Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: d224637a6b6e3001753d9922e749d00d --

Hashes
MD5: d224637a6b6e3001753d9922e749d00d
SHA1: bacb2313289e00a1933b7984dd1cbef01c8019ee
SHA256: 9c67320f0a29796abfb5b53ef2fa2fbcb56b33cff6cdb3f96a8d303685e17263
SSDEEP: 6144:rHpp6ZEmJSr/49JSpIGOGsX5HWY7ydvxHlcaAy0iWYOcG4BDhnxD28ixv7uDphY+:zuYQJUaGsX7/Qwgylf
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_v40_v50 | YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/network_dropper | YRP/network_dns | YRP/escalate_priv | YRP/screenshot | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers1 | YRP/Advapi_Hash_API | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/Str_Win32_Winsock2_Library | YRP/UPX | YRP/suspicious_packer_section |
Sub Files
464985266b7817b7b914e4ec873e60d2
Source
http://94.130.104.170/Win32Dircrypt.Trojan.Ransom.ABZ//dircrypt.deobf
http://94.130.104.170/Win32Dircrypt.Trojan.Ransom.ABZ/dircrypt.deobf
Strings
		!This program cannot be run in DOS mode.
wRich7
`.rdata
@.data
u$h(sA
J4;H,u
A0;B(t7
J0;H(t7
J0;H(t7
P0;Q(t7
A0;B4tV
AP;BTt
P0;Q(t7
A0;B(t7
A0;B4tV
FAtlAdvise
AtlUnadvise
AtlAxWinInit
AtlAxGetControl
SysAllocString
SysFreeString
VariantInit
VariantClear
Qkkbal
NtShutdownSystem
NetUserEnum
NetApiBufferFree
SetThreadErrorMode
NetLocalGroupAddMembers
RegDeleteKeyExW
SwitchToThisWindow
SHGetSpecialFolderPathW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
payinfo
rsakey
rsadata
freeaddrinfo
getaddrinfo
\ws2_32
\wship6
KERNEL32.DLL
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
SHELL32.dll
USER32.dll
WS2_32.dll
SetEndOfFile
GetLogicalDriveStringsW
CreateDirectoryW
UnlockFileEx
SetFileTime
WriteFile
GetSystemDirectoryW
CopyFileW
GetFileAttributesW
ReadFile
GetModuleFileNameW
CreateFileW
GetTempPathW
GetLastError
LockFileEx
FindClose
RemoveDirectoryW
FindNextFileW
GetFileTime
GetDiskFreeSpaceExW
CloseHandle
DeleteFileW
SetFileAttributesW
GetVolumeInformationW
GetDriveTypeW
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
GetModuleHandleW
OpenProcess
LoadLibraryW
TerminateProcess
GetProcAddress
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
FindResourceW
LoadResource
SizeofResource
LockResource
SetErrorMode
GetCurrentProcess
GetVersionExW
LocalAlloc
LocalFree
lstrcmpA
lstrlenA
lstrcpynA
WideCharToMultiByte
lstrcpynW
lstrcatA
CompareStringW
MultiByteToWideChar
lstrlenW
lstrcatW
CompareStringA
lstrcpyW
lstrcpyA
CreateMutexW
WaitForSingleObject
SetEvent
SetFilePointer
CreateEventW
WaitForMultipleObjects
ReleaseMutex
CreateThread
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
FindFirstFileW
GetFileSize
GetCommandLineW
ExitProcess
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
HeapReAlloc
OpenMutexW
CryptExportKey
AdjustTokenPrivileges
FreeSid
IsValidSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
LookupAccountSidW
LookupPrivilegeValueW
LookupAccountNameW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
CryptHashData
CryptDestroyHash
CryptGetKeyParam
CryptReleaseContext
CryptAcquireContextA
CryptGetProvParam
CryptImportKey
CryptEncrypt
CryptCreateHash
