Jump to content

TankedaNewMachine

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for your assistance! The McAfee removal tool did not remove the processes, but I was allowed to delete them manually after using it. I apologize for the wall of text, I'm unfamiliar with how these apps work. Thanks for the confirmation it's normal. Did not think the screenshots would open on their own when attached. It seems odd that searching McAfee with Casper returns no results, save for about the iMac OS...; One final thing... If I uninstall Bluetooth, the Microphone, and Camera, as well as associated drivers - is it normal for them to run again and be activated within 30 minutes of them being removed? No system resets have been done. The processes just reappear, with all associated drivers to run them... Regards.
  2. All came up with no hits, though I watched them go through the files I know to be unwanted [specifically McAfee - I can't uninstall or stop it, even though I didn't load it on the machine, and it's not the original edition that came with the Dell that I could simply right-click and remove]. Machine has been awfully slow, and making weird clicking sounds. Boots up without warning while not showing what it's running. Unable to change proxy settings, or turn off programs with proxies that I haven't installed or provided permissions to access the internet. Logs attached except for Sophos - can't locate the default folder for its log. Showed 0 results. Next steps? ======================================================================================================================================================= And just for reference, here's an excerpt from one of the files in McAfee: C:\Program Files (x86)\McAfee\Gkp\hiphandlers.dat ======================================================================================================================================================= #Copyright?2000-2010 McAfee, Inc. All Rights Reserved. #Detect Hidden Powershell: kevlar sig 6070 *API_Data_Start* OS win7 winvista win2008 winxw win8w win8s win2008r2 Hooked_Module kernel32.dll Hooked_API GetSystemTimeAsFileTime Number_Parameters 1 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler GetSystemTimeAsFileTime_Enter_Handler Exit_Handler 0 Process_Name powershell.exe # Enter function: CreateProcessW_Enter_Handler # Vulnerabilities: 3730 (CVE-2005-0063) by Dai *API_Data_Start* OS win2k winxp win2003 Hooked_Module kernel32.dll Hooked_API CreateProcessW Number_Parameters 10 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CreateProcessW_Enter_Handler Exit_Handler 0 Process_Name explorer.exe #CVE-2014-0546 sig 6060 *API_Data_Start* OS winxp win2003 winvista win2008 win7 win2008r2 Hooked_Module kernel32.dll Hooked_API CopyFileW Number_Parameters 3 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler RCE_CopyFileW_Enter_Handler Exit_Handler 0 Process_Name AcroRd32.exe acrobat.exe # Enter function: NetrSendMessage_Enter_Handler # Vulnerabilities: 3733 (CVE-2003-0717) *API_Data_Start* OS winnt win2k winxp win2003 Hooked_Module msgsvc.dll Hooked_API NetrSendMessage Number_Parameters 3 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NetrSendMessage_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc Procedure_Number 0 Process_Name services.exe # Enter function: DoDragDrop_Enter_Handler # Vulnerabilities: 3727 (CVE-2004-0839;CVE-2005-0053) *API_Data_Start* OS winnt win2k winxp win2003 Hooked_Module ole32.dll Hooked_API DoDragDrop Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler DoDragDrop_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe # Enter function: LlsrLicenseRequestW_Enter_Handler # Vulnerabilities: 3728 (CVE-2005-0050) *API_Data_Start* OS win2k win2003 Hooked_Module llssrv.exe Hooked_API LlsrLicenseRequestW Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler LlsrLicenseRequestW_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 57674cd0-5200-11ce-a897-08002b2e9c6d Procedure_Number 0 Process_Name llssrv.exe # Enter function: PNP_QUERYResConfList_Enter_Handler # Vulnerabilities: 3735 (CVE-2005-1983) *API_Data_Start* OS win2k winxp win2003 Hooked_Module umpnpmgr.dll Hooked_API _PNP_QUERYResConfList Number_Parameters 8 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler PNP_QUERYResConfList_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 8d9f4e40-a03d-11ce-8f69-08003e30051b Procedure_Number 54 Process_Name services.exe # Enter function: RpcAddPrinterEx_Enter_Handler # Vulnerabilities: 3734 (CVE-2005-1984) *API_Data_Start* OS win2k winxp win2003 Hooked_Module spoolsv.exe Hooked_API RpcAddPrinterEx Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler RpcAddPrinterEx_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 12345678-1234-abcd-ef00-0123456789ab Procedure_Number 70 Process_Name spoolsv.exe # Enter function: ClientRequest_Enter_Handler # Vulnerabilities: 3736 (CVE-2005-0058) *API_Data_Start* OS win2k winxp win2003 Hooked_Module tapisrv.dll Hooked_API ClientRequest Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler ClientRequest_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 2f5f6520-ca46-1067-b319-00dd010662da Procedure_Number 1 Process_Name svchost.exe # Enter function: NdrConformantStringUnmarshall_Enter_Handler # Vulnerabilities: 3738 (CAN-2005-2119;CAN-2006-0034) # 3752 (CAN-2006-1184) *API_Data_Start* OS win2k winxp win2003 Hooked_Module RPCRT4.dll Hooked_API NdrConformantStringUnmarshall Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NdrConformantStringUnmarshall_Enter_Handler Exit_Handler 0 Process_Name msdtc.exe # Enter function: PNP_GetDeviceList_Enter_Handler # Vulnerabilities: 3739 (CAN-2005-2120) *API_Data_Start* OS win2k winxp Hooked_Module umpnpmgr.dll Hooked_API PNP_GetDeviceList Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler PNP_GetDeviceList_Enter_Handler Exit_Handler 0 Process_Name services.exe # Enter function: PNP_GetDeviceList_Enter_Handler # Vulnerabilities: 3739 (CAN-2005-2120) *API_Data_Start* OS win2k winxp Hooked_Module umpnpmgr.dll Hooked_API PNP_GetDeviceListSize Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler PNP_GetDeviceList_Enter_Handler Exit_Handler 0 Process_Name services.exe # Enter function: NwrValidateUser_Enter_Handler # Vulnerabilities: 3740 (CAN-2005-1985) *API_Data_Start* OS win2k winxp win2003 Hooked_Module nwwks.dll Hooked_API NwrValidateUser Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NwrValidateUser_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID e67ab081-9844-3521-9d32-834f038001c0 Procedure_Number 20 Process_Name services.exe svchost.exe # Enter function: NwrGetUser_Enter_Handler # Vulnerabilities: 3740 (CAN-2005-1985) # 3781 (CVE-2006-4689) *API_Data_Start* OS win2k winxp Hooked_Module nwwks.dll Hooked_API NwrGetUser Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NwrGetUser_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID e67ab081-9844-3521-9d32-834f038001c0 Procedure_Number 43 Process_Name services.exe svchost.exe # Enter function: NwrGetUser_Enter_Handler # Vulnerabilities: 3740 (CAN-2005-1985) # 3781 (CVE-2006-4689) *API_Data_Start* OS win2003 Hooked_Module nwwks.dll Hooked_API NwrGetUser Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NwrGetUser_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID e67ab081-9844-3521-9d32-834f038001c0 Procedure_Number 39 Process_Name svchost.exe # Enter function: NwrGetResourceInformation_Enter_Handler # Vulnerabilities: 3740 (CAN-2005-1985) *API_Data_Start* OS win2k winxp Hooked_Module nwwks.dll Hooked_API NwrGetResourceInformation Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NwrGetResourceInformation_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID e67ab081-9844-3521-9d32-834f038001c0 Procedure_Number 44 Process_Name services.exe svchost.exe # Enter function: NwrGetResourceInformation_Enter_Handler # Vulnerabilities: 3740 (CAN-2005-1985) *API_Data_Start* OS win2003 Hooked_Module nwwks.dll Hooked_API NwrGetResourceInformation Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NwrGetResourceInformation_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID e67ab081-9844-3521-9d32-834f038001c0 Procedure_Number 40 Process_Name services.exe svchost.exe # Enter function: PlayMetaFileRecord_Enter_Handler # Vulnerabilities: 3741 (CAN-2005-2124) *API_Data_Start* OS win2k winxp win2003 Hooked_Module gdi32.dll Hooked_API PlayMetaFileRecord Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler PlayMetaFileRecord_Enter_Handler Exit_Handler 0 Process_Name explorer.exe iexplore.exe outlook.exe msimn.exe winword.exe wordpad.exe excel.exe powerpnt.exe pptview.exe ois.exe mspaint.exe kodakimg.exe rundll32.exe # Enter function: PlayEnhMetaFileRecord_Enter_Handler # Vulnerabilities: 3742 (CAN-2005-2123) # 3832 (CVE-2007-1212) # 2212 (CVE-2009-0081) *API_Data_Start* OS win2k winxp win2003 winvista win2008 Hooked_Module gdi32.dll Hooked_API PlayEnhMetaFileRecord Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler PlayEnhMetaFileRecord_Enter_Handler Exit_Handler 0 Process_Name explorer.exe iexplore.exe outlook.exe msimn.exe winword.exe wordpad.exe excel.exe powerpnt.exe pptview.exe ois.exe mspaint.exe kodakimg.exe rundll32.exe # killbit handler A # Enter function: CompatFlagsFromClsid_Enter_Handler # Exit function: CompatFlagsFromClsid_Exit_Handler # Vulnerabilities: 3737 (CAN-2005-2127;CVE-2006-1186;CVE-2006-1303;CVE-2006-2383;CVE-2006-3638) # 3773 (CVE-2006-4446;CVE-2006-4777) # 3776 (CVE-2006-4868;CVE-2007-1749) # 3784 (CVE-2006-3445) # 3785 (CVE-2006-5745) # 3786 (CVE-2006-4704) # 3793 (CVE-2006-6027;CVE-2007-0045) # 3800 (CVE-2006-4702;CVE-2006-6134) # 3813 (CVE-2006-6121) # 3779 (CVE-2006-5559) # 3816 (CVE-2007-0218) # 3817 (CVE-2006-4697;CVE-2007-0219) # 3818 (CVE-2006-5745) # 3820 (CVE-2007-0214) # 3826 (CVE-2006-6490) # 3831 () # 3841 (CVE-2007-1891;CVE-2007-1892) # 3833 () # 3834 (CVE-2007-2221) # 3835 (CVE-2007-0942) # 3848 (CVE-2007-2222) # 3860 (CVE-2007-2216) # 3869 (CVE-2007-5601) # 3876 (CVE-2007-5660) # 3911 (CVE-2008-0437) # 3915 (CVE-2008-0078) # 3916 (CVE-2007-4790) # 3912 (CVE-2007-1201;CVE-2006-4695) # 3923 (CVE-2008-1086) # 3927 (CVE-2008-0712) # 3934 (Vulnerability in the ActiveX Control for Aurigma Image Uploader Could Allow Remote Code Execution) # 3935 (Vulnerability in the ActiveX Control for HP Instant Support Could Allow Remote Code Execution) # 3940 CVE-2008-0082 *** removed *** # 2230 CVE-2009-2519 *API_Data_Start* OS winxp win2003 winvista win2008 win7 win8w win8s winxw win2008r2 Hooked_Module urlmon.dll Hooked_API CompatFlagsFromClsid Number_Parameters 3 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CompatFlagsFromClsid_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe outlook.exe explorer.exe # killbit handler B # Enter function: CoGetClassObjectFromURL_Enter_Handler # Vulnerabilities: 3737 (CAN-2005-2127;CVE-2006-1186;CVE-2006-1303;CVE-2006-2383;CVE-2006-3638) # 3773 (CVE-2006-4446;CVE-2006-4777) # 3788 (CVE-2005-2127) # 3776 (CVE-2006-4868;CVE-2007-1749) # 3800 (CVE-2006-4702;CVE-2006-6134) # 3800 (CVE-2006-4702;CVE-2006-6134) # 3813 (CVE-2006-6121) # 3779 (CVE-2006-5559) # 3831 () # 3816 (CVE-2007-0218) # 3817 (CVE-2006-4697;CVE-2007-0219) # 3818 (CVE-2006-5745) # 3820 (CVE-2007-0214) # 3826 (CVE-2006-6490) # 3841 (CVE-2007-1891;CVE-2007-1892) # 3833 () # 3834 (CVE-2007-2221) # 3835 (CVE-2007-0942) # 3848 (CVE-2007-2222) # 3860 (CVE-2007-2216) # 3862 (CVE-2007-3041) # 3869 (CVE-2007-5601) # 3876 (CVE-2007-5660) # 3911 (CVE-2008-0437) # 3915 (CVE-2008-0078) # 3916 (CVE-2007-4790) # 3912 (CVE-2007-1201;CVE-2006-4695) # 3923 (CVE-2008-1086) # 3927 (CVE-2008-0712) # 3934 Vulnerability in the ActiveX Control for Aurigma Image Uploader Could Allow Remote Code Execution # 3935 Vulnerability in the ActiveX Control for HP Instant Support Could Allow Remote Code Execution # 3940 CVE-2008-0082 *** removed *** # 2230 CVE-2009-2519 *API_Data_Start* OS win2k winxp win2003 winvista win2008 win7 win8w win8s winxw win2008r2 Hooked_Module urlmon.dll Hooked_API CoGetClassObjectFromURL Number_Parameters 10 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CoGetClassObjectFromURL_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe outlook.exe # killbit handler E # Enter function: CoCreateInstanceEx_Enter_Handler *API_Data_Start* OS win2k winxp win2003 winvista win2008 win7 win8w win8s winxw win2008r2 Hooked_Module Ole32.dll Hooked_API CoCreateInstanceEx Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CoCreateInstanceEx_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe outlook.exe # Enter function: Escape_Enter_Handler # Vulnerabilities: 3744 (CAN-2005-4560) *API_Data_Start* OS win2k winxp win2003 Hooked_Module gdi32.dll Hooked_API Escape Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler Escape_Enter_Handler Exit_Handler 0 Process_Name explorer.exe iexplore.exe outlook.exe msimn.exe winword.exe wordpad.exe excel.exe powerpnt.exe pptview.exe ois.exe mspaint.exe kodakimg.exe rundll32.exe # Enter function: UrlGetLocationW_Enter_Handler # Vulnerabilities: 3749 (CVE-2006-1388) *API_Data_Start* OS winnt win2k winxp win2003 Hooked_Module shlwapi.dll Hooked_API UrlGetLocationW Number_Parameters 1 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler UrlGetLocationW_Enter_Handler Exit_Handler 0 Process_Name mshta.exe # Enter function: GetPrivateProfileSection_Enter_Handler # Exit function: GetPrivateProfileSection_Exit_Handler # Vulnerabilities: 3750 (CVE-2004-2289) by Dai *API_Data_Start* OS winxp win2003 Hooked_Module kernel32.dll Hooked_API GetPrivateProfileSectionW Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler