:+ djKg6-qt g< [)O i,~VB^ Y2`%$Xx Y[ukW{p+)<V 8(SF9&x >AAtF=+f wb1?CT JwpGPs+ EF*3~Q U7xnqPRj; 4.h06gg d&V?|P m\$Km+ rx7cH~r POSaU6 M7p&UH ;O5*g( n;qZqX 'Y4c\* |LFB,k Eoc0Z9 mU}G(c@ &)5-im }?C7Xv OkQ%t _uHi583 A~o/Jx$gH ~PH\5? A'a;BDM$S FM`&^h W'\l>l tu4#S$3C`d c)-B}f 5K) OY &h<<U k&gD7= o|9dGC sAv;*`,tK rH+%ww "Td-|4 NvHyqt H?DO1e <A: 03 "xH9Jw; PNpd20 a(Qh8kL ?}uxgU}8 `U_C({ =nl1@"'[ u2(S`U N*ek$~ ^!F}9Z +TB8\N pR(AK s:kGXF R2;93X NkGmH} 9e]{5- TBoyD2#5 *nu0gy :2I!%k~ $+s/U( kv:EHd bi3a[{ KERNEL32.DLL mscoree.dll (null) ((((( H h(((( H H MD5s: 48fe7f28.msi = 8ead84dd36d8f14ca98f7755a9f5a069 Barbar.exe = 9fff114f15b86896d8d4978c0ad2813d perf_585.dll [implant] = 4525141d9e6e7b5a7f4e8c3db3f0c24c update.msi = f2ccf4cccead21b1674d7df288722a3d wbemprox.log = 577b71cd95333f6df5bfc1fbc64d98ca DOWNLOAD Pass: infected Source
- February 21, 2015
- - &ll~ix
  - .b|o[-
  - (and 3 more)
    Tagged with:
    
    &ll~ix
    
    .b|o[-
    
    /dkx^e?4
    
    @&[�b
    
    z/[t0

Sign In

Search the Community

Search By Tags

Search By Author

Content Type

Forums

Find results in...

Find results that contain...

Date Created

Start

End

Last Updated

Start

End

Filter by number of...

Minimum number of comments

Minimum number of replies

Minimum number of views

Joined

Start

End

Group

Website URL

Yahoo

Jabber

Skype

Location

Interests

Occupation

Interests

Biography

Location

SNOWGLOBE/Babar

Browse

Activity

Pages