CryptGenKey
CryptDestroyKey
CryptAcquireContextW
CryptVerifySignatureW
CoCreateInstance
CoInitialize
CoUninitialize
ShellExecuteExW
ShellExecuteW
CharLowerBuffW
CharUpperBuffW
ExitWindowsEx
wsprintfW
DispatchMessageW
DefWindowProcW
RegisterHotKey
UnregisterHotKey
UpdateWindow
SendMessageW
GetSystemMetrics
UnhookWindowsHookEx
SetWindowsHookExW
CreateWindowExW
LoadIconW
RegisterClassExW
TranslateMessage
GetClientRect
GetWindowTextLengthW
UnregisterClassW
PostQuitMessage
GetMessageW
DestroyWindow
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
BringWindowToTop
GetAncestor
GetWindowTextW
GetClassNameW
ShowWindow
FindWindowExW
IsWindowVisible
GetWindowThreadProcessId
GetWindow
SystemParametersInfoW
LoadCursorW
IsIconic
WSAIoctl
mrWhite
Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)
 HTTP/1.1
Host: 
User-Agent: 
Referer: 
Content-Type: multipart/form-data; boundary=
Content-Length: 
Accept-Language: 
Accept: text/html, application/xml;q=0.9, application/xhtml+xml;q=0.9, image/png, image/jpeg, image/gif, image/x-xbitmap, *\*;q=0.1
Accept-Charset: utf-8, utf-16;q=0.6, *;q=0.1
Pragma: no-cache
Connection: close
Content-Disposition: form-data; name="
Content-Disposition: form-data; name="
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary
Content-Length: 
Content-Length
Transfer-Encoding
chunked
mrWhite
mrWhite
mrWhite
;T{lil#
Readme.txt
m$]Zfe
~{}i*4
Readme.txtPK
tEXtSoftware
Adobe ImageReadyq
d IDATx
Q@^02b
MClG!@
xx0&0q
oJ,QqPj
B$% RI
hNQKw@F[-8cK
,qb,+b
=`A-Db
B$h>AyA
Lbb2d[,=B2
UH4ag\cqg
01~1ADfa
>@q:!m
?y[?$X
.AH'n#
}8@%=$
CT>/D3
bb`Fg~
Vh		zzp
Q5C::;v
)M|S^P
ZSmOte
F[!B}8
_vgvmlKN
V$$OTE
]0YhmX
BO^Bxc
 iI1I"
W_f7vU
~]5No|
$C.9xRA
$Jp;	|9b
	U)<Q#
o;NU.a
I Y?o-
{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fswiss\fprq2\fcharset204{\*\fname Arial;}Arial CYR;}{\f1\fswiss\fcharset204{\*\fname Arial;}Arial CYR;}{\f2\fswiss\fcharset0 Arial;}}
{\colortbl ;\red255\green0\blue0;\red0\green0\blue0;\red0\green255\blue0;}
{\*\generator Msftedit 1.11.11.1111;}\viewkind4\uc1\pard\nowidctlpar\qc\cf1\b\f0\fs72 File is encrypted\cf0\b0\fs28\par
\cf2 This file can be decrypted using the program DirtyDecrypt.exe\cf0\par
\cf3\b\fs40 Press CTRL+ALT+D to run DirtyDecrypt.exe\b0\fs28\par
\cf0\par
\cf2 If DirtyDecrypt.exe not opened \'f1heck the paths:\cf0\par
\cf3 C:\\Program Files\\Dirty\\DirtyDecrypt.exe\par
C:\\Program Files (x86)\\Dirty\\DirtyDecrypt.exe\par
C:\\Users\\[YOUR USER]\\AppData\\Roaming\\Dirty\\DirtyDecrypt.exe\fs20\par
\pard\qc\f1\fs28 C:\\Documents and Settings\\\lang1033\f2 [\lang1049\f0 YOUR USER]\f1\\Application Data\\Dirty\f0\\DirtyDecrypt.exe\f1\par
C:\\Documents and Settings\\\lang1033\f2 [\lang1049\f0 YOUR USER]\\\f1 Local Settings\\Application Data\\Dirty\f0\\DirtyDecrypt.exe\cf0\f1\fs20\par
[Content_Types].xml 
r1/C4^
_rels/.rels 
A$>"f3
word/_rels/document.xml.rels 
=loO.Y
$m.+gA
word/document.xml
Df,DZ<
word/theme/theme1.xml
e<R8*c
p&hA38
word/settings.xml
NxV!W2
ogOtWD
s8]p)%
ET3ON<C
word/webSettings.xml
word/stylesWithEffects.xml
^E'z6P
ZVo{-4
docProps/core.xml 
word/styles.xml
4WQN_.