GetPrivateProfileSection_Enter_Handler Exit_Handler GetPrivateProfileSection_Exit_Handler Process_Name iexplore.exe explorer.exe # Enter function: GetPrivateProfileString_Enter_Handler # Exit function: GetPrivateProfileString_Exit_Handler # Vulnerabilities: 3750 (CVE-2004-2289) *API_Data_Start* OS win2k Hooked_Module kernel32.dll Hooked_API GetPrivateProfileStringW Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler GetPrivateProfileString_Enter_Handler Exit_Handler GetPrivateProfileString_Exit_Handler Process_Name iexplore.exe explorer.exe # Enter function: CreateProcess_Enter_Handler # Vulnerabilities: 3757 (CVE-2006-3281) # 3757 (CVE-2006-3281) # 3757 (CVE-2006-3281) # Exit function: *API_Data_Start* OS win2k winxp win2003 Hooked_Module kernel32.dll Hooked_API CreateProcessW Number_Parameters 10 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CreateProcess_Enter_Handler Process_Name iexplore.exe # Exit function: UrlUnescapeW_Exit_Handler # Vulnerabilities: 3758 (CVE-2006-3643) # 3758 (CVE-2006-3643) *API_Data_Start* OS win2k Hooked_Module shlwapi.dll Hooked_API UrlUnescapeW Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler 0 Exit_Handler UrlUnescapeW_Exit_Handler Process_Name iexplore.exe # Exit function: UrlUnescapeAOE_Exit_Handler # Vulnerabilities: 3849 (CVE-2007-2225) # 3759 (CVE-2006-2766) *API_Data_Start* OS winxp win2003 win2k Hooked_Module shlwapi.dll Hooked_API UrlUnescapeA Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler 0 Exit_Handler UrlUnescapeAOE_Exit_Handler Process_Name iexplore.exe outlook.exe explorer.exe msimn.exe # Exit function: CoInternetParseUrl_Exit_Handler # Vulnerabilities: 3760 (CVE-2004-1166) *API_Data_Start* OS win2k winxp win2003 winnt Hooked_Module urlmon.dll Hooked_API CoInternetParseUrl Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler 0 Exit_Handler CoInternetParseUrl_Exit_Handler Process_Name iexplore.exe # Enter function: GetHostByName_Enter_Handler # Vulnerabilities: 3761 (CVE-2006-3440) # Exit function: *API_Data_Start* OS win2k winxp win2003 Hooked_Module ws2_32.dll Hooked_API gethostbyname Number_Parameters 1 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler GetHostByName_Enter_Handler Process_Name iexplore.exe msimn.exe svchost.exe rundll32.exe explorer.exe mapisp32.exe ftp.exe services.exe lsass.exe inetinfo.exe outlook.exe wmplayer.exe mplayer2.exe rpcss.exe msmsgs.exe winword.exe excel.exe mstask.exe powerpnt.exe msaccess.exe # Enter function: GetHostByName_Enter_Handler # Vulnerabilities: 3761 (CVE-2006-3440) # Exit function: *API_Data_Start* OS win2k winxp win2003 Hooked_Module ws2_32.dll Hooked_API gethostbyname Number_Parameters 1 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler GetHostByName_Enter_Handler Process_Name visio32.exe onenote.exe frontpg.exe mspub.exe winproj.exe wuauclt.exe sqlservr.exe dllhost.exe w3wp.exe hh.exe wordpad.exe hypertrm.exe Lrun32.exe Mrun32.exe Orun32.exe frameworkservice.exe naPrdMgr.exe SrvMon.exe NaiMServ.exe # Enter function: GetHostByName_Enter_Handler # Vulnerabilities: 3761 (CVE-2006-3440) # Exit function: *API_Data_Start* OS win2k winxp win2003 Hooked_Module ws2_32.dll Hooked_API gethostbyname Number_Parameters 1 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler GetHostByName_Enter_Handler Process_Name grpconv.exe winlogon.exe psxss.exe netdde.exe wins.exe llssrv.exe csrss.exe mqsvc.exe spoolsv.exe msdtc.exe mspaint.exe pptview.exe ois.exe firefox.exe mozilla.exe netscape.exe kodakimg.exe mshta.exe wordview.exe xlview.exe EventParser.exe # Enter function: NetpwPathCanonicalize_2K_Enter_Handler # Vulnerabilities: 3766 (CVE-2006-3439) # 3768 (CVE-2006-3439) *API_Data_Start* OS win2k winnt Hooked_Module netapi32.dll Hooked_API NetpwPathCanonicalize Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NetpwPathCanonicalize_2K_Enter_Handler Exit_Handler 0 Process_Name services.exe # Enter function: NetpwNameCompare_Enter_Handler # Vulnerabilities: 3767 (CVE-2006-3439) *API_Data_Start* OS win2k winnt Hooked_Module netapi32.dll Hooked_API NetpwNameCompare Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NetpwNameCompare_Enter_Handler Exit_Handler 0 Process_Name services.exe # Enter function: NetpwPathCanonicalize_XP_Enter_Handler # Vulnerabilities: 3766 (CVE-2006-3439) # 3768 (CVE-2006-3439) *API_Data_Start* OS winxp win2003 Hooked_Module netapi32.dll Hooked_API NetpwPathCanonicalize Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NetpwPathCanonicalize_XP_Enter_Handler Exit_Handler 0 Process_Name svchost.exe # Enter function: URLOpenBlockingStreamW_Enter_Handler # Vulnerabilities: 3762 (CVE-2006-3427) # 3762 (CVE-2006-3427) # Exit function: *API_Data_Start* OS winxp winnt win2k win2003 Hooked_Module urlmon.dll Hooked_API URLOpenBlockingStreamW Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler URLOpenBlockingStreamW_Enter_Handler Process_Name iexplore.exe # Enter function: PlayMetaFileRecord2_Enter_Handler # Vulnerabilities: 3769 (CVE-2006-4071) *API_Data_Start* OS win2k winxp win2003 Hooked_Module gdi32.dll Hooked_API PlayMetaFileRecord Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler PlayMetaFileRecord2_Enter_Handler Exit_Handler 0 Process_Name explorer.exe iexplore.exe outlook.exe msimn.exe winword.exe wordpad.exe excel.exe powerpnt.exe pptview.exe ois.exe mspaint.exe kodakimg.exe rundll32.exe # Exit function: CoInternetParseUrlIndex_Exit_Handler # Vulnerabilities: 3771 (CVE-2006-0032) *API_Data_Start* OS win2k winxp win2003 winnt Hooked_Module urlmon.dll Hooked_API CoInternetParseUrl Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler 0 Exit_Handler CoInternetParseUrlIndex_Exit_Handler Process_Name iexplore.exe # Enter function: # Exit function: #*API_Data_Start* #OS winnt win2k winxp win2003 #Hooked_Module urlmon.dll #Number_Parameters 4 #Clean_The_Stack 1 #Handler_Dll HIPHandlers.dll #Enter_Handler MapUrlToZone_Enter_Handler #Interface_ID {79EAC9EE-BAF9-11CE-8C82-00AA004BA90B} #Procedure_Number 5 #IS_COM_HOOK 1 #CLSID {7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} #CLS_Context 1 #Process_Name iexplore.exe # Enter function: DispCallFunc_Enter_Handler # Vulnerabilities: 3825 (CVE-2007-0940) # 3775 (CVE-2006-3730) *API_Data_Start* OS win2k winxp win2003 winnt Hooked_Module oleaut32.dll Hooked_API DispCallFunc Number_Parameters 8 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler DispCallFunc_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe outlook.exe msimn.exe # Enter function: ASN1BERDecBitString_Enter_Handler # Vulnerabilities: 3777 (CVE-2003-0818) *API_Data_Start* OS win2k winxp win2003 winnt Hooked_Module msasn1.dll Hooked_API ASN1BERDecBitString Number_Parameters 3 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler ASN1BERDecBitString_Enter_Handler Exit_Handler 0 Process_Name lsass.exe # Exit function: CoInternetParseUrlIE_Exit_Handler # Vulnerabilities: 3778 (CVE-2006-5544) # 3812 (CVE-2007-0045) # 3824 () # 3839 (CVE-2007-1205) # 3850 (CVE-2006-2111) # 3853 (CVE-2007-3670) *API_Data_Start* OS winxp win2003 win2k Hooked_Module urlmon.dll Hooked_API CoInternetParseUrl Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler 0 Exit_Handler CoInternetParseUrlIE_Exit_Handler Process_Name iexplore.exe agentsvr.exe msimn.exe # Enter function: Dns_ParseMessage_Enter_Handler # Vulnerabilities: 3780 (CVE-2006-5614) *API_Data_Start* OS winxp Hooked_Module dnsapi.dll Hooked_API Dns_ParseMessage Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler Dns_ParseMessage_Enter_Handler Exit_Handler 0 Process_Name svchost.exe # Enter function: NwrChangePassword_Enter_Handler # Vulnerabilities: 3772 (CVE-2006-4688) *API_Data_Start* OS win2k winxp win2003 winnt Hooked_Module nwwks.dll Hooked_API NwrChangePassword Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NwrChangePassword_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID e67ab081-9844-3521-9d32-834f038001c0 Procedure_Number 1 Process_Name services.exe svchost.exe # Enter function: NetrJoinDomain2_Enter_Handler # Vulnerabilities: 3782 (CVE-2006-4691) *API_Data_Start* OS win2k winxp Hooked_Module wkssvc.dll Hooked_API NetrJoinDomain2 Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NetrJoinDomain2_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 6bffd098-a112-3610-9833-46c3f87e345a Procedure_Number 22 Process_Name services.exe # Enter function: NdrStubCall2_Enter_Handler # Vulnerabilities: () # 3772 (CVE-2006-4688) # 3815 (CVE-2007-0210) # 3822 (CVE-2007-0211) *API_Data_Start* OS win2k winxp win2003 winnt Hooked_Module rpcrt4.dll Hooked_API NdrStubCall2 Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NdrStubCall2_Enter_Handler Exit_Handler 0 Process_Name svchost.exe services.exe # killbit handler D # Vulnerabilities: 3784 (CVE-2006-3445) # 3785 (CVE-2006-5745) # 3786 (CVE-2006-4704) # 3793 (CVE-2006-6027;CVE-2007-0045) # 3813 (CVE-2006-6121) # 3779 (CVE-2006-5559) # 3831 () # 3816 (CVE-2007-0218) # 3817 (CVE-2006-4697;CVE-2007-0219) # 3818 (CVE-2006-5745) # 3737 (CAN-2005-2127;CVE-2006-1186;CVE-2006-1303;CVE-2006-2383;CVE-2006-3638) # 3773 (CVE-2006-4446;CVE-2006-4777) # 3788 (CVE-2005-2127) # 3776 (CVE-2006-4868;CVE-2007-1749) # 3800 (CVE-2006-4702;CVE-2006-6134) # 3800 (CVE-2006-4702;CVE-2006-6134) # 3820 (CVE-2007-0214) # 3826 (CVE-2006-6490) # 3841 (CVE-2007-1891;CVE-2007-1892) # 3833 () # 3834 (CVE-2007-2221) # 3835 (CVE-2007-0942) # 3848 (CVE-2007-2222) # 3915 (CVE-2008-0078) *API_Data_Start* OS win2k winxp win2003 winvista win2008 win7 win8w win8s winxw win2008r2 Hooked_Module ole32.dll Hooked_API CoGetClassObject Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CoGetClassObject_Enter_Handler Exit_Handler NOP_Handler Process_Name iexplore.exe outlook.exe explorer.exe # Vulnerabilities: 3792 (CVE-2006-4702) *API_Data_Start* OS win2k winxp win2003 Hooked_Module wmvcore.dll Hooked_API WMCreateEditor Number_Parameters 1 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler WMCreateEditor_Enter_Handler Exit_Handler 0 Process_Name explorer.exe iexplore.exe outlook.exe wmplayer.exe # Vulnerabilities: 3791 (CVE-2007-0025;CVE-2007-0026;CVE-2006-1311) # 3799 (CVE-2006-6134) # 3791 (CVE-2007-0025;CVE-2007-0026;CVE-2006-1311) *API_Data_Start* OS win2k winxp win2003 winnt Hooked_Module advapi32.dll Hooked_API RegOpenKeyExW Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler RegOpenKeyExW_Enter_Handler Exit_Handler 0 Process_Name wmplayer.exe iexplore.exe wordpad.exe # Vulnerabilities: 3797 (CAN-2005-0059) *API_Data_Start* OS win2k winxp win2003 Hooked_Module mqqm.dll Hooked_API QMSetObjectSecurityInternal Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler QMxxx_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID fdb3a030-065f-11d1-bb9b-00a024ea5525 Procedure_Number 7 Process_Name mqsvc.exe # Vulnerabilities: 3797 (CAN-2005-0059) *API_Data_Start* OS win2k winxp win2003 Hooked_Module mqqm.dll Hooked_API QMGetObjectSecurityInternal Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler QMxxx_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID fdb3a030-065f-11d1-bb9b-00a024ea5525 Procedure_Number 8 Process_Name mqsvc.exe # Vulnerabilities: 3797 (CAN-2005-0059) *API_Data_Start* OS win2k winxp win2003 Hooked_Module mqqm.dll Hooked_API QMDeleteObject Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler QMxxx_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID fdb3a030-065f-11d1-bb9b-00a024ea5525 Procedure_Number 9 Process_Name mqsvc.exe # Vulnerabilities: 3797 (CAN-2005-0059) *API_Data_Start* OS win2k winxp win2003 Hooked_Module mqqm.dll Hooked_API QMGetObjectProperties Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler QMxxx_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID fdb3a030-065f-11d1-bb9b-00a024ea5525 Procedure_Number 10 Process_Name mqsvc.exe # Vulnerabilities: 3797 (CAN-2005-0059) *API_Data_Start* OS win2k winxp win2003 Hooked_Module mqqm.dll Hooked_API QMSetObjectProperties Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler QMxxx_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID fdb3a030-065f-11d1-bb9b-00a024ea5525 Procedure_Number 11 Process_Name mqsvc.exe # Vulnerabilities: 3805 (CVE-2006-5856) *API_Data_Start* OS win2k winxp win2003 Hooked_Module kernel32.dll Hooked_API GetPrivateProfileStringA Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler 0 Exit_Handler GetPrivateProfileStringA_Exit_Handler Process_Name AdobeDownloadManager.exe # Vulnerabilities: 3836 (CVE-2007-1215) *API_Data_Start* OS win2k winxp win2003 Hooked_Module gdi32.dll Hooked_API GetDIBits Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler GetDIBits_Enter_Handler Exit_Handler 0 Process_Name explorer.exe svchost.exe winlogon.exe # Vulnerabilities: 3924 (CVE-2008-1083) *API_Data_Start* OS win2k winxp win2003 Hooked_Module gdi32.dll Hooked_API StretchDIBits Number_Parameters 13 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler StretchDIBits_Enter_Handler Exit_Handler 0 Process_Name explorer.exe iexplore.exe # Vulnerabilities: 3924 (CVE-2008-1083) *API_Data_Start* OS win2k winxp win2003 Hooked_Module gdi32.dll Hooked_API CreateDIBPatternBrushPt Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CreateDIBPatternBrushPt_Enter_Handler Exit_Handler 0 Process_Name explorer.exe iexplore.exe # Vulnerabilities: 3838 (CVE-2007-0038) *API_Data_Start* OS win2k winxp win2003 winnt WinVista Hooked_Module user32.dll Hooked_API LoadImageW Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler LoadImageW_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe outlook.exe explorer.exe # Vulnerabilities: 3830 (CVE-2007-1499) *API_Data_Start* OS win2k winxp