المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : كشف وتحليل تلغيمة د.الكاسر وعرض جميع بيانته


wookr
03-11-2014, 04:32 AM
السلام عليكم ورحمة الله وبركاته

اليوم راح أكشف كل تفاصيل تلغيمة د.الكاسر الي قام بتلغيم صفحة من صفحات المنتدى وأختراق اعضاء الجيوش

في البداية أشكر الأخ موآدع على التحذير في موضوعة اخرس

مبدئيا خلينا نتكلم عن مكان التلغيمة في الصفحة

http://im64.gulfup.com/EL69Q.png (http://www.gulfup.com/?Nkim0q)

http://im64.gulfup.com/KrEDH.png (http://www.gulfup.com/?3vLHjA)

اما بالنسبة لتشفيرة السيرفر

السيرفر شبه كلين ولكن مكشوف من Kaspersky , McAfee وبعض البرامج الغير مهمه

الرابط من توتال

إضغط هنا (https://www.virustotal.com/fr/file/ff4f3137954333a5cc1f5b310cd5f9b107afc148e4c0230a49 2e37b39651a066/analysis/1394499356/)




عملية الحقن في البروسيس هي

1 : svchost.exe
2 : ctfmon.exe

بينات الفيروس

server :ctfmon.exe

host: mozillafirefox.redirectme.net
port:15740

تحليل الفيروس

اي بي الملغم : 188.132.96.120

طبعا النو اي بي : host: mozillafirefox.redirectme.net ولتموية الفاحص خلاة على شكل تحديثات فايرفوكس

والبورت : 15740

والشخص حسب الاي بي تبعوا من السعودية + البرنامج المستخدموا اعتقد أكستريم





Processes:
PID ParentPID User Path
--------------------------------------------------
4820 920 XPSP2-6DB6C5992:fontom C:\Documents and Settings\fontom\Bureau\Nouveau dossier (4)\www.aljyyosh.com

Ports:
Port PID Type Path
--------------------------------------------------

Explorer Dlls:
DLL Path Company Name File Description
--------------------------------------------------
No changes Found

IE Dlls:
DLL Path Company Name File Description
--------------------------------------------------
No changes Found

Loaded Drivers:
Driver File Company Name Description
--------------------------------------------------

Monitored RegKeys
Registry Key Value
--------------------------------------------------