4"LgG:	
word/fontTable.xml
docProps/app.xml 
0aQnbts
:mJ62k
[Content_Types].xmlPK
_rels/.relsPK
word/_rels/document.xml.relsPK
word/document.xmlPK
word/theme/theme1.xmlPK
word/settings.xmlPK
word/webSettings.xmlPK
word/stylesWithEffects.xmlPK
docProps/core.xmlPK
word/styles.xmlPK
word/fontTable.xmlPK
docProps/app.xmlPK
[Content_Types].xml 
_rels/.rels 
A$>"f3
word/_rels/document.xml.rels 
=loO.Y
$m.+gA
word/document.xml
ndt^r/CZ
x,wZ2E
5}!(/z
^h,DZI
:/,2%2X
word/theme/theme1.xml
e<R8*c
p&hA38
word/settings.xml
(gz~~:?
iC;mi8!
OK_K;(iz
;XHvd^7w
word/webSettings.xml
word/stylesWithEffects.xml
^E'z6P
ZVo{-4
docProps/core.xml 
word/styles.xml
4WQN_.
4"LgG:	
word/fontTable.xml
docProps/app.xml 
0aQnbts
[Content_Types].xmlPK
_rels/.relsPK
word/_rels/document.xml.relsPK
word/document.xmlPK
word/theme/theme1.xmlPK
word/settings.xmlPK
word/webSettings.xmlPK
word/stylesWithEffects.xmlPK
docProps/core.xmlPK
word/styles.xmlPK
word/fontTable.xmlPK
docProps/app.xmlPK
Sony                                                                                                         B
ffffff
ffffff
RESDLL
UniresDLL
PaperSize
LETTER
Orientation
PORTRAIT
Resolution
DPI600
ColorMode
333333
?333333
Microsoft Excel
[Content_Types].xml 
_rels/.rels 
xl/_rels/workbook.xml.rels 
Aw(7ey/
xl/workbook.xml
|wLb.j
xl/sharedStrings.xml
DfFcOl
M-nU>Ri	
xl/worksheets/_rels/sheet1.xml.rels
xl/theme/theme1.xml
l$}AcU
f8RxH"
Bw)j`Z
3p*hI38
xl/styles.xml
8U\id!3@
:qJ8[h
-P$c(|K
xl/worksheets/sheet1.xml
docProps/core.xml 
xl/printerSettings/printerSettings1.bin
1G!Z5y^xa
docProps/app.xml 
8[.lRA
[Content_Types].xmlPK
_rels/.relsPK
xl/_rels/workbook.xml.relsPK
xl/workbook.xmlPK
xl/sharedStrings.xmlPK
xl/worksheets/_rels/sheet1.xml.relsPK
xl/theme/theme1.xmlPK
xl/styles.xmlPK
xl/worksheets/sheet1.xmlPK
docProps/core.xmlPK
xl/printerSettings/printerSettings1.binPK
docProps/app.xmlPK
[Content_Types].xml 
M%zQ5g
_rels/.rels 
xl/_rels/workbook.xml.rels 
Aw(7ey/
xl/workbook.xml
|wLb.j
xl/sharedStrings.xml
DfFcOl
M-nU>Ri	
xl/worksheets/_rels/sheet1.xml.rels
xl/theme/theme1.xml
l$}AcU
f8RxH"
Bw)j`Z
3p*hI38
xl/styles.xml
8U\id!3@
:qJ8[h
-P$c(|K
xl/worksheets/sheet1.xml
docProps/core.xml 
$)]$tq
xl/printerSettings/printerSettings1.bin
1G!Z5y^xa
docProps/app.xml 
8[.lRA
[Content_Types].xmlPK
_rels/.relsPK
xl/_rels/workbook.xml.relsPK
xl/workbook.xmlPK
xl/sharedStrings.xmlPK
xl/worksheets/_rels/sheet1.xml.relsPK
xl/theme/theme1.xmlPK
xl/styles.xmlPK
xl/worksheets/sheet1.xmlPK
docProps/core.xmlPK
xl/printerSettings/printerSettings1.binPK
docProps/app.xmlPK
%PDF-1.3
4 0 obj
<</Linearized 1/L 27211/O 6/E 23329/N 1/T 27012/H [ 456 140]>>
endobj
                    
0000000016 00000 n
0000000596 00000 n
0000000656 00000 n
0000000872 00000 n
0000000918 00000 n
0000000998 00000 n
0000001176 00000 n
0000000456 00000 n
trailer
<</Size 12/Root 5 0 R/Info 3 0 R/ID[<F54A978BAA93ED46981DBDACD40C2E89><C8C8068BA8413F4CB78DB1861024F1DA>]/Prev 27002>>
startxref
                 
11 0 obj
<</Filter/FlateDecode/I 73/Length 61/S 38>>stream
b```e``ba
endstream
endobj