win2003 Hooked_Module urlmon.dll Hooked_API CreateUri Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CreateUri_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe # Vulnerabilities: 3840 (CVE-2007-1748) *API_Data_Start* OS win2k win2003 Hooked_Module dns.exe Hooked_API R_DnssrvOperation Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler R_DnssrvOperation_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 50abc2a4-574d-40b3-9d66-ee4fd5fba076 Procedure_Number 0 Process_Name dns.exe # Vulnerabilities: 3840 (CVE-2007-1748) *API_Data_Start* OS win2k win2003 Hooked_Module dns.exe Hooked_API R_DnssrvQuery Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler R_DnssrvOperation_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 50abc2a4-574d-40b3-9d66-ee4fd5fba076 Procedure_Number 1 Process_Name dns.exe # Vulnerabilities: 3840 (CVE-2007-1748) *API_Data_Start* OS win2k win2003 Hooked_Module dns.exe Hooked_API R_DnssrvComplexOperation Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler R_DnssrvOperation_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 50abc2a4-574d-40b3-9d66-ee4fd5fba076 Procedure_Number 2 Process_Name dns.exe # Vulnerabilities: 3840 (CVE-2007-1748) *API_Data_Start* OS win2k win2003 Hooked_Module dns.exe Hooked_API R_DnssrvEnumRecords Number_Parameters 10 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler R_DnssrvOperation_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 50abc2a4-574d-40b3-9d66-ee4fd5fba076 Procedure_Number 3 Process_Name dns.exe # Vulnerabilities: 3840 (CVE-2007-1748) *API_Data_Start* OS win2k win2003 Hooked_Module dns.exe Hooked_API R_DnssrvUpdateRecord Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler R_DnssrvOperation_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 50abc2a4-574d-40b3-9d66-ee4fd5fba076 Procedure_Number 4 Process_Name dns.exe # Vulnerabilities: 3840 (CVE-2007-1748) *API_Data_Start* OS win2003 Hooked_Module dns.exe Hooked_API R_DnssrvOperation2 Number_Parameters 8 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler R_DnssrvUpdateRecord2_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 50abc2a4-574d-40b3-9d66-ee4fd5fba076 Procedure_Number 5 Process_Name dns.exe # Vulnerabilities: 3840 (CVE-2007-1748) *API_Data_Start* OS win2003 Hooked_Module dns.exe Hooked_API R_DnssrvQuery2 Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler R_DnssrvUpdateRecord2_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 50abc2a4-574d-40b3-9d66-ee4fd5fba076 Procedure_Number 6 Process_Name dns.exe # Vulnerabilities: 3840 (CVE-2007-1748) *API_Data_Start* OS win2003 Hooked_Module dns.exe Hooked_API R_DnssrvComplexOperation2 Number_Parameters 9 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler R_DnssrvUpdateRecord2_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 50abc2a4-574d-40b3-9d66-ee4fd5fba076 Procedure_Number 7 Process_Name dns.exe # Vulnerabilities: 3840 (CVE-2007-1748) *API_Data_Start* OS win2003 Hooked_Module dns.exe Hooked_API R_DnssrvEnumRecords2 Number_Parameters 12 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler R_DnssrvUpdateRecord2_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 50abc2a4-574d-40b3-9d66-ee4fd5fba076 Procedure_Number 8 Process_Name dns.exe # Vulnerabilities: 3840 (CVE-2007-1748) *API_Data_Start* OS win2003 Hooked_Module dns.exe Hooked_API R_DnssrvUpdateRecord2 Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler R_DnssrvUpdateRecord2_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 50abc2a4-574d-40b3-9d66-ee4fd5fba076 Procedure_Number 9 Process_Name dns.exe # Vulnerabilities: 3847 (CVE-2007-2219) *API_Data_Start* OS winnt win2k winxp win2003 Hooked_Module kernel32.dll Hooked_API FindResourceW Number_Parameters 3 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler FindResourceW_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe # Vulnerabilities: 3855 (CVE-2007-3845) *API_Data_Start* OS winnt win2k winxp win2003 Hooked_Module shell32.dll Hooked_API ShellExecuteExW Number_Parameters 1 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler ShellExecuteExW_Enter_Handler Exit_Handler 0 Process_Name firefox.exe # Vulnerabilities: 3858 (CVE-2007-2224) *API_Data_Start* OS winxp win2k win2003 Hooked_Module oleaut32.dll Hooked_API SysAllocStringLen Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler SysAllocStringLen_Enter_Handler Process_Name iexplore.exe # Vulnerabilities: 3864 (CVE-2007-3040) *API_Data_Start* OS win2k Hooked_Module wininet.dll Hooked_API InternetCanonicalizeUrlW Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler InternetCanonicalizeUrlW_Enter_Handler Exit_Handler InternetCanonicalizeUrlW_Exit_Handler Process_Name agentsvr.exe # Vulnerabilities: 3865 (CVE-2007-3036) *API_Data_Start* OS win2k winxp win2003 Hooked_Module ntdll.dll Hooked_API NtQueryEaFile Number_Parameters 9 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler 0 Exit_Handler NtQueryEaFile_Exit_Handler Process_Name psxss.exe # Vulnerabilities: 3866 (CVE-2007-5045) *API_Data_Start* OS win2k winxp win2003 winvista Hooked_Module kernel32.dll Hooked_API CreateProcessA Number_Parameters 10 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CreateProcessA_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe firefox.exe seamonkey.exe # sig 3868 (CVE-2007-3896) *API_Data_Start* OS winxp win2003 Hooked_Module kernel32.dll Hooked_API CreateProcessW Number_Parameters 10 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CreateProcessW_Enter_Handler_CVE_2007_3896 Exit_Handler 0 Process_Name acrord32.exe firefox.exe seamonkey.exe # Vulnerabilities: 3917 () *API_Data_Start* OS win2k winxp win2003 Hooked_Module srvsvc.dll Hooked_API NetrShareAdd Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NetrShareAdd_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 4b324fc8-1670-01d3-1278-5a47bf6ee188 Procedure_Number 14 Process_Name svchost.exe services.exe # Vulnerabilities: # 3918 (CVE-2008-0110) # 3926 (CVE-2008-1965) # 3947 (CVE-2008-3007) *API_Data_Start* OS win2k winxp win2003 winvista win7 win8w win8s Hooked_Module kernel32.dll Hooked_API CreateProcessW Number_Parameters 10 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CreateProcessW_Enter_Handler_URI_Injection Process_Name iexplore.exe firefox.exe seamonkey.exe # Vulnerabilities: 3939 (CVE-2008-2245) *API_Data_Start* OS win2k winxp win2003 winvista Hooked_Module mscms.dll Hooked_API OpenColorProfileW Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler OpenColorProfileW_Enter_Handler Process_Name iexplore.exe explorer.exe mspaint.exe # Vulnerabilities: flash clipboard hijack # sig 3945 *API_Data_Start* OS win2k winxp win2003 winvista Hooked_Module user32.dll Hooked_API SetClipboardData Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler SetClipboardData_Enter_Handler Process_Name iexplore.exe firefox.exe # Vulnerabilities: 3958 (CVE-2008-3479) *API_Data_Start* OS win2k Hooked_Module mqqm.dll Hooked_API QMGetRemoteQueueName Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler QMGetRemoteQueueName_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID fdb3a030-065f-11d1-bb9b-00a024ea5525 Procedure_Number 1 Process_Name mqsvc.exe # Enter function: NetpwPathCanonicalize_CVE_2008_4250_Enter_Handler # Vulnerabilities: 3961 (CVE-2008-4250) *API_Data_Start* OS win2k winxp win2003 Hooked_Module netapi32.dll Hooked_API NetpwPathCanonicalize Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NetpwPathCanonicalize_CVE_2008_4250_Enter_Handler Exit_Handler 0 Process_Name svchost.exe services.exe # For sig 3965(CVE-2008-2992, Adobe util.printf BO) *API_Data_Start* OS win2k winxp win2003 winvista win7 win8w win8s Hooked_Module msvcr80.dll Hooked_API _fcvt Number_Parameters 5 Clean_The_Stack 0 Handler_Dll HIPHandlers.dll Enter_Handler _fcvt_Enter_Handler Exit_Handler _fcvt_Exit_Handler Process_Name AcroRd32.exe acrobat.exe # For sig 2207(CVE-2008-3009, WMP vulnerability could allow an authentication reflection attack by WMS) *API_Data_Start* OS win2k winxp win2003 winvista Hooked_Module Secur32.dll Hooked_API InitializeSecurityContextW Number_Parameters 12 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler InitializeSecurityContextW_Enter_Handler Exit_Handler 0 Process_Name wmplayer.exe # Vulnerabilities: 2201 (CVE-2008-4269) # Vulnerabilities: 2251 (CVE-2010-0027) *API_Data_Start* OS win2k winxp win2003 winvista win2008 Hooked_Module shell32.dll Hooked_API ShellExecuteExW Number_Parameters 1 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler ShellExecuteExW_Enter_Handler_Vista Exit_Handler 0 Process_Name iexplore.exe explorer.exe # sig 2213 (CVE-2009-0099, Vulnerability in Microsoft Exchange EMSMDB32 Could Allow Denial of Service) *API_Data_Start* OS win2k winxp win2003 winvista Hooked_Module WSOCK32.dll Hooked_API recvfrom Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler 0 Exit_Handler recvfrom_Exit_Handler Process_Name mad.exe # Enter function: RpcSetPrinterDataEx_Enter_Handler # Vulnerabilities: 2221 (CVE-2009-0230) *API_Data_Start* OS win2k winxp win2003 Hooked_Module spoolsv.exe Hooked_API RpcSetPrinterDataEx Number_Parameters 6 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler RpcSetPrinterDataEx_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 12345678-1234-abcd-ef00-0123456789ab Procedure_Number 77 Process_Name spoolsv.exe *API_Data_Start* OS win7 Hooked_Module ole32.dll Hooked_API CLSIDFromProgID Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CLSIDFromProgID_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe *API_Data_Start* OS win8w Hooked_Module combase.dll Hooked_API CLSIDFromProgID Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CLSIDFromProgID_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe *API_Data_Start* OS winvista win2008 win7 win8w win8s win2008r2 Hooked_Module kernel32.dll Hooked_API CreateProcessW Number_Parameters 10 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CreateProcessW_Enter_Handler_CVE_2014_4114 Exit_Handler 0 Process_Name outlook.exe msimn.exe winword.exe wordpad.exe excel.exe powerpnt.exe # sig 3751 (CVE-2006-1359, createTextRange) *API_Data_Start* OS winxp win2003 Hooked_Module mshtml.dll HBO_Offset_Data "6.00.2900.5512 (xpsp.080413-2105)" 0024356c 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5512 (xpsp.080413-2105)" 0024356c 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5512 (xpsp.080413-2105)" 0024356c 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.2853 (xpsp.060220-1751)" 0023fff7 8bff558bec565733f633ff39750c750a HBO_Offset_Data "6.00.3790.3959 (srv03_sp2_rtm.070216-1710)" 00275f19 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.3790.2643 (srv03_sp1_gdr.060220-1550)" 00268d9a 8bff558bec565733f633ff39750c7514 HBO_Offset_Data "6.00.3790.1830 (srv03_sp1_rtm.050324-1447)" 002660cd 8bff558bec565733f633ff39750c7514 HBO_Offset_Data "6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" 0023c267 8bff558bec565733f633ff39750c750a HBO_Offset_Data "6.00.2900.2853 (xpsp_sp2_gdr.060220-1746)" 0023f6df 8bff558bec565733f633ff39750c750a HBO_Offset_Data "6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" 0023c267 8bff558bec565733f633ff39750c750a HBO_Offset_Data "6.00.3790.2643 (srv03_sp1_gdr.060220-1550)" 00268d9a 8bff558bec565733f633ff39750c7514 HBO_Offset_Data "6.00.3790.3959 (srv03_sp2_rtm.070216-1710)" 00275f19 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.3790.3959 (srv03_sp2_rtm.070216-1710)" 00275f19 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" 0023c267 8bff558bec565733f633ff39750c750a HBO_Offset_Data "6.00.2900.3527 (xpsp_sp2_qfe.090219-1311)" 0024368e 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5626 (xpsp_sp3_qfe.080623-1331)" 0024372c 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5764 (xpsp_sp3_qfe.090219-1311)" 00243946 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3395 (xpsp_sp2_qfe.080623-1318)" 00243530 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3429 (xpsp_sp2_qfe.080819-1244)" 002436a0 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5764 (xpsp_sp3_gdr.090219-1240)" 00243896 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5659 (xpsp_sp3_gdr.080819-1237)" 002437d4 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3157 (xpsp_sp2_qfe.070614-1244)" 00242bfb 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3660 (xpsp_sp2_qfe.091216-1705)" 002442eb 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3492 (xpsp_sp2_qfe.081212-1622)" 002436a0 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3314 (xpsp_sp2_qfe.080215-1242)" 00243393 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5848 (xpsp_sp3_gdr.090718-1251)" 00243c74 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3243 (xpsp_sp2_qfe.071029-1244)" 00242f84 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3199 (xpsp_sp2_qfe.070821-1250)" 00242d0b 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3268 (xpsp_sp2_qfe.071206-1251)" 002432eb 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3603 (xpsp_sp2_qfe.090718-1252)" 00243bcc 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5921 (xpsp_sp3_gdr.091221-1718)" 0024435b 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5921 (xpsp_sp3_qfe.091221-1752)" 0024480b 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5726 (xpsp_sp3_qfe.081212-1451)" 00243864 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5694 (xpsp_sp3_gdr.081015-1312)" 002437f4 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5659 (xpsp_sp3_qfe.080819-1352)" 0024387c 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5726 (xpsp_sp3_gdr.081212-1450)" 002437fc 