Kernel31 Api Log

--------------------------------------------------
***** Installing Hooks *****
719f74df RegOpenKeyExA (HKLM\System\CurrentControlSet\Services\WinSock2\P arameters)
719f80c4 RegOpenKeyExA (Protocol_Catalog9)
719f777e RegOpenKeyExA (00000096)
719f764d RegOpenKeyExA (Catalog_Entries)
719f7cea RegOpenKeyExA (000000000001)
719f7cea RegOpenKeyExA (000000000002)
719f7cea RegOpenKeyExA (000000000003)
719f7cea RegOpenKeyExA (000000000004)
719f7cea RegOpenKeyExA (000000000005)
719f7cea RegOpenKeyExA (000000000006)
719f7cea RegOpenKeyExA (000000000007)
719f7cea RegOpenKeyExA (000000000008)
719f7cea RegOpenKeyExA (000000000009)
719f7cea RegOpenKeyExA (000000000010)
719f7cea RegOpenKeyExA (000000000011)
719f7cea RegOpenKeyExA (000000000012)
719f7cea RegOpenKeyExA (000000000013)
719f7cea RegOpenKeyExA (000000000014)
719f7cea RegOpenKeyExA (000000000015)
719f7cea RegOpenKeyExA (000000000016)
719f7cea RegOpenKeyExA (000000000017)
719f7cea RegOpenKeyExA (000000000018)
719f7cea RegOpenKeyExA (000000000019)
719f7cea RegOpenKeyExA (000000000020)
719f7cea RegOpenKeyExA (000000000021)
719f7cea RegOpenKeyExA (000000000022)
719f7cea RegOpenKeyExA (000000000023)
719f7cea RegOpenKeyExA (000000000024)
719f7cea RegOpenKeyExA (000000000025)
719f7cea RegOpenKeyExA (000000000026)
719f7cea RegOpenKeyExA (000000000027)
719f7cea RegOpenKeyExA (000000000028)
719f7cea RegOpenKeyExA (000000000029)
719f7cea RegOpenKeyExA (000000000030)
719f7cea RegOpenKeyExA (000000000031)
719f7cea RegOpenKeyExA (000000000032)
719f7cea RegOpenKeyExA (000000000033)
719f2623 WaitForSingleObject(774,0)
719f87c6 RegOpenKeyExA (NameSpace_Catalog5)
719f777e RegOpenKeyExA (00000017)
719f835b RegOpenKeyExA (Catalog_Entries)
719f84ef RegOpenKeyExA (000000000001)
719f84ef RegOpenKeyExA (000000000002)
719f84ef RegOpenKeyExA (000000000003)
719f84ef RegOpenKeyExA (000000000004)
719f84ef RegOpenKeyExA (000000000005)
719f2623 WaitForSingleObject(76c,0)
719e1af2 RegOpenKeyExA (HKLM\System\CurrentControlSet\Services\Winsock2\P arameters)
719e198e GlobalAlloc()
7c80b72f ExitThread()
415b4f GetCurrentProcessId()=4820
40ff38 GetCommandLineA()
40152e GetCurrentProcessId()=4820
7c816cab WaitForSingleObject(7e8,64)
7901010f GetCurrentProcessId()=4820
790071ba GetCommandLineA()
405414 LoadLibraryA(mscoree.dll)=79000000
401f60 LoadLibraryA(mscoree.dll)=79000000
79005d58 LoadLibraryA(ADVAPI32.dll)=77da0000
603cfabe GetCurrentProcessId()=4820
603b757b GetCommandLineA()
603ba2ca LoadLibraryA(ADVAPI32.dll)=77da0000
603ba2ca LoadLibraryA(SHLWAPI.dll)=77f40000
7813ae24 GetCurrentProcessId()=4820
78132126 GetVersionExA()
781321d9 GetCommandLineA()
7a2a0da1 GetCurrentProcessId()=4820
79f93cc6 GetVersionExA()
7a2a11ea WaitForSingleObject(740,1f4)
7a2a1232 WaitForSingleObject(744,1f4)
603b4a8d ReadFile()
79f9138d GetVersionExA()
79f91485 GetVersionExA()
79f90179 GetCurrentProcessId()=4820
79f8a679 GetCurrentProcessId()=4820
79f8f56f OpenProcess(pid=4820)
79f90543 GetCurrentProcessId()=4820
79f8c6da GetCurrentProcessId()=4820
79f8ca67 GetCurrentProcessId()=4820