5 0 obj
<</Metadata 2 0 R/Pages 1 0 R/Type/Catalog>>
endobj
6 0 obj
<</Contents 8 0 R/CropBox[0.0 0.0 800.0 600.0]/MediaBox[0.0 0.0 800.0 600.0]/Parent 1 0 R/Resources<</ColorSpace<</CS0 7 0 R>>/ProcSet[/PDF/ImageC/ImageI]/XObject<</Im0 10 0 R>>>>/Rotate 0/Type/Page>>
endobj
7 0 obj
[/Indexed/DeviceRGB 255 9 0 R]
endobj
8 0 obj
<</Length 31>>stream
q 800 0 0 600 0 0 cm /Im0 Do Q 
endstream
endobj
9 0 obj
<</Filter/FlateDecode/Length 109>>stream
endstream
endobj
10 0 obj
<</BitsPerComponent 8/ColorSpace 7 0 R/Filter/FlateDecode/Height 600/Length 21990/Name/X/Subtype/Image/Type/XObject/Width 800>>stream
-xgCpS_ -
&]Z97]
dm67&j
TS<UH-S.
}SK|3	
|~~T:=
xcmy7u(#h
R)v}j=
WOI=L|O7
pU<hN8p
Gy5K!:.
	:Cxnh
ux,m"$
T/}y6"
B[B8X[
hT3IA~
tV#)FpV9J
{-Ik^8~
L;laBv
!o&~W 
wC/SXp
wrV*WMk
"O~L<!q
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
@MF Z`
;?pcH|t}
<25a(`VRZ
1g|\=	
h]5i$;?<
8SI_dN~
g`};g 4X
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
s}H0Qq
'A0Hq7
*agl<}.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
fS9WG+
HR0m~q
	N7$GrUiJ
Vu37; 
\Y_]u@
WRv;ZL2
0HyGX;A 
G:BDQ	:
jL\=hj
!g*Fru-
\G\j =
,WD^NDg
endstream
endobj
1 0 obj
<</Count 1/Kids[6 0 R]/Type/Pages>>
endobj
2 0 obj
<</Length 3372/Subtype/XML/Type/Metadata>>stream
<?xpacket begin="
" id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.2-c001 63.139439, 2010/09/27-13:37:26        ">
   <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
      <rdf:Description rdf:about=""
            xmlns:xmp="http://ns.adobe.com/xap/1.0/">
         <xmp:ModifyDate>2013-04-21T23:50:18+04:00</xmp:ModifyDate>
         <xmp:CreateDate>2013-04-21T23:49:45+04:00</xmp:CreateDate>
         <xmp:MetadataDate>2013-04-21T23:50:18+04:00</xmp:MetadataDate>
         <xmp:CreatorTool>Adobe Acrobat 10.0</xmp:CreatorTool>
      </rdf:Description>
      <rdf:Description rdf:about=""
            xmlns:dc="http://purl.org/dc/elements/1.1/">
         <dc:format>application/pdf</dc:format>
      </rdf:Description>
      <rdf:Description rdf:about=""
            xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/">
         <xmpMM:DocumentID>uuid:7a56cd36-fd85-48b5-9c2d-b66a9a88d9b3</xmpMM:DocumentID>
         <xmpMM:InstanceID>uuid:12d6fac5-c1bb-453a-aeb3-b8ec6a4ff9bd</xmpMM:InstanceID>
      </rdf:Description>
      <rdf:Description rdf:about=""
            xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
         <pdf:Producer>Adobe Acrobat 10.0 Image Conversion Plug-in</pdf:Producer>
      </rdf:Description>
   </rdf:RDF>
</x:xmpmeta>
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
                           
<?xpacket end="w"?>
endstream
endobj
3 0 obj
<</CreationDate(D:20130421234945+04'00')/Creator(Adobe Acrobat 10.0)/ModDate(D:20130421235018+04'00')/Producer(Adobe Acrobat 10.0 Image Conversion Plug-in)>>
endobj
0000000000 65535 f
0000023329 00000 n
0000023380 00000 n
0000026829 00000 n
trailer
<</Size 4/ID[<F54A978BAA93ED46981DBDACD40C2E89><C8C8068BA8413F4CB78DB1861024F1DA>]>>
startxref
Readme.txt
!This program cannot be run in DOS mode.