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3462 (xpsp_sp2_qfe.081015-1657)" 00243688 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5694 (xpsp_sp3_qfe.081015-1409)" 0024385c 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5897 (xpsp_sp3_gdr.091028-1650)" 0024411b 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5897 (xpsp_sp3_qfe.091028-1717)" 00244754 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.3640 (xpsp_sp2_qfe.091027-1402)" 002440a3 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5848 (xpsp_sp3_qfe.090718-1313)" 00243d8c 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2900.5626 (xpsp_sp3_gdr.080623-1315)" 002436bc 8bff558bec8b450c5633f63bc657750a HBO_Offset_Data "6.00.2600.0000 (xpclient.010817-1148)" 0023f5b1 565733f633ff39742410750abf570007 HBO_Offset_Data "6.00.3790.0 (srv03_rtm.030324-2048)" 0021f52e 565733f633ff39742410750abf570007 HBO_Offset_Data "6.00.2800.1106 (xpsp1.020828-1920)" 0024126a 565733f633ff39742410750abf570007 HBO_Offset_Data "6.00.2600.0000 (xpclient.010817-1148)" 0023f5b1 565733f633ff39742410750abf570007 HBO_Offset_Data "6.00.2800.1106 (xpsp1.020828-1920)" 0024126a 565733f633ff39742410750abf570007 HBO_Offset_Data "6.00.2600.0000 (xpclient.010817-1148)" 0023f5b1 565733f633ff39742410750abf570007 HBO_Offset_Data "6.00.2800.1106 (xpsp1.020828-1920)" 0024126a 565733f633ff39742410750abf570007 HBO_Offset_Data "6.00.2800.1578" 001e0ded 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1543" 001e0810 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1586" 001e0f06 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1555" 001e0a30 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1529" 001e13d3 565733f633ff39742410750abf570007 HBO_Offset_Data "6.00.2800.1596" 001e2400 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1589" 001e0ee2 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1528" 001e0208 565733f633ff39742410750abf570007 HBO_Offset_Data "6.00.2800.1587" 001e2304 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1579" 001e2009 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1594" 001e23a0 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1595" 001e101a 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1590" 001e2361 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1562" 001e2017 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1593" 001e0fd7 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1556" 001e1d95 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1544" 001e1c4e 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1561" 001e0dd1 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1625" 001e1231 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1626" 001e2838 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1627" 001e148e 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1609" 001e1164 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1635" 001e2ad5 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1639" 001e3082 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1628" 001e2a17 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1611" 001e1174 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1619" 001e126d 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1612" 001e24de 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1607" 001e1164 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1620" 001e2872 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1608" 001e24de 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1642" 001e1b23 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1638" 001e1b13 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1634" 001e15fd 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1610" 001e24de 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.2800.1643" 001e3092 8b4424085633f63bc657750abf570007 HBO_Offset_Data "6.00.3790.2440 (srv03_sp1_gdr.050506-1520)" 002662b2 8bff558bec565733f633ff39750c7514 HBO_Offset_Data "6.00.3790.2491 (srv03_sp1_gdr.050719-1521)" 0026652e 8bff558bec565733f633ff39750c7514 HBO_Offset_Data "6.00.3790.2541 (srv03_sp1_gdr.051004-1418)" 00266b95 8bff558bec565733f633ff39750c7514 HBO_Offset_Data "6.00.3790.2577 (srv03_sp1_gdr.051123-1244)" 00266bd8 8bff558bec565733f633ff39750c7514 Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CInput_createTextRange_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe # Sig 6028 (CVE-2010-0027) *API_Data_Start* OS winxp win2003 winvista win2008 win7 Hooked_Module ieframe.dll HBO_Offset_Data 7.0.6002.18005 00012828 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21089 0003e39d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20696 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16574 0003e17d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20544 0003e0fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.22902 00011a32 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16825 0003e1fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20696 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20733 0003e17d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16640 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.22918 00011c36 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.22945 00011c36 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20661 0003e17d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16890 0003e34d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16791 0003e1fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16850 0003e1fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.22918 00011c36 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20935 0003e1fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16762 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.18854 00011c26 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16544 0003e17d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21015 0003e23d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16574 0003e17d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6002.18100 00012998 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16441 0003e0d5 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.5730.13 000369be 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16981 0003e34e 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20772 0003e16d 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.18876 00011c27 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21148 0003e39d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20815 0003e1e5 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21115 0003e39d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16705 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20772 0003e16d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16705 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.22867 000119da 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21148 0003e39d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21045 0003e24d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16544 0003e17d 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.7600.16385 0019c578 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.22902 00011a32 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.22945 00011c36 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.22967 00011c37 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.18702 0001987d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21116 0003e39d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16386 0003e0dd 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.18812 00011a32 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6001.22508 000129e5 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6001.18000 0001284d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16945 0003e34d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20733 0003e17d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16915 0003e34d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20978 0003e23d 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.18812 00011a32 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21183 0003e39e 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16757 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20544 0003e0fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6002.22212 00012998 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16825 0003e1fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16945 0003e34d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20861 0003e1fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.22867 000119da 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16640 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16981 0003e34e 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21089 0003e39d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20927 0003e1fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20935 0003e1fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.18828 00011c26 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16608 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.18876 00011c27 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20978 0003e23d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21115 0003e39d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16791 0003e1fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.22967 00011c37 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16916 0003e34d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16674 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16890 0003e34d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20661 0003e17d 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.18777 000119da 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21015 0003e23d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6001.18319 00012a05 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16757 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20861 0003e1fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16608 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.21183 0003e39e 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16762 0003e1bd 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.20927 0003e1fd 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.18828 00011c26 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16915 0003e34d 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.0.6000.16441 0003e0d5 8bff558becf745100000008056ff7508 HBO_Offset_Data 8.0.6001.18854 00011c26 8bff558becf745100000008056ff7508 HBO_Offset_Data 7.00.5730.13 000369be 8bff558becf745100000008056ff7508 Number_Parameters 3 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CopyUrlForParser_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe ## sig 6002 (sig 3838 revised in HBO. cve-2007-0038/cve-2006-1765) #*API_Data_Start* #OS winxp #Hooked_Module user32.dll #HBO_Offset_Data be57a5c3abd240514b98f6bca872fb21 00034771 00000000000000000000000000000000 #HBO_Offset_Data c72661f8552ace7c5c85e16a3cf505c4 00043b05 00000000000000000000000000000000 #HBO_Offset_Data 0834fec89c45f4bb32e4a3f219ac8f66 000571fc 00000000000000000000000000000000 #HBO_Offset_Data dd9269230c21ee8fb7fd3fccc3b1cfcb 0002e638 00000000000000000000000000000000 #HBO_Offset_Data b26b135ff1b9f60c9388b4a7d16f600b 00043dbf 00000000000000000000000000000000 #HBO_Offset_Data 89f37f23faf74f802cd7f22ca4abd4ef 0005747c 00000000000000000000000000000000 #HBO_Offset_Data f86126c77cce2a556ae1855cc405f53c 00043b05 8bff558bec568b7508578b7d0cff7704 #Number_Parameters 3 #Clean_The_Stack 1 #Handler_Dll HIPHandlers.dll #Enter_Handler ReadChunk_Enter_Handler #Exit_Handler 0 #Process_Name iexplore.exe explorer.exe ## killbit handler C ## A hook for killbit sigs (replacing latebinding hook) #*API_Data_Start* #OS winxp win2003 winvista win2008 #Hooked_Module mshtml.dll #HBO_Offset_Data 41c39e9ed3efbfbf45611d47d10f143b 0011272a 00000000000000000000000000000000 #HBO_Offset_Data c750780af2225f2f407bff437333f515 0043b98a 00000000000000000000000000000000 #HBO_Offset_Data 579b767c01c377b5b9373b15fc990cd2 0043bd12 00000000000000000000000000000000 #HBO_Offset_Data 4ae59a374501cd9c37f5909fde556391 002e57dc 00000000000000000000000000000000 #HBO_Offset_Data 11e6a218972643597480d79f3b3a7688 0027f2e0 00000000000000000000000000000000 #HBO_Offset_Data bb19af7e18f50ec6fd484e997c80c70a 00281478 00000000000000000000000000000000 #HBO_Offset_Data a9ebca5c3ab2128ccc76f8080a97674b 00280d38 00000000000000000000000000000000 #HBO_Offset_Data a78668bde10950b609be5832ad430cb0 0043a862 00000000000000000000000000000000 #HBO_Offset_Data 753da33903447e729f9ef5f217481ace 002e5f7c 00000000000000000000000000000000 #HBO_Offset_Data 659430df197b958611e244e92cde9e0d 00280dd0 00000000000000000000000000000000 #HBO_Offset_Data b621772db2276ff133407bddf5079923 0043b602 00000000000000000000000000000000 #HBO_Offset_Data 245d5cd6b858ab694b4a1afd7d4e7693 00112692 00000000000000000000000000000000 #HBO_Offset_Data 9032860bda48e615b5abfde8a25c7eb7 0011272a 00000000000000000000000000000000 #HBO_Offset_Data 3701c2f766865bef9f5987e8ab95a6da 002e5f7c 00000000000000000000000000000000 #HBO_Offset_Data 72ae55a9ffbc60650339cb12e35c7dd5 0027ff78 00000000000000000000000000000000 #HBO_Offset_Data 6770b436928e450f5b4866bdc59549cc 002e57dc 00000000000000000000000000000000 #HBO_Offset_Data 8687e029be63c77d4919485068c54d77 0027d5c8 00000000000000000000000000000000 #HBO_Offset_Data 84a1b9b0c362051e68bb131f14c6daad 00276528 00000000000000000000000000000000 #HBO_Offset_Data 6b9d083c0d4c4555fe011b01a98872da 