79f8c88b GetCurrentProcessId()=4820
79f8a826 GetCurrentProcessId()=4820
79f8d5b8 GetCurrentProcessId()=4820
79f8c8e5 GetCurrentProcessId()=4820
7c810725 CreateRemoteThread(h=ffffffff, start=79f8d7bf)
79f8d620 IsDebuggerPresent()
7a2a11ea WaitForSingleObject(6e0,1f4)
7a2a1232 WaitForSingleObject(6e4,1f4)
79f8962c GetCurrentProcessId()=4820
79ef84df ReadFile()
58b53344 GetVersionExA()
58b533ab GetCommandLineA()
58b54952 GetVersionExA()
58b554e8 GetCurrentProcessId()=4820
58b55742 GetVersionExA()
7ca0a5d7 GetVersionExA()
77f46afd WaitForSingleObject(6d8,0)
7c810725 CreateRemoteThread(h=ffffffff, start=79fcb423)
79f79a1a WaitForSingleObject(704,bb8)
79f79290 LoadLibraryA(ole32.dll)=774a0000
5b0abdf9 GetCurrentProcessId()=4820
5b09a0e2 IsDebuggerPresent()
7469270a GetVersionExA()
74693107 RegOpenKeyExA (HKLM\SOFTWARE\Microsoft\CTF\Compatibility\www.alj yyosh.com)
74693107 RegOpenKeyExA (HKLM\SOFTWARE\Microsoft\CTF\SystemShared\)
746924b9 CreateMutex(CTF.LBES.MutexDefaultS-1-5-21-1715567821-1770027372-839522115-1003)
746924b9 CreateMutex(CTF.Compart.MutexDefaultS-1-5-21-1715567821-1770027372-839522115-1003)
746924b9 CreateMutex(CTF.Asm.MutexDefaultS-1-5-21-1715567821-1770027372-839522115-1003)
746924b9 CreateMutex(CTF.Layouts.MutexDefaultS-1-5-21-1715567821-1770027372-839522115-1003)
746924b9 CreateMutex(CTF.TMD.MutexDefaultS-1-5-21-1715567821-1770027372-839522115-1003)
74693107 RegOpenKeyExA (HKCU\Keyboard Layout\Toggle)
7469266a RegOpenKeyExA (HKLM\SOFTWARE\Microsoft\CTF\)
746946ce GetCurrentProcessId()=4820
746924b9 CreateMutex(CTF.TimListCache.FMPDefaultS-1-5-21-1715567821-1770027372-839522115-1003MUTEX.DefaultS-1-5-21-1715567821-1770027372-839522115-1003)
746ad7aa WaitForSingleObject(66c,1388)
746c609a GetCurrentProcessId()=4820
efa743 ReadFile()
79f83f65 RegOpenKeyExA (HKLM\Software\Microsoft\StrongName)
79f54130 ReadFile()
60343b67 GetCurrentProcessId()=4820
77db991b RegOpenKeyExA (SOFTWARE\Microsoft\Cryptography\Providers\Type 001)
77db99ab RegOpenKeyExA (HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Pro vider Types\Type 001)
77db7a7b RegOpenKeyExA (HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Pro vider\Microsoft Strong Cryptographic Provider)
77db8d6c ReadFile()
4010be CreateFileA(C:\WINDOWS\system32\rsaenh.dll)
68026005 ReadFile()
680265ce RegOpenKeyExA (HKLM\Software\Policies\Microsoft\Cryptography)
77db8830 LoadLibraryA(rsaenh.dll)=68000000
680223ff RegOpenKeyExA (HKLM\Software\Microsoft\Cryptography)
680257b0 RegOpenKeyExA (HKLM\Software\Microsoft\Cryptography\Offload)
790b2d0f GetCurrentProcessId()=4820
79f2c06d GetCurrentProcessId()=4820
77db991b RegOpenKeyExA (SOFTWARE\Microsoft\Cryptography\Providers\Type 024)
77db99ab RegOpenKeyExA (HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Pro vider Types\Type 024)
77db7a7b RegOpenKeyExA (HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Pro vider\Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype))
6800faf3 RegOpenKeyExA (HKLM\Software\Microsoft\Cryptography\DESHashSessi onKeyBackward)