*N[toi
R9tJ)h!
Y|/Hm,
^GtX2/!
i~xrZc
3!H[_>O
HA;l:2
$fa,;9
1RrRP	b
hJ!YF6h
,c&Gn}
Qce8bV
Z~Ha|	z~6|
'-t-.t$_t
F80-P%
6I~,Fr
o.tAxT
n)>0Ot+
`E4>:'
/	4Ro%
)hwjhX
$&HHD	"
Ev\SIj
N!&,8T/
$$NH~'
d>h	Sr
7tJh0u
9E 3[k
222%7HLH
2222@D@Db
jzja)~
9Yj!/8hX
\UB>\x
C u1*VE4
kg!#TIb
etThreadErrorMod
d	l/NLocalG-
upAddMembers
RegDel
eKeyEx
SwitchTo
isWindow
rPathW-h
WL64DW
dir@ti
-vct:;eK
WsYpWe
kt; 5d
1zA8,# 
m5boti
payinf
/EVUsY
R][,_RY
\ws2_32
ozilla
/4.0 (compatiF; MSIE
a Center PC 6
-us_ /
 HTTP/1.1
Host: hUs1-Ag9
rt/form-
so	ry=/.L
BAccep
,xKhtml,
 applic
;q=0.9w
x-xbitp
utf-8,
/-PrIA%no
--mKE@	
%5name=Ra/
;T{lil#
viweabkkfe
tribu's
SpacL*x
VoluMIn
U32qrN
Snlshot
sourcg
A	lenc
wRSNingW#
S/LObj
&ogi`D
S(ep[C
u1Open
ifybgnt`n
f<dSjx<l
XPTPSW
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
comdlg32.dll
GDI32.dll
SHELL32.dll
USER32.dll
WS2_32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
InitCommonControlsEx
GetOpenFileNameW
SetBkMode
ShellExecuteW
$$''$$53335;;;;;;;;;;
# ((%%((22022;;;;;;;;;;
AQa"q2
Ss45c$t
rKi`=HbG
{i@}91
ye\~(|
zl[+8e9
'*0'S-
N6*Zoz
z}2fu-Zx
8$|ppq
/];vsd
a{t}7fz
v{5iSp
!nW=KTS
;v?NH%p
MHT x|d
`WuKR%.
M{['e,wd
8<|f{^
QOggc^
wfK+e$
\p_?n*c
%l,DfUq
+y\mWR
'flrf?
[kUnmzM
MN}B3X
[kUrzl
8>1:vq
}m}=_f
M+6,mZ
kmYM^~
|<fKOy
bKd|re
<XUq^s.Mo
1TrmLeO
@0'*>3
l0e2s9#
`Ob%2"y
w*1f""
iB"$4""
j%EwK5ij-
cY]	i+Y
-?]uoj
q/iu["
	,<~?)
'2;$cs
""SB" 
a(Pz6v
0}rN&7
3u6_Sn
lRPV93Y
Wm{J9Ac
.""%2""
gZ(BIR
n[C[pZ
<''1=P
,|35G|
=|	'vc
EUm[]K
bg=qGN
_KlQ[n
k<A^89@N
v;[*\S~
ljkwE*_
-jU@G<=
 >Y"oi
Klhnkm
KM\,5j
;:{*{-
7k}JSV
YpF}f]
URxc.z
GMUXr2k\
9j#m:{@+8v%
]	)8>nh
[]7E[f
{o]kl58
).yT@#
nv+x?k4
Qw<#"g
]}}}Ka
DdWE2ol
Q}kZ{v
B"&J""
viweabkkfe.com
!This program cannot be run in DOS mode.
URLDownloadToFileA
urlmon.dll
\m_editerror.tmp
http://networksecurityx.hopto.org
xxxx_xxxx_xxxx
SVWjD^3
PSSSSS
PSSSSS
CloseHandle
ReadFile
GetFileSize
CreateFileA
ExitProcess
WriteFile
GetProcAddress
LoadLibraryA
CreateProcessA
GetTempPathA
OpenMutexA
KERNEL32.dll
??3@YAXPAX@Z
??2@YAPAXI@Z
strcat
memset
MSVCRT.dll