0027db28 00000000000000000000000000000000 #HBO_Offset_Data 5fc7de1195c8e9b5360fd65dbe95e5b0 0027d5d0 00000000000000000000000000000000 #HBO_Offset_Data 4d92717b5bbce85f1254bad23b0d357c 0027dfc0 00000000000000000000000000000000 #HBO_Offset_Data 31e7520e58e5e4dfa93215a6d5603af2 00276958 00000000000000000000000000000000 #HBO_Offset_Data 2991727809c7ac3a33e4178cc73244d8 0027f108 00000000000000000000000000000000 #HBO_Offset_Data 284ce76b71dd5260b42a3ccf0135af67 0027cbb0 00000000000000000000000000000000 #HBO_Offset_Data c6f8947bb5076b0c7c8e8ecfcc394f84 00280d38 00000000000000000000000000000000 #HBO_Offset_Data 95bd53d5ab4aa7bd8098ccba7d01c5d1 0027f2e0 00000000000000000000000000000000 #HBO_Offset_Data 877ec4221f6af1f51e24110e064cc71e 0043b602 00000000000000000000000000000000 #HBO_Offset_Data 255c2ce965543abdc3e0a25a5da1874a 00276628 00000000000000000000000000000000 #HBO_Offset_Data 1c45525574ef206346fbafcaac7cc4a5 0027ed90 00000000000000000000000000000000 #HBO_Offset_Data 00adcb32832a10ed9419493bcea97526 0027f4d8 00000000000000000000000000000000 #HBO_Offset_Data cf58dca3ed911c4c942b941d4ecf6862 0043a862 00000000000000000000000000000000 #HBO_Offset_Data cb479559434c766dcc26d0489ba84ef1 00281478 00000000000000000000000000000000 #HBO_Offset_Data fca7e888d8a94fbc6c049a10bb14416a 00b2bca0 00000000000000000000000000000000 #HBO_Offset_Data 1bd4b8cf0eacab8925bf36ba3497252a 00e837a0 00000000000000000000000000000000 #HBO_Offset_Data fe1b4f611cff0b442cec979be1cddf77 0044430b 00000000000000000000000000000000 #HBO_Offset_Data a89e3948b2efc55f642fe1fe2cda2d9e 0044430b 00000000000000000000000000000000 #HBO_Offset_Data 5f0851c767de71c261283d423650fac9 004442eb 00000000000000000000000000000000 #HBO_Offset_Data 56f5053760581989a9bc7a47e916f661 004442eb 00000000000000000000000000000000 #HBO_Offset_Data 43592d31aff84dd957199248898d9430 00443eb3 00000000000000000000000000000000 #HBO_Offset_Data 12c3f25ea578daa752024e1918d59313 00534e00 00000000000000000000000000000000 #HBO_Offset_Data efb718c1cd9dd453dee529df4f25dbca 0043bd12 00000000000000000000000000000000 #HBO_Offset_Data d8aec29bd4f4c5a9d85f3ade9b7f8c3f 0043b98a 00000000000000000000000000000000 #HBO_Offset_Data 299423dfb7e8d8e179f685371c88a6a8 0027f2e0 00000000000000000000000000000000 #HBO_Offset_Data 37f578776552fa076ea6085f0365209c 00281478 00000000000000000000000000000000 #HBO_Offset_Data 431d4c38e47ae0cac1a52a185395a5f5 00280d38 00000000000000000000000000000000 #HBO_Offset_Data 601e18a9a8f0d0ed39692b593212378f 00280dd0 00000000000000000000000000000000 #HBO_Offset_Data a6cf28c6e0b6d10098ab601d85ee55e8 0043bd12 00000000000000000000000000000000 #HBO_Offset_Data cda69bc1c23b0ea033b989f67cb722ff 0043b3c2 00000000000000000000000000000000 #HBO_Offset_Data a706e122b398fe1ab85cb9b75d044223 0027ff78 00000000000000000000000000000000 #HBO_Offset_Data c6e663c066e3bea5b0bb70d87d0701e9 0027ca60 00000000000000000000000000000000 #HBO_Offset_Data 48e05fd07045bb2e5cfc43c970caf1e7 002e28f8 00000000000000000000000000000000 #HBO_Offset_Data 0afef7f9242f5f84f12ae9b84c2c57f4 002e6890 00000000000000000000000000000000 #HBO_Offset_Data 0b772887f7c50d062ad0fb1b47c0279e 002e60f8 00000000000000000000000000000000 #HBO_Offset_Data 3b7b0a46482ef271e5c434d0c070129a 002e6230 00000000000000000000000000000000 #HBO_Offset_Data 41fb8068e6624f4d843cb1c0f6e8b0ec 002e3d18 00000000000000000000000000000000 #HBO_Offset_Data 44fd7efd38472852e74e8e8d663e1961 002e38f0 00000000000000000000000000000000 #HBO_Offset_Data 83a461e3bab28acdbe32e2a62bb1beee 002e65b4 00000000000000000000000000000000 #HBO_Offset_Data af7541bc2d91483328e6d9910cd33dd5 002e5754 00000000000000000000000000000000 #HBO_Offset_Data bc72b82a8d9f0e2de67a4985a6676786 002e60c8 00000000000000000000000000000000 #HBO_Offset_Data bff746b1558432533876014b66cf04c4 002e38d8 00000000000000000000000000000000 #HBO_Offset_Data dc162f0f1880c30296c5fad1f60ec6d4 002e578c 00000000000000000000000000000000 #HBO_Offset_Data e3708336831e5249dbb274342649f483 002e42f8 00000000000000000000000000000000 #HBO_Offset_Data f500476c0724e476f05331162d4c283d 002e5f7c 00000000000000000000000000000000 #HBO_Offset_Data 5cb375e3280738a6231a2ec534b5282b 00274c00 00000000000000000000000000000000 #HBO_Offset_Data ff6ede58b25c86f27b62fdf48b4fa540 0027ff78 00000000000000000000000000000000 #HBO_Offset_Data 2e68299055b35e9727a35d8a3905ca0b 0043b3c2 00000000000000000000000000000000 #HBO_Offset_Data 498543352097628889ef52340ba7e50b 00112692 00000000000000000000000000000000 #HBO_Offset_Data 5f018931ea505f410d6c610765f5ab28 00159aa8 00000000000000000000000000000000 #HBO_Offset_Data c24138b16a7ea1f5d821ebbff164f81f 00159aa8 00000000000000000000000000000000 #HBO_Offset_Data cac51ad576713e5f0ce2251ed3a7fe82 00274c00 00000000000000000000000000000000 #HBO_Offset_Data 66746bd88f71770815e12e6c6caef3ea 002e5754 00000000000000000000000000000000 #HBO_Offset_Data 6fff8d10d0ef5dbe46b7d035fa4119e4 0043b3c2 00000000000000000000000000000000 #HBO_Offset_Data 848fd0fc3725e859c7512047bf447510 00280dd0 00000000000000000000000000000000 #HBO_Offset_Data 88e1c15bb1a9ed3cba4d6f2f408d5010 0027ea00 00000000000000000000000000000000 #HBO_Offset_Data 91c5ade25bc4e3322577854fa2e7b58b 00275950 00000000000000000000000000000000 #HBO_Offset_Data a14a7a206ae22de4fe563e44cfc7ddf5 00277030 00000000000000000000000000000000 #HBO_Offset_Data abcd123f888e4e97c8751378cccc4f26 0027d7d0 00000000000000000000000000000000 #HBO_Offset_Data be45460d1453b7342e01eae79bfbc681 0027d388 00000000000000000000000000000000 #HBO_Offset_Data c7074da3d8f8c0f6c03874ba0b05069c 0027d2c0 00000000000000000000000000000000 #HBO_Offset_Data cefea1c301139a817931be132f0359fe 0027e0c8 00000000000000000000000000000000 #HBO_Offset_Data d251679bd9ef0250201fb899ec40fd32 0027ded8 00000000000000000000000000000000 #HBO_Offset_Data dcfac5470ee0a159ec4222bc28ae3ee6 002765d0 00000000000000000000000000000000 #HBO_Offset_Data deaa438ea31095e14a196ff647e38d13 0027cfa8 00000000000000000000000000000000 #HBO_Offset_Data f31274d7667d83e73c6ee16d2206b76c 0027da70 00000000000000000000000000000000 #HBO_Offset_Data fae3ca9b2459581c45b3a8845be3077c 00275610 00000000000000000000000000000000 #HBO_Offset_Data 00ec049ca9d88d997ae465e28d57b106 00111ebc 00000000000000000000000000000000 #HBO_Offset_Data 011b7d2191eca82eb8ad7a75eb31af89 001123b5 00000000000000000000000000000000 #HBO_Offset_Data 013d652c7929433378088ddc92ac01d0 001125d5 00000000000000000000000000000000 #HBO_Offset_Data 1815f7328b6076446d26047682f8fd50 00111e71 00000000000000000000000000000000 #HBO_Offset_Data 26e5f721e575299e3e8ee9eef4b72ecc 001599d7 00000000000000000000000000000000 #HBO_Offset_Data 283749fb69254e8cb32c4a7143fe0045 00112485 00000000000000000000000000000000 #HBO_Offset_Data 2a464df4b46b311ad7d993a825041223 00111e34 00000000000000000000000000000000 #HBO_Offset_Data 34fa89b087a52f6a36f114fb72697e28 00111e99 00000000000000000000000000000000 #HBO_Offset_Data 35ccc3b4ab9f01ba816fbd55ed773038 00112495 00000000000000000000000000000000 #HBO_Offset_Data 59b99b65380e6736aae7c7b9d090c1d2 00111e49 00000000000000000000000000000000 #HBO_Offset_Data 65b445816d95be94316b2bde24afd7e9 001124e5 00000000000000000000000000000000 #HBO_Offset_Data 66ef0c1010c1e69fa2b9e2151ef1ab6d 0011265d 00000000000000000000000000000000 #HBO_Offset_Data 673a6bb9ac002371cb551efbe318e120 00111e89 00000000000000000000000000000000 #HBO_Offset_Data 6e82ef72b9f724475f592fcd50837904 00112405 00000000000000000000000000000000 #HBO_Offset_Data 72c27b47c14d35df1508ac4166314cfa 001126f5 00000000000000000000000000000000 #HBO_Offset_Data 9cc4488551ed9478173c47ea75aef631 0011241d 00000000000000000000000000000000 #HBO_Offset_Data a3b84fc04a45c66de2a04a96a0b5d6c4 001122cd 00000000000000000000000000000000 #HBO_Offset_Data aea27d3d1780ef298adf31acead89bd3 00112465 00000000000000000000000000000000 #HBO_Offset_Data c16ba8302665df073785da313d191d99 00111da1 00000000000000000000000000000000 #HBO_Offset_Data ca20c18d5e1e8f0b119bed9b8ee74816 0011256d 00000000000000000000000000000000 #HBO_Offset_Data d35d4b9b774347df6095a97b54ddcb06 0011235d 00000000000000000000000000000000 #HBO_Offset_Data db3f4abcb72b70a79d9e218d5cc5b654 00111e89 00000000000000000000000000000000 #HBO_Offset_Data ede55dbaaa288ac95a6475ed7d5de4ee 00159a2b 00000000000000000000000000000000 #HBO_Offset_Data fa9b36295d8da1dc649c381d26ec10cd 001123dd 00000000000000000000000000000000 #HBO_Offset_Data 042ac20e084d21dd6bee99b89cc30fb7 00276dc8 00000000000000000000000000000000 #HBO_Offset_Data 087ff7c54e7ebe4a59bd4dfc1d0ee9b8 00274f30 00000000000000000000000000000000 #HBO_Offset_Data 3394299fbf1cd0b24089fc762611360b 00277450 00000000000000000000000000000000 #HBO_Offset_Data 5e7a39950ea133bb54719a6e08c544a7 00276e38 00000000000000000000000000000000 #HBO_Offset_Data d3f037f5da702ae9ddd7663ec9d78ba7 00277710 00000000000000000000000000000000 #HBO_Offset_Data d94e6405e420373161467acd3da65640 00274f30 00000000000000000000000000000000 #HBO_Offset_Data 121ec39a64d64205a88c2c45b034b455 002e47fc 00000000000000000000000000000000 #HBO_Offset_Data 1bb754ab47b327de8dbf2fa18c36357c 002e51a4 00000000000000000000000000000000 #HBO_Offset_Data 2b4315ec9e3124408a2a5074c4b97700 002e50b4 00000000000000000000000000000000 #HBO_Offset_Data 3b413267da8ae71c20e5ef3e54f74728 002e4a48 00000000000000000000000000000000 #HBO_Offset_Data 4d612ff5d3b7eef200595ae6f95d5e68 002e4a64 00000000000000000000000000000000 #HBO_Offset_Data 4ee273e2b09317c1217ef0db91f93534 002e487c 00000000000000000000000000000000 #HBO_Offset_Data 758c8bedab7ce5f9070c85e2e57cbd80 002e550c 00000000000000000000000000000000 #HBO_Offset_Data 8976cab317105f7431b08ea32ab73c65 002e43e4 00000000000000000000000000000000 #HBO_Offset_Data 89a9658515a18e673034369e043fab01 002e57ac 00000000000000000000000000000000 #HBO_Offset_Data 8b48737260c273c9b0daca84ea1ccdbd 002e65f4 00000000000000000000000000000000 #HBO_Offset_Data 976c46ed4a75fc66d9c596778898ce1e 002e4934 00000000000000000000000000000000 #HBO_Offset_Data a097c36412455f0c7e42377faf8809b7 002e43f4 00000000000000000000000000000000 #HBO_Offset_Data ab2c88167d78d71d93558acecb24cc7a 002e4424 00000000000000000000000000000000 #HBO_Offset_Data c6fd770d518fb024245a0ee217d72bc1 002e57dc 00000000000000000000000000000000 #HBO_Offset_Data c79fad61cd4a26ed5aa8c16d991c6fbd 002e4f24 00000000000000000000000000000000 #HBO_Offset_Data c7c3e41cc2f6eb4a629fe2184136c098 002e4b0c 00000000000000000000000000000000 #HBO_Offset_Data cc9d001b7370b292c35b366ca05b12b4 002e5084 00000000000000000000000000000000 #HBO_Offset_Data e52a845dce011d56b12b8f3f4606f956 002e5754 00000000000000000000000000000000 #HBO_Offset_Data edad55105ddd067ae3906011f297267c 002e5f7c 00000000000000000000000000000000 #HBO_Offset_Data f6098cc1b1c3858d53f20f3cb5774f3b 002e5d84 00000000000000000000000000000000 #HBO_Offset_Data 0e49677ee57a928765fc47ffbacd5326 0043b602 00000000000000000000000000000000 #HBO_Offset_Data 1290e417bf806185cc7b2845e78a104e 0043a862 00000000000000000000000000000000 #HBO_Offset_Data 5a32b43a48d6dca339bf24105d9a028f 0043aa52 00000000000000000000000000000000 #HBO_Offset_Data b68f6e6c66d17d9edabf3d5da71046da 0043b98a 00000000000000000000000000000000 #HBO_Offset_Data c0f9ac6fab2c788ffee3e69585a0e93f 0043c32a 00000000000000000000000000000000 #HBO_Offset_Data cbb1ef54b86edb78649909dd1699e5ca 0043b6ea 00000000000000000000000000000000 #HBO_Offset_Data eeaadaa744b20e68cf5eb4fbb4f8afa9 0043a862 00000000000000000000000000000000 #HBO_Offset_Data f25d866dd486ad30e05e5596cb363c3e 0043abe2 00000000000000000000000000000000 #HBO_Offset_Data 03d98eb3f7bbd1fa14c650597f1989bc 00280180 00000000000000000000000000000000 #HBO_Offset_Data 04eec0ff4dd3c7041628973ca6832c33 002801d0 00000000000000000000000000000000 #HBO_Offset_Data 108f212b0e1b4439b014497eec407981 0027edb8 00000000000000000000000000000000 #HBO_Offset_Data 1618a4a2c5dd8164b8295190c8ea6544 002803f8 00000000000000000000000000000000 #HBO_Offset_Data 1673677dbd70142db1294f1b6fc3323e 002e6804 00000000000000000000000000000000 #HBO_Offset_Data 1ad035e04a7068ec2820b055a3131ed8 002e47dc 00000000000000000000000000000000 #HBO_Offset_Data 1fc693a4ee1d9d9cd78dda6c87232f6f 0027fff0 00000000000000000000000000000000 #HBO_Offset_Data 20d44d1a5a406cd8e129d3d4f0b5717c 00280160 00000000000000000000000000000000 #HBO_Offset_Data 25cc085720ee3617fd1f8ab9e2f7cab2 002e4e2c 00000000000000000000000000000000 #HBO_Offset_Data 28b8231ca8d55fc85e027a57c90f5c88 002e4c74 00000000000000000000000000000000 #HBO_Offset_Data 2f70f2f74c40397d031016fa162981c2 00280358 00000000000000000000000000000000 #HBO_Offset_Data 3b8259ef10c0f1425395981e40ed0eaa 002e58dc 00000000000000000000000000000000 #HBO_Offset_Data 507bda42f7db8209c0f0b3556a043491 00280280 00000000000000000000000000000000 #HBO_Offset_Data 53f3fd772c010622346c39284c4a863b 0027f5f8 00000000000000000000000000000000 #HBO_Offset_Data 54d8b404f17aa74c666f7f3aef2ae459 002e48b4 00000000000000000000000000000000 #HBO_Offset_Data 5747867041c33e26da5cc893c9532db8 00280f80 00000000000000000000000000000000 #HBO_Offset_Data 591449bd8f2c8090b9259e88c78ae61d 0027e1b8 00000000000000000000000000000000 #HBO_Offset_Data 6cafaa3e8c37cdd0d7441af82807f70c 0027f2b8 00000000000000000000000000000000 #HBO_Offset_Data 6d1d493622ea050dbaabd0c4c1dfadb5 00280188 00000000000000000000000000000000 #HBO_Offset_Data 701a6798ddf875caa3a5099ee75fd57f 0027fd88 00000000000000000000000000000000 #HBO_Offset_Data 7467941be64dfc5f8e9f3dc1de920806 00280880 00000000000000000000000000000000 #HBO_Offset_Data 74b5a84ac8fcf52c249b74c3d2a3e7b8 0027e4c8 00000000000000000000000000000000 #HBO_Offset_Data 77dbf6075405494ad6b6a99e2c732f86 0027e3b8 00000000000000000000000000000000 #HBO_Offset_Data 79314a0a6b0da78afe491ff2d8b117ba 