DirwatchData

--------------------------------------------------
WatchDir Initilized OK
Watching C:\DOCUME~1\fontom\LOCALS~1\Temp
Watching C:\WINDOWS
Watching C:\Program Files
Modifed: C:\Program Files\HDM Connection Manager\Log\Func_trace.txt
Modifed: C:\Program Files\HDM Connection Manager\Log\ATRecord.txt
Modifed: C:\Program Files\HDM Connection Manager\Log\trace_0.txt
Created: C:\DOCUME~1\fontom\LOCALS~1\Temp\JETBC9.tmp
Created: C:\DOCUME~1\fontom\LOCALS~1\Temp\JET69.tmp
Deteled: C:\DOCUME~1\fontom\LOCALS~1\Temp\JET69.tmp
Deteled: C:\DOCUME~1\fontom\LOCALS~1\Temp\JETBC9.tmp
File: www.aljyyosh.com
Size: 204288 Bytes
MD5: B44CB5C46EAE1A3F730494F98D953DE8
Packer: File not found C:\iDefense\SysAnalyzer\peid.exe

File Properties: CompanyName aS_c_i_l_a_
FileDescription aC_F_V_8_D_
FileVersion 9.12.15.61
InternalName zzz.exe
LegalCopyright Copyright © 2008
OriginalFilename zzz.exe
ProductName a7_G_Y_w__b_3_
ProductVersion

Exploit Signatures:
---------------------------------------------------------------------------
Scanning for 19 signatures
Scan Complete: 304Kb in 0,016 seconds
Urls
--------------------------------------------------


RegKeys
--------------------------------------------------


ExeRefs
--------------------------------------------------
File: www.aljyyosh_dmp.exe_
zzz.exe
zzz.exe

Raw Strings:
--------------------------------------------------
File: www.aljyyosh_dmp.exe_
MD5: 9a75a655c2b3b292bf43d203e20a77ec
Size: 311298