0027fa28 00000000000000000000000000000000 #HBO_Offset_Data 885e3bf99ea4b2213901ebc35b34cf12 0027f610 00000000000000000000000000000000 #HBO_Offset_Data 8a4dd074dec1b0c063c8493abf654cbc 0027fcd8 00000000000000000000000000000000 #HBO_Offset_Data 8ab7ecf59d6ebbe986277b65ed4a40a1 002e428c 00000000000000000000000000000000 #HBO_Offset_Data 9a878c4d12be5598b598b27bfea1b3c2 00280868 00000000000000000000000000000000 #HBO_Offset_Data 9c2c058e341e6b627789ef88d3b98445 0027e618 00000000000000000000000000000000 #HBO_Offset_Data a758f0891a87ee005848a0bc740a5b96 00280fb8 00000000000000000000000000000000 #HBO_Offset_Data aa8a4bd78d24fcdb96ddaee3756aa372 002e4454 00000000000000000000000000000000 #HBO_Offset_Data ad17006339c1934d86449f335c241ff1 002815f8 00000000000000000000000000000000 #HBO_Offset_Data b20fee1734ef152aaa8d6c5a938da902 0027e748 00000000000000000000000000000000 #HBO_Offset_Data b6daa74e2ed36c71b502945589a683ae 00280380 00000000000000000000000000000000 #HBO_Offset_Data b74f31a4bd83797d7a083f922169287d 002e4f24 00000000000000000000000000000000 #HBO_Offset_Data b83eb71c2052e05d13d690a224357441 0027e610 00000000000000000000000000000000 #HBO_Offset_Data b846c2de341cf32b42ad297437233742 00280308 00000000000000000000000000000000 #HBO_Offset_Data bd1365d9400c3db84d76ae77318e1a8d 0027f458 00000000000000000000000000000000 #HBO_Offset_Data bd45470b132a0f98596277323d9f2e5a 00280318 00000000000000000000000000000000 #HBO_Offset_Data be6eebef636773a8e7a82214e81c563a 0043bf12 00000000000000000000000000000000 #HBO_Offset_Data c8169b4320ac0cb8d1ed20454322e839 0027e690 00000000000000000000000000000000 #HBO_Offset_Data c828aa1c5469e72251f3d367005e589f 00280310 00000000000000000000000000000000 #HBO_Offset_Data c99d8b48fc245d98e1a2bab6594458c9 00280170 00000000000000000000000000000000 #HBO_Offset_Data cc5a2205d37ae67ce23ab7fd3e1fdaca 00280378 00000000000000000000000000000000 #HBO_Offset_Data d1cf72c34baf70c52797d1cb78d6ee92 00280dc8 00000000000000000000000000000000 #HBO_Offset_Data da077e334961230c12e3e4d62626286e 0027e2b0 00000000000000000000000000000000 #HBO_Offset_Data da551bfec150760a38a9ad0c95a8a71c 00281500 00000000000000000000000000000000 #HBO_Offset_Data da9377a57a277170c78095c0e8bd8c85 0027e340 00000000000000000000000000000000 #HBO_Offset_Data e267ee248cda7667c19001c069de867b 002e2f6c 00000000000000000000000000000000 #HBO_Offset_Data e6b64c6c729bbc38ab7cc92ce33f97a5 0043c952 00000000000000000000000000000000 #HBO_Offset_Data eacaedef6fa2a969de5b36190d45396f 002e47ec 00000000000000000000000000000000 #HBO_Offset_Data ec936148284f557f19c333178768109b 002e460c 00000000000000000000000000000000 #HBO_Offset_Data f049c52772fc86fd5f6c16d77a2a6204 0027e148 00000000000000000000000000000000 #HBO_Offset_Data f3a9e882df2f155c9395979ff9d7b0a7 00280d30 00000000000000000000000000000000 #HBO_Offset_Data f3ee47f296295d08a97cb50ef57244d9 00280a48 00000000000000000000000000000000 #HBO_Offset_Data f433136c23d13b120412b300d1324a7e 00280160 00000000000000000000000000000000 #HBO_Offset_Data c735b6503cae05566c0d91f337c60e09 00659a60 00000000000000000000000000000000 #HBO_Offset_Data f09d92c7ceefc395b33a5a5e7d267d97 00659a60 00000000000000000000000000000000 #HBO_Offset_Data 400b59309c4b6efc64f8c45b7972fbdb 002e47ec 00000000000000000000000000000000 #HBO_Offset_Data 71203892d5d654fc0ca3ad49a8773318 002e4f24 00000000000000000000000000000000 #HBO_Offset_Data 9323d6048eca6997d02e455603adca09 005bd1c0 00000000000000000000000000000000 #HBO_Offset_Data b2ab53e09acae9ec8e93b97d8da80b15 005bc8c0 00000000000000000000000000000000 #HBO_Offset_Data d5c68956d845f7ec21d2a5b49ae8585b 005bbe60 00000000000000000000000000000000 #HBO_Offset_Data f6120891208d445f9a0509443697bffb 005bcb40 00000000000000000000000000000000 #HBO_Offset_Data 062b81f34eadeef652e759bf93691c50 0043b6ea 00000000000000000000000000000000 #HBO_Offset_Data 0dcc9623d9a3e77212177f59738be29a 002e2cb8 00000000000000000000000000000000 #HBO_Offset_Data 0ee8b3a112c58eb71951da5c77e7c01a 002e6804 00000000000000000000000000000000 #HBO_Offset_Data 156e8053f0d289aad17c4a12163b0795 002e65f4 00000000000000000000000000000000 #HBO_Offset_Data 1d73575d8a0f368cd8fe3212e8928743 002e4c74 00000000000000000000000000000000 #HBO_Offset_Data 20348c5c94d7d4a0d9aa12fbaa698514 002e2cb0 00000000000000000000000000000000 #HBO_Offset_Data 256e9d588acb7f104123947297a9302a 002e29c8 00000000000000000000000000000000 #HBO_Offset_Data 2620c82eeebed884faa1e00c4671e83a 0043aa52 00000000000000000000000000000000 #HBO_Offset_Data 2b59221d1b9d9fb1d202a21afe8e410a 002e29b0 00000000000000000000000000000000 #HBO_Offset_Data 2bc9595aef52c3989b77ab8506615bad 002e5e90 00000000000000000000000000000000 #HBO_Offset_Data 31dcf20d4e65a972640ce77635f1039b 002e43f4 00000000000000000000000000000000 #HBO_Offset_Data 32b5bddfe6f4a51308a26a01dd5c210b 002e4480 00000000000000000000000000000000 #HBO_Offset_Data 34311116c0a994bd82d7732d0950999c 002e4f24 00000000000000000000000000000000 #HBO_Offset_Data 360a4fa3715c63086ae00c108e592e08 002e6320 00000000000000000000000000000000 #HBO_Offset_Data 3830d91add6900ad19150684e366e48f 002e4454 00000000000000000000000000000000 #HBO_Offset_Data 3ae6072a86ad8049dd133db40f73f0c8 002e43c4 00000000000000000000000000000000 #HBO_Offset_Data 3af70556543467956227b1d97b314e66 002e61e0 00000000000000000000000000000000 #HBO_Offset_Data 3e3d3e24bd1f862cd1a772c0dad3f134 002e2a48 00000000000000000000000000000000 #HBO_Offset_Data 56942eb5d17dfa38ca0b2b234bb578a3 002e2c10 00000000000000000000000000000000 #HBO_Offset_Data 5c23f9efafd87043d8ca49b9308e3d29 002e4934 00000000000000000000000000000000 #HBO_Offset_Data 5e0a39e714e39e054a3a0f2a04ee5da0 002e6178 00000000000000000000000000000000 #HBO_Offset_Data 616ea8d014af07fb1dc97b7432794aa6 002e4f24 00000000000000000000000000000000 #HBO_Offset_Data 676692edc2e1dbd89efcb617a1e75f7d 002e4a48 00000000000000000000000000000000 #HBO_Offset_Data 67ffb5ed7723d03b50734614d31b57a5 002e51a4 00000000000000000000000000000000 #HBO_Offset_Data 6c5dc8b0f44658c550cb371c85bcae56 002e428c 00000000000000000000000000000000 #HBO_Offset_Data 6d4aaaaaeb494f78610ae792ec6b3e77 002e2c98 00000000000000000000000000000000 #HBO_Offset_Data 6ef8bf95a1ce83eca056524a02b29e25 002e4618 00000000000000000000000000000000 #HBO_Offset_Data 713d3d802424c56f28a3ac21f843d9e4 002e47bc 00000000000000000000000000000000 #HBO_Offset_Data 73455b9fb05ab022e201f0f049a95600 002e3938 00000000000000000000000000000000 #HBO_Offset_Data 77693f4cd5cd48ee3a4abb5073276976 002e5d84 00000000000000000000000000000000 #HBO_Offset_Data 804beb97942afdd90a0418ddb4ef8342 002e3c10 00000000000000000000000000000000 #HBO_Offset_Data 863fbeeca377800b2afa4f8e972bebc0 002e47fc 00000000000000000000000000000000 #HBO_Offset_Data 8a49dc126eeb62c030782a9cbda3a99e 002e58dc 00000000000000000000000000000000 #HBO_Offset_Data 8b03b6121c4a55bf48b56bfaf962f879 002e47ec 00000000000000000000000000000000 #HBO_Offset_Data 8ecfdd5549ad28191d8594c80d4001e8 002e2ac0 00000000000000000000000000000000 #HBO_Offset_Data 8fa6cffc665d1d9d99126cfa8d8deab7 002e2e48 00000000000000000000000000000000 #HBO_Offset_Data 8fd67a68af3e2013dc668d3dd1519bb7 0043abe2 00000000000000000000000000000000 #HBO_Offset_Data 921e63b100f67fa21a0c623930810c58 002e550c 00000000000000000000000000000000 #HBO_Offset_Data 94ed56734e8ab74357f8ea2c5c174ea9 002e4b0c 00000000000000000000000000000000 #HBO_Offset_Data 977c356e655f357665310c0c95d0dbd4 002e2770 00000000000000000000000000000000 #HBO_Offset_Data 9c4091cd321d6d8bcf9842f109ee574b 002e2770 00000000000000000000000000000000 #HBO_Offset_Data a77a82830d2bbb001a53a5368934f7eb 002e2f60 00000000000000000000000000000000 #HBO_Offset_Data ab3f4236c95b6971436669b9c0bc3153 002e2f6c 00000000000000000000000000000000 #HBO_Offset_Data ad9e78847641e519fe50a9c27e49ad27 002e5084 00000000000000000000000000000000 #HBO_Offset_Data b1ae727959358e4fe72d7fe6dc6736e8 002e2aa0 00000000000000000000000000000000 #HBO_Offset_Data b964d58a6698c8fca93447adbde18820 002e460c 00000000000000000000000000000000 #HBO_Offset_Data be6120f3d7a853039b5437ac9e1986c1 0043c952 00000000000000000000000000000000 #HBO_Offset_Data cf807c36c2e1984104d173b9de1bcbcd 002e4f24 00000000000000000000000000000000 #HBO_Offset_Data d38265a0c435e2a4be5d662ab82f00e4 002e37e0 00000000000000000000000000000000 #HBO_Offset_Data d8c0b944a3fb4be7bc8da21d4a5b33ab 002e3bc8 00000000000000000000000000000000 #HBO_Offset_Data df4d546a6e1c8d0f4fc10fcc9e422763 0043bf12 00000000000000000000000000000000 #HBO_Offset_Data e161281a8e8937ed94299a6b465d7bce 002e2cb0 00000000000000000000000000000000 #HBO_Offset_Data e2ffaa76a5defa1a680f2d32e18d443b 002e48b4 00000000000000000000000000000000 #HBO_Offset_Data e7b65139d4062b43f0f92337773c78b9 002e6a28 00000000000000000000000000000000 #HBO_Offset_Data ed2588d1864319c54e79443130a8004b 002e4874 00000000000000000000000000000000 #HBO_Offset_Data ed6055694115b1a247b2591ab465a21d 0043c442 00000000000000000000000000000000 #HBO_Offset_Data f1f3d1793483b394835dab3d4c326cdb 002e6bc8 00000000000000000000000000000000 #HBO_Offset_Data fb051078150d7ee5a95aa620d1186000 002e57ac 00000000000000000000000000000000 #HBO_Offset_Data 31f80311f487aba186a10e551b212573 00444353 00000000000000000000000000000000 #HBO_Offset_Data 6ee36579e69e37d2ab2926a40b16dbb3 00444b43 00000000000000000000000000000000 #HBO_Offset_Data 96990605689b601287d4a83dd2b05f0b 0044500b 00000000000000000000000000000000 #HBO_Offset_Data f8f43d14ba21cf92d16b3a16a958778b 00444433 00000000000000000000000000000000 #HBO_Offset_Data 2c8725bbc943212b349b34d11153e5f6 0025a1d9 00000000000000000000000000000000 #HBO_Offset_Data 0c3d001a8e871edf7403a9450a57cafc 00242793 00000000000000000000000000000000 #HBO_Offset_Data 9e3527885dc65c537c1eaf1e988b0b57 0025a1d9 00000000000000000000000000000000 #HBO_Offset_Data e1928af2ad5b093c8ca48a03256e58e4 0025dbb6 00000000000000000000000000000000 #HBO_Offset_Data dce2657269926b3212555213fe3ab3c7 0025a1d9 00000000000000000000000000000000 #HBO_Offset_Data 242eeef799023fcd32271944e57fa0e7 0025dbb6 00000000000000000000000000000000 #HBO_Offset_Data 06082fbd7334cd0a9de93022c2c0c153 0026eb7f 00000000000000000000000000000000 #HBO_Offset_Data 19d52a827f1708b1f9cfdd87227fdd4f 00245986 00000000000000000000000000000000 #HBO_Offset_Data 1a773c68835908fc9ee0d2b8a478c6aa 00245bd1 00000000000000000000000000000000 #HBO_Offset_Data 305784ba9e66b4d22f5370ddcf30474c 00245b84 00000000000000000000000000000000 #HBO_Offset_Data 388e39d4c5431b8fec35f91ebd07d86d 00245fc3 00000000000000000000000000000000 #HBO_Offset_Data 3e8358c185c9e49a5e88d49c0119bbc6 00246037 00000000000000000000000000000000 #HBO_Offset_Data 52e34297f6747d876a04a4dcfcbfa77e 0026f7af 00000000000000000000000000000000 #HBO_Offset_Data 56860c3853ce62b1ea7fad838ef4b712 0024574f 00000000000000000000000000000000 #HBO_Offset_Data 5ac7232fda6a00ac128ac95aaee69ae2 00245313 00000000000000000000000000000000 #HBO_Offset_Data 5f5068783fbfe7d90184dff1a66d2e99 0026f3af 00000000000000000000000000000000 #HBO_Offset_Data 6c645c9052b26d42cb98a4aba820d928 00245c9f 00000000000000000000000000000000 #HBO_Offset_Data 6e4eeb03780f95bfa791a5e03d04ed36 0026c72f 00000000000000000000000000000000 #HBO_Offset_Data 778d21b8dbd1eb82b4da5e6d2e2f601f 00244c84 00000000000000000000000000000000 #HBO_Offset_Data 7aa0f63f56bf6622398e0695cdfbc425 0026f3af 00000000000000000000000000000000 #HBO_Offset_Data 8f6bbd4a892d89660e99037e6321ad31 00245d8d 00000000000000000000000000000000 #HBO_Offset_Data 9c8869bbae40286d3acce5c39c0d2413 0026edff 00000000000000000000000000000000 #HBO_Offset_Data a4409b60b109eb766cd758a5c17f2ba2 0024552e 00000000000000000000000000000000 #HBO_Offset_Data a64006ee08081b54698660344af90dcf 0024589f 00000000000000000000000000000000 #HBO_Offset_Data a7c94f166aea1be9053f8218ce2481b9 0026ecf7 00000000000000000000000000000000 #HBO_Offset_Data a98f7560c934a215370faf68b5ef29df 0026c747 00000000000000000000000000000000 #HBO_Offset_Data acd0e30ff97ccf7cc0b46ea66abaa6cc 0026df57 00000000000000000000000000000000 #HBO_Offset_Data cdb5f36331a8adf437eaecd997ee247f 0026e11f 00000000000000000000000000000000 #HBO_Offset_Data dcfaa9508f3e0e3ce0c88240878cd6ce 00245986 00000000000000000000000000000000 #HBO_Offset_Data ee5d5c2c1e3d6e44665024a55fb97190 00245070 00000000000000000000000000000000 #HBO_Offset_Data 0141bc1d6b076c22f737878427c61b13 00230fc9 00000000000000000000000000000000 #HBO_Offset_Data 0e629916652a236983ceaea9d220907a 00230a34 00000000000000000000000000000000 #HBO_Offset_Data 0fc0186c005d94decfdfd2de47ae10d3 002311e1 00000000000000000000000000000000 #HBO_Offset_Data 2b4c44316b82ae0772fa8562a6ad6ac9 00230b97 00000000000000000000000000000000 #HBO_Offset_Data 46380bea113bd3b5c0072b800a923011 00231857 00000000000000000000000000000000 #HBO_Offset_Data 5002bf7013d922cc1590003ed6912e85 00232c15 00000000000000000000000000000000 #HBO_Offset_Data 72f1925a4ed816913f6c1a8d919eeef9 002311e0 00000000000000000000000000000000 #HBO_Offset_Data 80e6edc1f7c0ff9a77326b4d70b61828 00230397 00000000000000000000000000000000 #HBO_Offset_Data 8a7251ef3006c00262fe7e98c968a624 00232a19 00000000000000000000000000000000 #HBO_Offset_Data 961597dcfcdb53772b8acfcce97a5970 00232748 00000000000000000000000000000000 #HBO_Offset_Data 9cd497483df476a33a962b9a1cbfe1f7 00232b75 00000000000000000000000000000000 #HBO_Offset_Data a4855f89c02e5394f44c7a4dd63851cc 00231377 00000000000000000000000000000000 #HBO_Offset_Data aa7718f37decb22282a58414c20a17ce 00232aff 00000000000000000000000000000000 #HBO_Offset_Data b3e7100b7091d958aec345df099b0a94 002325fd 00000000000000000000000000000000 #HBO_Offset_Data b705b61662341772487817d03c8aca56 002312f7 00000000000000000000000000000000 #HBO_Offset_Data d05860edbb5975ee9822a7c527255573 00232344 00000000000000000000000000000000 #HBO_Offset_Data d2c040629dc44c110897009366cb93b0 002321f2 00000000000000000000000000000000 #HBO_Offset_Data dcb29b03b80c5f26bb3f3a3dda42281d 00231000 00000000000000000000000000000000 #HBO_Offset_Data 09d5af037c7c4b06d6e0c152166ea2a9 002317fe 00000000000000000000000000000000 #HBO_Offset_Data 11443aa7b5b2ba2d1022e78c4e2ebd87 00233146 00000000000000000000000000000000 #HBO_Offset_Data 28583a6dca49f2deccc4bc58277b7ae4 00231a5e 00000000000000000000000000000000 #HBO_Offset_Data 2a315fa77318ee1c2b74f4fc93eefd2a 0023151e 00000000000000000000000000000000 #HBO_Offset_Data 31a29b9d4a8d304cfc686c84cd090b28 0023355e 00000000000000000000000000000000 #HBO_Offset_Data 3a663809a4596cd451dd9908772f04be 00233a27 00000000000000000000000000000000 #HBO_Offset_Data 6e463abcdc46651629318b1467e007ca 00233364 00000000000000000000000000000000 #HBO_Offset_Data 6f68b5643a8e74472fdb5f90a24d1825 0023152e 00000000000000000000000000000000 #HBO_Offset_Data 70b96e75c9bda73dcd78f0b71d62963c 002317b7 00000000000000000000000000000000 #HBO_Offset_Data 77bc18df8014702a2813ec6e826dd31a 00232de7 00000000000000000000000000000000 #HBO_Offset_Data 9cd55f93175fe4ee79a0fb0a2aaf4500 0023151e 00000000000000000000000000000000 #HBO_Offset_Data a6aa88d0a2ae1e0fd644b17ca41839c6 002330ec 00000000000000000000000000000000 #HBO_Offset_Data b282b942cb06cdac90910e9186b5e3ef 00232de7 00000000000000000000000000000000 #HBO_Offset_Data bf083ba296bec8673c5b21c8358eb547 002320d1 00000000000000000000000000000000 #HBO_Offset_Data cdefcfe503e741cd4980a40b30ab65ac 002320c1 00000000000000000000000000000000 #HBO_Offset_Data d563e9af0ace42574733f9e2d330c104 00231cce 00000000000000000000000000000000 #HBO_Offset_Data db9bc075b43b91c710670cc31cf9610c 00232de7 00000000000000000000000000000000 #HBO_Offset_Data ee7c1ca1ae73771a4a7a7a3b4c54cdf2 00233a37 00000000000000000000000000000000 #HBO_Offset_Data 41c39e9ed3efbfbf45611d47d10f143b 0011272a 00000000000000000000000000000000 #HBO_Offset_Data c750780af2225f2f407bff437333f515 0043b98a 00000000000000000000000000000000 #HBO_Offset_Data 579b767c01c377b5b9373b15fc990cd2 0043bd12 00000000000000000000000000000000 #HBO_Offset_Data 4ae59a374501cd9c37f5909fde556391 002e57dc 00000000000000000000000000000000 #HBO_Offset_Data 11e6a218972643597480d79f3b3a7688 0027f2e0 00000000000000000000000000000000 #HBO_Offset_Data bb19af7e18f50ec6fd484e997c80c70a 00281478 00000000000000000000000000000000 #HBO_Offset_Data a9ebca5c3ab2128ccc76f8080a97674b 00280d38 00000000000000000000000000000000 #HBO_Offset_Data a78668bde10950b609be5832ad430cb0 0043a862 00000000000000000000000000000000 #HBO_Offset_Data 753da33903447e729f9ef5f217481ace 002e5f7c 00000000000000000000000000000000 #HBO_Offset_Data 659430df197b958611e244e92cde9e0d 00280dd0 00000000000000000000000000000000 #HBO_Offset_Data b621772db2276ff133407bddf5079923 0043b602 00000000000000000000000000000000 #HBO_Offset_Data 245d5cd6b858ab694b4a1afd7d4e7693 00112692 00000000000000000000000000000000 #HBO_Offset_Data 9032860bda48e615b5abfde8a25c7eb7 0011272a 00000000000000000000000000000000 #HBO_Offset_Data 3701c2f766865bef9f5987e8ab95a6da 002e5f7c 00000000000000000000000000000000 #HBO_Offset_Data 72ae55a9ffbc60650339cb12e35c7dd5 0027ff78 00000000000000000000000000000000 #HBO_Offset_Data 6770b436928e450f5b4866bdc59549cc 002e57dc 00000000000000000000000000000000 #HBO_Offset_Data 8687e029be63c77d4919485068c54d77 0027d5c8 00000000000000000000000000000000 #HBO_Offset_Data 84a1b9b0c362051e68bb131f14c6daad 00276528 00000000000000000000000000000000 #HBO_Offset_Data 6b9d083c0d4c4555fe011b01a98872da 0027db28 00000000000000000000000000000000 #HBO_Offset_Data 5fc7de1195c8e9b5360fd65dbe95e5b0 0027d5d0 00000000000000000000000000000000 #HBO_Offset_Data 4d92717b5bbce85f1254bad23b0d357c 0027dfc0 00000000000000000000000000000000 #HBO_Offset_Data 31e7520e58e5e4dfa93215a6d5603af2 00276958 00000000000000000000000000000000 #HBO_Offset_Data 2991727809c7ac3a33e4178cc73244d8 0027f108 00000000000000000000000000000000 #HBO_Offset_Data 284ce76b71dd5260b42a3ccf0135af67 0027cbb0 00000000000000000000000000000000 #HBO_Offset_Data c6f8947bb5076b0c7c8e8ecfcc394f84 00280d38 00000000000000000000000000000000 #HBO_Offset_Data 95bd53d5ab4aa7bd8098ccba7d01c5d1 0027f2e0 00000000000000000000000000000000 #HBO_Offset_Data 877ec4221f6af1f51e24110e064cc71e 0043b602 00000000000000000000000000000000 #HBO_Offset_Data 255c2ce965543abdc3e0a25a5da1874a 00276628 00000000000000000000000000000000 #HBO_Offset_Data 1c45525574ef206346fbafcaac7cc4a5 0027ed90 00000000000000000000000000000000 #HBO_Offset_Data 00adcb32832a10ed9419493bcea97526 0027f4d8 00000000000000000000000000000000 #HBO_Offset_Data cf58dca3ed911c4c942b941d4ecf6862 0043a862 00000000000000000000000000000000 #HBO_Offset_Data cb479559434c766dcc26d0489ba84ef1 00281478 00000000000000000000000000000000 #HBO_Offset_Data fca7e888d8a94fbc6c049a10bb14416a 00b2bca0 00000000000000000000000000000000 #HBO_Offset_Data 1bd4b8cf0eacab8925bf36ba3497252a 00e837a0 00000000000000000000000000000000 #HBO_Offset_Data fe1b4f611cff0b442cec979be1cddf77 0044430b 00000000000000000000000000000000 #HBO_Offset_Data a89e3948b2efc55f642fe1fe2cda2d9e 0044430b 00000000000000000000000000000000 #HBO_Offset_Data 5f0851c767de71c261283d423650fac9 004442eb 00000000000000000000000000000000 #HBO_Offset_Data 56f5053760581989a9bc7a47e916f661 004442eb 00000000000000000000000000000000 #HBO_Offset_Data 43592d31aff84dd957199248898d9430 00443eb3 00000000000000000000000000000000 #HBO_Offset_Data 12c3f25ea578daa752024e1918d59313 00534e00 00000000000000000000000000000000 #HBO_Offset_Data efb718c1cd9dd453dee529df4f25dbca 0043bd12 00000000000000000000000000000000 #HBO_Offset_Data d8aec29bd4f4c5a9d85f3ade9b7f8c3f 0043b98a 00000000000000000000000000000000 #HBO_Offset_Data 299423dfb7e8d8e179f685371c88a6a8 0027f2e0 00000000000000000000000000000000 #HBO_Offset_Data 37f578776552fa076ea6085f0365209c 00281478 00000000000000000000000000000000 #HBO_Offset_Data 431d4c38e47ae0cac1a52a185395a5f5 00280d38 00000000000000000000000000000000 #HBO_Offset_Data 601e18a9a8f0d0ed39692b593212378f 00280dd0 00000000000000000000000000000000 #HBO_Offset_Data a6cf28c6e0b6d10098ab601d85ee55e8 0043bd12 00000000000000000000000000000000 #HBO_Offset_Data cda69bc1c23b0ea033b989f67cb722ff 0043b3c2 00000000000000000000000000000000 #HBO_Offset_Data a706e122b398fe1ab85cb9b75d044223 0027ff78 00000000000000000000000000000000 #HBO_Offset_Data c6e663c066e3bea5b0bb70d87d0701e9 0027ca60 00000000000000000000000000000000 #HBO_Offset_Data 0ecef1a7a11f32aef99d41b906661125 00159aa8 00000000000000000000000000000000 #HBO_Offset_Data c161682f08825bbee39abb6ced9482b1 0018ca30 00000000000000000000000000000000 #HBO_Offset_Data d50724477082fdaa0d12493393e10332 0018c960 00000000000000000000000000000000 #HBO_Offset_Data ea179d6d0a81d756ccb930db2dc72292 00112692 00000000000000000000000000000000 #HBO_Offset_Data f7af10306d6fb7011bf0d4f89e6a6106 0018c390 00000000000000000000000000000000 #HBO_Offset_Data b03cdc8032c1c58f50a0de663a13f3a5 00111f11 00000000000000000000000000000000 #HBO_Offset_Data cde13af452535d6efee6882d1c2cc800 0018c190 00000000000000000000000000000000 #HBO_Offset_Data 2d972f487eacebbb2b3a02f290c3511a 002e250c 00000000000000000000000000000000 #HBO_Offset_Data c24138b16a7ea1f5d821ebbff164f81f 00159aa8 00000000000000000000000000000000 #HBO_Offset_Data cac51ad576713e5f0ce2251ed3a7fe82 00274c00 00000000000000000000000000000000 #HBO_Offset_Data 66746bd88f71770815e12e6c6caef3ea 002e5754 00000000000000000000000000000000 #HBO_Offset_Data 6fff8d10d0ef5dbe46b7d035fa4119e4 0043b3c2 00000000000000000000000000000000 #HBO_Offset_Data 848fd0fc3725e859c7512047bf447510 00280dd0 00000000000000000000000000000000 #HBO_Offset_Data 88e1c15bb1a9ed3cba4d6f2f408d5010 0027ea00 00000000000000000000000000000000 #HBO_Offset_Data 91c5ade25bc4e3322577854fa2e7b58b 00275950 00000000000000000000000000000000 #HBO_Offset_Data a14a7a206ae22de4fe563e44cfc7ddf5 00277030 00000000000000000000000000000000 #HBO_Offset_Data abcd123f888e4e97c8751378cccc4f26 0027d7d0 00000000000000000000000000000000 #HBO_Offset_Data be45460d1453b7342e01eae79bfbc681 0027d388 00000000000000000000000000000000 #HBO_Offset_Data c7074da3d8f8c0f6c03874ba0b05069c 0027d2c0 00000000000000000000000000000000 #HBO_Offset_Data cefea1c301139a817931be132f0359fe 0027e0c8 00000000000000000000000000000000 #HBO_Offset_Data d251679bd9ef0250201fb899ec40fd32 0027ded8 00000000000000000000000000000000 #HBO_Offset_Data dcfac5470ee0a159ec4222bc28ae3ee6 002765d0 00000000000000000000000000000000 #HBO_Offset_Data deaa438ea31095e14a196ff647e38d13 0027cfa8 00000000000000000000000000000000 #HBO_Offset_Data f31274d7667d83e73c6ee16d2206b76c 0027da70 00000000000000000000000000000000 #HBO_Offset_Data fae3ca9b2459581c45b3a8845be3077c 00275610 00000000000000000000000000000000 #HBO_Offset_Data 00ec049ca9d88d997ae465e28d57b106 00111ebc 00000000000000000000000000000000 #HBO_Offset_Data 011b7d2191eca82eb8ad7a75eb31af89 001123b5 00000000000000000000000000000000 #HBO_Offset_Data 013d652c7929433378088ddc92ac01d0 001125d5 00000000000000000000000000000000 #HBO_Offset_Data 1815f7328b6076446d26047682f8fd50 00111e71 00000000000000000000000000000000 #HBO_Offset_Data 26e5f721e575299e3e8ee9eef4b72ecc 001599d7 00000000000000000000000000000000 #HBO_Offset_Data 283749fb69254e8cb32c4a7143fe0045 00112485 00000000000000000000000000000000 #HBO_Offset_Data 2a464df4b46b311ad7d993a825041223 00111e34 00000000000000000000000000000000 #HBO_Offset_Data 34fa89b087a52f6a36f114fb72697e28 00111e99 00000000000000000000000000000000 #HBO_Offset_Data 35ccc3b4ab9f01ba816fbd55ed773038 00112495 00000000000000000000000000000000 #HBO_Offset_Data 59b99b65380e6736aae7c7b9d090c1d2 00111e49 00000000000000000000000000000000 #HBO_Offset_Data 65b445816d95be94316b2bde24afd7e9 001124e5 00000000000000000000000000000000 #HBO_Offset_Data 66ef0c1010c1e69fa2b9e2151ef1ab6d 0011265d 00000000000000000000000000000000 #HBO_Offset_Data 673a6bb9ac002371cb551efbe318e120 00111e89 00000000000000000000000000000000 #HBO_Offset_Data 6e82ef72b9f724475f592fcd50837904 00112405 00000000000000000000000000000000 #HBO_Offset_Data 72c27b47c14d35df1508ac4166314cfa 001126f5 00000000000000000000000000000000 #HBO_Offset_Data 9cc4488551ed9478173c47ea75aef631 0011241d 00000000000000000000000000000000 #HBO_Offset_Data a3b84fc04a45c66de2a04a96a0b5d6c4 001122cd 00000000000000000000000000000000 #HBO_Offset_Data aea27d3d1780ef298adf31acead89bd3 00112465 00000000000000000000000000000000 #HBO_Offset_Data c16ba8302665df073785da313d191d99 00111da1 00000000000000000000000000000000 #HBO_Offset_Data ca20c18d5e1e8f0b119bed9b8ee74816 0011256d 00000000000000000000000000000000 #HBO_Offset_Data d35d4b9b774347df6095a97b54ddcb06 0011235d 00000000000000000000000000000000 #HBO_Offset_Data db3f4abcb72b70a79d9e218d5cc5b654 00111e89 00000000000000000000000000000000 #HBO_Offset_Data ede55dbaaa288ac95a6475ed7d5de4ee 00159a2b 00000000000000000000000000000000 #HBO_Offset_Data fa9b36295d8da1dc649c381d26ec10cd 001123dd 00000000000000000000000000000000 #HBO_Offset_Data 042ac20e084d21dd6bee99b89cc30fb7 00276dc8 00000000000000000000000000000000 #HBO_Offset_Data 087ff7c54e7ebe4a59bd4dfc1d0ee9b8 00274f30 00000000000000000000000000000000 #HBO_Offset_Data 3394299fbf1cd0b24089fc762611360b 00277450 00000000000000000000000000000000 #HBO_Offset_Data 5e7a39950ea133bb54719a6e08c544a7 00276e38 00000000000000000000000000000000 #HBO_Offset_Data d3f037f5da702ae9ddd7663ec9d78ba7 00277710 00000000000000000000000000000000 #HBO_Offset_Data d94e6405e420373161467acd3da65640 00274f30 00000000000000000000000000000000 #HBO_Offset_Data 121ec39a64d64205a88c2c45b034b455 002e47fc 00000000000000000000000000000000 #HBO_Offset_Data 1bb754ab47b327de8dbf2fa18c36357c 002e51a4 00000000000000000000000000000000 #HBO_Offset_Data 2b4315ec9e3124408a2a5074c4b97700 002e50b4 00000000000000000000000000000000 #HBO_Offset_Data 3b413267da8ae71c20e5ef3e54f74728 002e4a48 00000000000000000000000000000000 #HBO_Offset_Data 4d612ff5d3b7eef200595ae6f95d5e68 002e4a64 00000000000000000000000000000000 #HBO_Offset_Data 4ee273e2b09317c1217ef0db91f93534 002e487c 00000000000000000000000000000000 #HBO_Offset_Data 758c8bedab7ce5f9070c85e2e57cbd80 002e550c 00000000000000000000000000000000 #HBO_Offset_Data 8976cab317105f7431b08ea32ab73c65 002e43e4 00000000000000000000000000000000 #HBO_Offset_Data 89a9658515a18e673034369e043fab01 002e57ac 00000000000000000000000000000000 #HBO_Offset_Data 8b48737260c273c9b0daca84ea1ccdbd 002e65f4 00000000000000000000000000000000 #HBO_Offset_Data 976c46ed4a75fc66d9c596778898ce1e 002e4934 00000000000000000000000000000000 #HBO_Offset_Data a097c36412455f0c7e42377faf8809b7 002e43f4 00000000000000000000000000000000 #HBO_Offset_Data ab2c88167d78d71d93558acecb24cc7a 002e4424 00000000000000000000000000000000 #HBO_Offset_Data c6fd770d518fb024245a0ee217d72bc1 002e57dc 00000000000000000000000000000000 #HBO_Offset_Data c79fad61cd4a26ed5aa8c16d991c6fbd 002e4f24 00000000000000000000000000000000 #HBO_Offset_Data c7c3e41cc2f6eb4a629fe2184136c098 002e4b0c 00000000000000000000000000000000 #HBO_Offset_Data cc9d001b7370b292c35b366ca05b12b4 002e5084 00000000000000000000000000000000 #HBO_Offset_Data e52a845dce011d56b12b8f3f4606f956 002e5754 00000000000000000000000000000000 #HBO_Offset_Data edad55105ddd067ae3906011f297267c 002e5f7c 00000000000000000000000000000000 #HBO_Offset_Data f6098cc1b1c3858d53f20f3cb5774f3b 002e5d84 00000000000000000000000000000000 #HBO_Offset_Data 0e49677ee57a928765fc47ffbacd5326 0043b602 00000000000000000000000000000000 #HBO_Offset_Data 1290e417bf806185cc7b2845e78a104e 0043a862 00000000000000000000000000000000 #HBO_Offset_Data 