Ascii Strings:
---------------------------------------------------------------------------
!This program cannot be run in DOS mode.
Rich
RPECO
pec1
.rsrc
.rsrc
QRPV
QRPV
9|$
\$ S
][_^
Rj@S
WVue
T$0VR
PQUV
Rj@j
D$$VP
VWP3
SUVW
_^][
t>%F
_^][
_^][
D$3UV
D$(W
D$4x
D$5a
D$>f
D$A3
D$Dt
D$9b
t:;L$
t:;L$
PGWS
WPWUj
VPWUj
_^][
VPWUj
VPWUj
_^][
QRVW
}3@u
E#+E/_^ZY
}3@u
}3@u%
}3@u&
}3@u
}3@u
}3@u
}3@u
}3@u
}3@u
}3@u
^[_]
PVRQ
_^][
vUUVW
_^][
QSUW
^_]3
t6W3
W4SV
D$ V
+G4t
^[_3
D$DS
\$Dj8
L$Th
A0SUP
V8WUR
_^]3
J#T$
V(SU
O0PQ
9F sn
O0PQ
9V r
V ;Q
W0QR
W0QR
][_3
u!;\$
][_^
N$RP
V0WQR
N0WPQ
WlSU
Wt9T$
P;D$
~<+~t
FD)np)nl
O0SPQ
G0SRP
_^[H
Nl#N4
Vlf+Vp
Nl#N4
_^]3
_^][H
_^][
QSUV
Nl#N4
Vl+Vp
Vlf+Vd
Fxf+
#V43
Nl#N4
_^]3
_^][H
_^][
tr9_ tm9_$th
|$$8
9O u
O(9O$u
D$ H
G Vh
W PQ
T$(W
^[_]
~\wuJ
FHQh
NDPh
F\<wu
y\ru2
t*9Qlu%
FHQh
)Nd)Vh
FLWUP
NHPWj
FhQV
F8^[
~\ruK
FDWWW
FL9~Xu
V@WQR
x\ru
x\ru
~\wu(j
CP_^][
XSU3
9\$h
5<fu
'<hu
T$h9T$
t:<wuE
^_]3
9^Dt
D$p;
T$pR
~\wu
^_][
^_][
t.9Vlt)
FDRh
)Vd)Nh
;FLuK
N@QPj
][_^
][_+
~\wW
FDPV
Fd_^
FHPV
Fh_^
9^ u
^(9^$u
V h0%
D$@QP
)D$
D$$)G@
;O\r
GTPQ
GpPj
WhHf
G`9Gh
G`QP
GpPj
GXPQ
TOpRj
w<9G,s
t$,PV
OLH#
T$<PQR
GHtV;
;wHr
GHtR;
;wHr
G(9G,
D$@QP
L$$;
L$$A
L$$u
L$<P
G4PQ
<SUVW
+T$TN
T$HH
L$ #
D$Tt*;
T$$#
L$$J#
+D$8
;l$<
D$DI
D$(+
;l$T
)l$T
T$(+
;l$TsY)l$T
L$4;D$Ts<)D$T
;l$Ts
)l$T
;t$,
L$P+
D$,+
x<_^]
p<O#|$
x8_3
9~ u
~(9~$u
N h0%
9n4u'
9n(u
F(+{
V4P+
F,^3
V0U+
N4W+
V,^3
N,_^3
;O$v
+T$
T$4P
O@;H s
O@;H(s
T$$QUR
D$ )D$
)D$$
Oh;O\sN
;O\r
9Ghs%
Gh9Ghr
GTPQ
GpPj
G`9Gh
OLH#
L$,;
L$,J
L$,uL
L$,J
L$,J
G`9Gh
GTPQ
WpRj
GXPQ
TOpRj
L$ H#
L$,J
L$ E
D$ ;
;wHr
L$ H#
L$,J
L$ E
D$ ;
;wHr
O,+L$
L$(9ODv
L$(+L$
L$4;
L$$+
L$4+
D$(+D$
^][_
w<^]
T$(;P
l$8+n
\$(+^
D$0^][_
F$QR
V4W+
~,_]
vCSU
@;D$
9{<s
A9{<s
QSVW
N(Uh0%
F$UR
]_^3
D$`3
LLH@;
TTl@;
D$4`
T$83
T$,*
T$4f
D$<+
DTLf
u";T$
t$@#
t$H;t$8
D$<u
L$ +
T$8f
D$@#
;D$8t
SUVW
;T$$f
|$(f
L$,f
;L$$
l$,f
t$ J
_^][
SUVW
_^][
T$$f
)l$
_^][
_^]I
tx+4
t$$f
\$ f
~6f9
@;D$
~gSV
SVWf
|$ WSPV
@PAQBR
T$<W
|$Dj8
=L9B
5L9B
5L9B
SSSSS
_^[]
5`9B
95h9B
5`9B
<8=u
VVVVV
wIVSP
5L9B
5L9B
FVSj
5L9B
SVW3
t$9}
WWWWW
t)9u
VVVVV
VVVVV
t!9}
WWWW
VVVV
PPPPP
t79u
t29u
VVVVV
WWWWW
_^[]
WWWWW
SSSSS
SSSSS
~,WPV
98t^
tVPV
t/9U
VVVVV
WWWWW
@uwV
WWWWW
9^$u
SSSSS
_^[]
8VVVVV
SSSSS
VVVVV
WWWWW
SSSSS
5X9B
5T9B
t&:a
ueSj
5L9B
5L9B
5L9B
5L9B
@_^[
VW}
j?^;
%H9B
Y__^[
9csm
5d#B
=0"B
VVVVV
u&h`
PPPPP
<v8V
VVVVV
VVVVV
VVVVV
=0"B
oV f
o^0f
of@f
onPf
ov`f
o~pf
WWWWW
uaVj
5L9B
uL9=
WWWWW
5L9B
QSVW
SSSSS
SSSSS
QQSV3
=h9B
VVVVj
tCVV
0SSSSS
_^[]
@A;E
WWWWW
@uwV
WWWWW
=x9B
VVVVV
VVVVV
VVhU
WWWWW
VVVVV
WWWWW
SSSSS
SSSSS
tl9]
tC9]
Ht$C
CC@@
Ht(f
CC+]
VVVVV
0WWWWW
X_^]
teh=8A
WWWWW
PPPPP
@u^V
, <Xw
t%HHt
HHtXHHt
HHty+
RPSW
90tV
>If90t
WSj0
WSj
SSSSS
WWWWW
jTh(
j@j ^V
[j@j
u,9E
u,9E
_^[]
0SSSSS
<at9<rt,<wt
SSSSS
tVHtG
tEHt1
>=upF
SSSSS
URPQQh
L$,3
UVWS
[_^]
SVWj
_^[]
8csm
S99t
=`9B
>=Yt1j
tNVSP
PPPPP
Y[_^
5`9B
%`9B
>"u&
< tK<
5p9B
5X9B
@@f9
@@f9
SSS+
@PWSS
t!SS
_^[]
Y_^[
Y_^[
5 >B
t+Ht
PPPPP
=<>B
5L>B
5<>B
0SSSSS
_^[]
VVVVV
;5 -B
5 -B
0A@@Ju
95P>B
ET>B
5 -B
=@/B
Y_^[]
_^[]
Fpt"
SVW3
t{~Bj
t1SW
SSSSS
SSSSS
5`9B
SSSSS
tSj=V
u`9]
5`9B
Y|R9
?sjj
5`9B
5`9B
@Y@P
t\VV
@Y@PW
SSSSS
WWWWW
WWWWW
VVVVV
=D0B
~%9M
r 8^
=0"B
VW|[;
=0"B
_^[]
VVVVV
j@j
^SSSSS
j"^SSSSS
QSWVj
N+D$
SSSSS
tGHt.Ht&
^SSSSS
;t0;
8VVVVV
t(9u
SSSSS
SSSSS
ti9]
6f;p
r0f;p
tH9]
6f;H
r0f;H
u!f;
SSSSS
SSSSS
tA9]
t_8]
t 9]
SVWUj
]_^[
;t$,v-
UQPXY]Y[
-|?B
u8SS3
9] u
9]$SS
t)9]
t"SS9]
9] u
9] SS
v$;5$0B
PPPPPPPP
tR:Q
t<:Q
t&:Q
PPPPPPPP
WWWWV
t<Vj
t+WWVPV
VW9]
SSSSS
SSSSS
95l>B
u99u
VVVVV
SSSSS
_^[]
SSSSS
SVW3
_^[u
VVVVV
WWWWW
u+9u
^_[3
Delete
NoRemove
ForceRemove
CreateFileW
CreateFileA
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
kernel32.dll
GetModuleFileNameW
1.2.3
n;^
Qkkbal
i]Wb
9a&g
MGiI
wn>Jj
#.zf
+o*7
Z* ,
H$6t
52F*
#jT$
^6o}
[-&LMb#{'
w+OQvr
R1h58
SKyu
)\ZEo^m/
ru&o
i8P/
?(3w
H*0"ZOW
{kHw
)T`D
!AxU
l!;b
:1X:
y9*O
kM`~
Vc0a
dQy/
lDa>
7~8A
C-Yn
gqr<
$/o|
f-=v
mj>zjZ
l6qnk
IiGM>nw
1A26b
i91k
ewh/?y
*5KS
6~_'
F*.f
1wsHp
M8MF
Pe6^
#bML"
`F(>
vQO+t
[h1R
XsBI
hPU3
^oEZ_
2%k_
w3Xc
/P8i
OZw3(?
Z"0*
fP~V
^GP~
b;!l
V_:X1:
NJ2"v
O*9y]
fu`z
/yQA
&]|v
1.2.3
bad allocation
Visual C++ CRT: Not enough memory to complete call to strerror.
CorExitProcess
runtime error
TLOSS error
SING error
DOMAIN error
R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
R6032
- not enough space for locale information
R6031
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
R6030
- CRT not initialized
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
Unknown exception
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
(null)
( 8PX
700WP
`h````
xpxxxx
Illegal byte sequence
Directory not empty
Function not implemented
No locks available
Filename too long
Resource deadlock avoided
Result too large
Domain error
Broken pipe
Too many links
Read-only file system
Invalid seek
No space left on device
File too large
Inappropriate I/O control operation
Too many open files
Too many open files in system
Invalid argument
Is a directory
Not a directory
No such device
Improper link
File exists
Resource device
Unknown error
Bad address
Permission denied
Not enough space
Resource temporarily unavailable
No child processes
Bad file descriptor
Exec format error
Arg list too long
No such device or address
Input/output error
Interrupted function call
No such process
No such file or directory
Operation not permitted
No error
UTF-8
UTF-16LE
UNICODE
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
new
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
July
June
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
('8PW
700PP
`h`hhh
xppwpp
RSDS
RaiseException
GetLastError
IsBadReadPtr
VirtualProtect
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateFileA
CreateFileW
GetModuleHandleW
VirtualAlloc
VirtualFree
HeapFree
GetProcessHeap
FreeLibrary
HeapAlloc
KERNEL32.dll
HeapReAlloc
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
'2U^

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ


abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
CEEEE
C:\Documents and Settings\fontom\Bureau\Nouveau dossier (4)\www.aljyyosh.com
C:\Documents and Settings\fontom\Bureau\Nouveau dossier (4)\www.aljyyosh.com
PAD@
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPA DDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD INGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDIN GXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX XPADDINGPADDINGXXPAD
SSSSX-p
VWWV
Jv&D
kV^9
(\&;*
8=mp
9< `p|
Z2(>rD
j6w#Af
96'x
VWWV
Z_RW
Itrxpf
v8f=
%tQ<'u
WRQS
Entry Point Not Found
The ordinal %d could not be located in the dynamic link library %s.
The procedure entry point %s could not be located in the dynamic link library %s.
USER32.DLL
MessageBoxA
wsprintfA
This executable is corrupt! Please obtain a new copy.
Authentification Check Failure
Z_RW
Itrxpf
v8f=
%tQ<'u
WRQS
Entry Point Not Found
The ordinal %d could not be located in the dynamic link library %s.
The procedure entry point %s could not be located in the dynamic link library %s.
USER32.DLL
MessageBoxA
wsprintfA
This executable is corrupt! Please obtain a new copy.
Authentification Check Failure
KERNEL32.DLL
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA
AAAAV

Unicode Strings:
---------------------------------------------------------------------------
jjjj
mscorlib.dll
#+3;CScs
!1Aa
mscoree.dll
KERNEL32.DLL
(null)
B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
((((( H
h(((( H
H
C:\Documents and Settings\fontom\Bureau\Nouveau dossier (4)\www.aljyyosh.com
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
CompanyName
aS_c_i_l_a_
FileDescription
aC_F_aV_8_D_
FileVersion
9.12.15.61
InternalName
zzz.exe
LegalCopyright
Copyright
2008
LegalTrademarks
aM_d_v_9_V_m_B_O_
OriginalFilename
zzz.exe
ProductName
a7_G_Y_w__b_3_
ProductVersion
9.12.15.61
Assembly Version
6.9.12.55







التلغيمة الى الأن موجودة في موضوعه أتمنى من الأدارة حذف الموضوع نهائيا لأنه ظاهر

السلام عليكم ورحمة الله وبركاته
Xwoow
03-11-2014, 03:18 PM
تلغيمه غبيييه

ماقصرت اخوي wookr

واتمنى من الاداره حظر الطفل !
dark prince
03-11-2014, 03:40 PM
اخ ووكر منور برجعتك ومشكور على تنبيهك القوي
موآدع
03-11-2014, 04:18 PM
يالبى الاعضاء القدامة بس
shhaby
03-11-2014, 06:32 PM
اخوان تم حظر عضوية ... د. الكاسر ... قبل ما يحلل الاخ wookr طريقة التلغيم .
شكرا اخي wookr على شرح طريقة التلغيم ... كلنا نعرف هناك ما نسميهم اطفال الهكر تعلموا بعض من فنون الهكر لكنهم لم يتعلموا الاخلاق (الاخلاق قبل الاختراق)
واخوان الرجاء الانتباه عند التحميل يجب الفحص بنفسك وتعلم كشف التلغيم . بالتوفيق للجميع