5a32b43a48d6dca339bf24105d9a028f 0043aa52 00000000000000000000000000000000 #HBO_Offset_Data b68f6e6c66d17d9edabf3d5da71046da 0043b98a 00000000000000000000000000000000 #HBO_Offset_Data c0f9ac6fab2c788ffee3e69585a0e93f 0043c32a 00000000000000000000000000000000 #HBO_Offset_Data cbb1ef54b86edb78649909dd1699e5ca 0043b6ea 00000000000000000000000000000000 #HBO_Offset_Data eeaadaa744b20e68cf5eb4fbb4f8afa9 0043a862 00000000000000000000000000000000 #HBO_Offset_Data f25d866dd486ad30e05e5596cb363c3e 0043abe2 00000000000000000000000000000000 #HBO_Offset_Data 0b172564d51ed80d9efae438e7a1617a 0018c840 00000000000000000000000000000000 #HBO_Offset_Data 0b982a1cfd7f2cf79c5332af5a632ca7 0018c4f0 00000000000000000000000000000000 #HBO_Offset_Data 0f3feb7ea7a1cef24e0ca1b9358fd41c 0018c5b0 00000000000000000000000000000000 #HBO_Offset_Data 10be36072b8dc9bf066e30122c4b590e 0018c7e0 00000000000000000000000000000000 #HBO_Offset_Data 1707fe371b4de549d9e4d522c813069d 0018cac0 00000000000000000000000000000000 #HBO_Offset_Data 171086b87f514d510f844f948ad130fb 00427120 00000000000000000000000000000000 #HBO_Offset_Data 1c41704b73d273ba2dd8f2277e94a7fb 0018c9a0 00000000000000000000000000000000 #HBO_Offset_Data 1f5afa101d7e2ad04ab0cd6f0c94f918 0018ca70 00000000000000000000000000000000 #HBO_Offset_Data 26cf32a986756a16f0d67435abdd4cd1 0018c510 00000000000000000000000000000000 #HBO_Offset_Data 30281f7dd1ad21a36adcf68cc490b3b0 0018ca50 00000000000000000000000000000000 #HBO_Offset_Data 35dd9b50232dff7879c570893431eff5 00426ca0 00000000000000000000000000000000 #HBO_Offset_Data 3a4087079988e5e98ebb8022130a33ce 0018c760 00000000000000000000000000000000 #HBO_Offset_Data 3c58504e2f2851cef6e3fe963276b8d4 0018c960 00000000000000000000000000000000 #HBO_Offset_Data 4372b634b41c51a6ad20cd6e40b1bd60 0018c1f0 00000000000000000000000000000000 #HBO_Offset_Data 4780a461c16bb37f13a8dff40cd35b49 0018c800 00000000000000000000000000000000 #HBO_Offset_Data 4a1c0ebe873c1c498d01dd95d7b6cdde 004273e0 00000000000000000000000000000000 #HBO_Offset_Data 4a9d7559015d6d06e343a5df6d229f75 00426de0 00000000000000000000000000000000 #HBO_Offset_Data 580356090a09ea81f24180ac262b816d 0018c770 00000000000000000000000000000000 #HBO_Offset_Data 5a089936ef65845d53d46a979d7824a9 00426f60 00000000000000000000000000000000 #HBO_Offset_Data 5a11d96b39ac14c6cb3761583e7b7b4a 00427720 00000000000000000000000000000000 #HBO_Offset_Data 5ba0b046eea54d60d51b59758aa781c7 0018c920 00000000000000000000000000000000 #HBO_Offset_Data 62ecdfafd3baf4fdfc7ba5cee65e669a 0018c3d0 00000000000000000000000000000000 #HBO_Offset_Data 648999c9cf68df14265ce4f0937b49bf 00427320 00000000000000000000000000000000 #HBO_Offset_Data 6e9e4c419731a985b50460f8139965d1 0018c840 00000000000000000000000000000000 #HBO_Offset_Data 74bde53b496970d7af8448dc0d09a357 00427cc0 00000000000000000000000000000000 #HBO_Offset_Data 75dfbb93ac002396f6088ac3ea96bc5a 0018c840 00000000000000000000000000000000 #HBO_Offset_Data 77f52fa933e32d03e6e5b17ced5fe5b6 00426c40 00000000000000000000000000000000 #HBO_Offset_Data 797ddfe9f369705f77ce1644ae45f628 0018c860 00000000000000000000000000000000 #HBO_Offset_Data 7b96fe8925cf118be3240a1133b0af65 0018ca10 00000000000000000000000000000000 #HBO_Offset_Data 8422be46f187640f826e41c5395954d0 00427bc0 00000000000000000000000000000000 #HBO_Offset_Data 84bf035b52844bb387d914b4e7cc37af 0018ca70 00000000000000000000000000000000 #HBO_Offset_Data 85031b85a94b9ae1d47f3afeb48eff83 00426c80 00000000000000000000000000000000 #HBO_Offset_Data 87ad32e4553d48a6c609e96a2ceecf19 0018c460 00000000000000000000000000000000 #HBO_Offset_Data 8a972e19083dcce7bb8852ab7f0588c7 00427870 00000000000000000000000000000000 #HBO_Offset_Data 8b0ee06e92195122f4a166c2b1010d72 0018c840 00000000000000000000000000000000 #HBO_Offset_Data 8b56ee20173bd0b8faf579990e199a79 0018c6e0 00000000000000000000000000000000 #HBO_Offset_Data 8bb492f3e76a7dc19bf38ef8a681892c 0018caf0 00000000000000000000000000000000 #HBO_Offset_Data 8d358ac39ef3b3ecedc5c92e713b2e56 0018c910 00000000000000000000000000000000 #HBO_Offset_Data 8d84feb7ff2aea213ecb5e8475b8f7a4 0018c400 00000000000000000000000000000000 #HBO_Offset_Data 8dcb8b9dd8e367d31c90faede9118195 0018c7d0 00000000000000000000000000000000 #HBO_Offset_Data 8e18364ae8049fa848201ca9a1a8c0df 0018c370 00000000000000000000000000000000 #HBO_Offset_Data 8fd007fab549075f523c99714c5cc3c7 0018c560 00000000000000000000000000000000 #HBO_Offset_Data 9c81946826640bdc46d812fb7431b972 0018c940 00000000000000000000000000000000 #HBO_Offset_Data a4bad5ec54a972ab32074e82b0dc27ac 0018c790 00000000000000000000000000000000 #HBO_Offset_Data aad2db76817fa58dd8a4cc212a682dd8 00426a70 00000000000000000000000000000000 #HBO_Offset_Data abfbc039fa05ace93e54c89ef9519d21 00427120 00000000000000000000000000000000 #HBO_Offset_Data ad780fad726e4214e8b86c5f02892217 0018c9c0 00000000000000000000000000000000 #HBO_Offset_Data adf2cd2b09243b46a0390f8cac5d7807 0018c6e0 00000000000000000000000000000000 #HBO_Offset_Data b4799b583cecd20d2998118b82c4d17d 0018c850 00000000000000000000000000000000 #HBO_Offset_Data b56d7e5b8600a9cb5c9b9667c339f97f 00426f60 00000000000000000000000000000000 #HBO_Offset_Data b8fda15dd6d143ccab517f8d66ca8353 00427ad0 00000000000000000000000000000000 #HBO_Offset_Data bb2cc4d7b649de3d5ee0249ad05b2c7d 0018c9f0 00000000000000000000000000000000 #HBO_Offset_Data bbe272823e34ff90f7e1a3f2352cf999 0018c4e0 00000000000000000000000000000000 #HBO_Offset_Data c6c7d3a39131f8b838bcc04c986124fb 0018c720 00000000000000000000000000000000 #HBO_Offset_Data c864d00ae3a64aebfe19c5f88565a23e 00426fe0 00000000000000000000000000000000 #HBO_Offset_Data ca82b4c1724945a6a0d37bc885a58ef9 004270b0 00000000000000000000000000000000 #HBO_Offset_Data cbb45cf34d3a588faf9358ce498fbf61 004271a0 00000000000000000000000000000000 #HBO_Offset_Data d481fa3d0cdb3ff9c33ec1624881d3a8 0018c2a0 00000000000000000000000000000000 #HBO_Offset_Data d6f79b807f16742077ebf98a1ea20262 0018c610 00000000000000000000000000000000 #HBO_Offset_Data da93f6f435d0c70e9188f3ba3197eaa1 00427240 00000000000000000000000000000000 #HBO_Offset_Data dee62a756a2f76037f2c81472ac43826 0018c9e0 00000000000000000000000000000000 #HBO_Offset_Data df5446d84a196609c052de33820b0ac3 004272e0 00000000000000000000000000000000 #HBO_Offset_Data e3a9d7ff5dc62c6d9862ce74ef766382 0018c740 00000000000000000000000000000000 #HBO_Offset_Data e5e3c654341edd892e5f745f19375b94 0018c8a0 00000000000000000000000000000000 #HBO_Offset_Data f48f6fb4247c39f89f37bbf16cc05276 0018c750 00000000000000000000000000000000 #HBO_Offset_Data f8800a7ba9161c7382b6f2cc0a3999af 004273d0 00000000000000000000000000000000 #HBO_Offset_Data 0076054441eb60ff70d1d6dec6cb3862 004bd700 00000000000000000000000000000000 #HBO_Offset_Data 09b7e95fbb9ac7e79ef2cf132aee8f83 0018c670 00000000000000000000000000000000 #HBO_Offset_Data 0ab98777704594ef0389898201c20477 004be1b0 00000000000000000000000000000000 #HBO_Offset_Data 173b601b5dcad4da4ce1fc9a93fff78a 004be700 00000000000000000000000000000000 #HBO_Offset_Data 1cee183dbcb7aa6273e5494e4aa103e5 0018cbe0 00000000000000000000000000000000 #HBO_Offset_Data 2b19fea389d8c0c31667608749c480f9 004beea0 00000000000000000000000000000000 #HBO_Offset_Data 3037334ba34413246c620bc387db64b1 0018cb80 00000000000000000000000000000000 #HBO_Offset_Data 311fb7c5b99e45edbc680ad6e0d8783d 004bf180 00000000000000000000000000000000 #HBO_Offset_Data 3bab56a17a0d8dafb9df783e69172e66 0018c720 00000000000000000000000000000000 #HBO_Offset_Data 3e0575c6b520b62f0cb02375aa9e6bdd 004bdef0 00000000000000000000000000000000 #HBO_Offset_Data 5c4a96b0030377e574970d924080bb76 00428d30 00000000000000000000000000000000 #HBO_Offset_Data 69e963832f8bdecc8352b71df2396634 00428590 00000000000000000000000000000000 #HBO_Offset_Data 743768c3d2006ee5b07f1b3f38e6d05d 00428a90 00000000000000000000000000000000 #HBO_Offset_Data 7efee37304fa086224c3e2df05fb66e0 004285b0 00000000000000000000000000000000 #HBO_Offset_Data 81e881034f0715b589169e92ba554a47 0018c780 00000000000000000000000000000000 #HBO_Offset_Data 866758195f3a7aac83d13a81a960ac39 004be060 00000000000000000000000000000000 #HBO_Offset_Data 8a575031575b897e389f0de64744288f 0018c340 00000000000000000000000000000000 #HBO_Offset_Data b237ba1f56919a5cd11a8a83b49b4aa6 00428590 00000000000000000000000000000000 #HBO_Offset_Data b562faadd30eb09f5165253bfbc78b11 00429660 00000000000000000000000000000000 #HBO_Offset_Data b715b2af90e3fd2baad3b4361fb2d4d1 0018ced0 00000000000000000000000000000000 #HBO_Offset_Data b733af0bcc8d8ac677d9d53ff17c50a0 00429d40 00000000000000000000000000000000 #HBO_Offset_Data bb147b007a28a53a30318f08a620cffd 004bd8e0 00000000000000000000000000000000 #HBO_Offset_Data c3283fd66a6cb55321d43f3a5a6cd7ff 00428890 00000000000000000000000000000000 #HBO_Offset_Data f99d7128ebb0db8a98903207f3b63e03 0018cec0 00000000000000000000000000000000 #HBO_Offset_Data 190e1ae9b973049b12a67bad478c770c 002e2a3c 00000000000000000000000000000000 #HBO_Offset_Data da297a862e5f093a07d37c05f608c686 002e2d2c 00000000000000000000000000000000 #HBO_Offset_Data 026911f1dd0981316f0d9bf506a6ef3e 00428d30 00000000000000000000000000000000 #HBO_Offset_Data 0a1d14964e046299b657ed2e597dd924 0038a4c0 00000000000000000000000000000000 #HBO_Offset_Data 0def41ebbc49454f4a101eca082c1452 004272e0 00000000000000000000000000000000 #HBO_Offset_Data 0e88f6039fca9e78985c1f776ddea2b9 004bdef0 00000000000000000000000000000000 #HBO_Offset_Data 1ff653dc307f6b9c5d902e0198bc95cf 00428590 00000000000000000000000000000000 #HBO_Offset_Data 221b04153053a6f0c4d2c742b3663f09 00427ad0 00000000000000000000000000000000 #HBO_Offset_Data 2d6449864b78e7544853575de28f9b16 004272e0 00000000000000000000000000000000 #HBO_Offset_Data 31cb88f64cdcb2a22179a7c184cd85d0 0038ccb0 00000000000000000000000000000000 #HBO_Offset_Data 32bd02787bb41774f198a46af13890f6 00427720 00000000000000000000000000000000 #HBO_Offset_Data 337cd982530e6a96bec0dd20d9991612 00426ce0 00000000000000000000000000000000 #HBO_Offset_Data 350cca444575ab7fb9af6c0015efa94f 0038a8f0 00000000000000000000000000000000 #HBO_Offset_Data 36914f24ffd47a4de6c2f2ffaa3ae534 0038c910 00000000000000000000000000000000 #HBO_Offset_Data 3d5e8716f25e5a03fbc5ad86072dc1ee 0038c9e0 00000000000000000000000000000000 #HBO_Offset_Data 440268881ed39f02610b1bec44344c07 004bd8e0 00000000000000000000000000000000 #Number_Parameters 2 #Clean_The_Stack 1 #Handler_Dll HIPHandlers.dll #Enter_Handler CObjectElement_put_classid_Enter_Handler #Exit_Handler 0 #Process_Name iexplore.exe # A hook for heapspray (commenting it out for now) #*API_Data_Start* #OS winxp #Hooked_Module jscript.dll #HBO_Offset_Data 7f5fd80040f61c12476a720cdcea14bc 00013a77 00000000000000000000000000000000 #HBO_Offset_Data 12788e3bdf0cf79051f0dc0c962ef072 0000d1c2 5355568b7424148b460885c00f8434b4 (5.6.0.6626) #HBO_Offset_Data 00d85f7f121cf6400c726a47bc14eadc 00011dcb 8bff558bec5153568b750c57ff7608e8 (5.6.0.8820) #HBO_Offset_Data f1ba376a4a61d4c1736bff51a1c28b96 00007eed 8bff558bec5153568b750c57ff7608e8 (5.6.0.8827) #HBO_Offset_Data 3f6984365b5e4f906234b32f9acfeda4 00008c8f 558bec53568b750c8b460885c00f8442 (5.6.0.8515) #HBO_Offset_Data ebfeea31b54176b4ce09bdd38557b6a7 0001ba1d 8bff558bec538b5d0c5657ff7308e8f1 (5.7.0.6000) #HBO_Offset_Data ffc4ed6e2393316cf218d5454553cb6e 00023a06 8bff558bec538b5d0c5657ff7308e87f (5.7.0.18000) #HBO_Offset_Data 5b2ba8498f5cca32a0d559dc7e03a4e9 00006497 5355568b7424148b460885c00f84dd8b (5.1.0.4615 Need to check this) #HBO_Offset_Data 0837ddc4b4a8bb8495ef3a0ae2da4271 0001b9a5 8bff558bec538b5d0c5657ff7308e8f1 (5.7.0.16599) #HBO_Offset_Data ea7262d11740d6154c8133983132a938 00006ded 8bff558bec5153568b750c57ff7608e8 (5.6.0.8832) #HBO_Offset_Data 570c9315a053a9dc8fe808f65f22a3be 00006a87 5355568b7424148b460885c00f844d86 (5.1.0.5010) #HBO_Offset_Data 89333008d4204e561ad09dec3e20760f 0001d386 8bff558bec538b5d0c5657ff7308e8f3 (5.7.0.18005) #HBO_Offset_Data dad3915c1731ea97bba2df0848633d93 0000d1c2 5355568b7424148b460885c00f8434b4 (5.6.0.6626) #HBO_Offset_Data 34c562e7a805b57e2925aa5c44740917 00011dcb 8bff558bec5153568b750c57ff7608e8 (5.6.0.8820) #HBO_Offset_Data ddd4c3e197d28572a242cd3558324cfa 0001b9a5 8bff558bec538b5d0c5657ff7308e8f1 (5.7.0.16599) #HBO_Offset_Data d4ab70e903e018b5796fc9f643f51d55 00007eed 8bff558bec5153568b750c57ff7608e8 (5.6.0.8827) #HBO_Offset_Data ddfbf96f94ced231229322432ca390a1 00006ded 8bff558bec5153568b750c57ff7608e8 (5.6.0.8832) #HBO_Offset_Data df4ca246ca64c4c9f944b53dfa5bd641 00006497 5355568b7424148b460885c00f84dd8b (5.1.0.4615) #HBO_Offset_Data a9b352229ec75c0d2f03b504abe74e88 00006a87 5355568b7424148b460885c00f844d86 (5.1.0.5010) #HBO_Offset_Data b5a826cbdd944bf5a71312cef6685590 00006377 5355568b7424148b460885c00f84bd91 (5.1.0.5907) #HBO_Offset_Data 52a8698148c6ccace183ed611da0650e 00006377 5355568b7424148b460885c00f84bd91 (5.1.0.5907) #HBO_Offset_Data f80c62d6f13e75c1357b6d78621d980c 00006377 5355568b7424148b460885c00f843d91 (5.1.0.8513) #HBO_Offset_Data 9f85fb1ea95ce3a4d4ae7466b79b205d 0000d1c2 5355568b7424148b460885c00f8434b4 (5.6.0.6626) #HBO_Offset_Data 1398242c89fb40716788ab60a0a4e918 00007eed 8bff558bec5153568b750c57ff7608e8 (5.6.0.8827) #HBO_Offset_Data fc3c8ff09810d6367299ac41a4594c79 00006ded 8bff558bec5153568b750c57ff7608e8 (5.6.0.8832) #HBO_Offset_Data 4c0959f3caa0c0a09b32e24a747c1db8 00011dcb 8bff558bec5153568b750c57ff7608e8 (5.6.0.8820) #HBO_Offset_Data 8c3c9579ec9fc0b5faf878174f9076a7 0001b9a5 8bff558bec538b5d0c5657ff7308e8f1 (5.7.0.16599) #HBO_Offset_Data 1251c170468ba15fc2971611df31b4bb 00006497 5355568b7424148b460885c00f84dd8b (5.1.0.4615) #HBO_Offset_Data 9015a95a196d7843c327c462fa816aa5 00006377 5355568b7424148b460885c00f84bd91 (5.1.0.5907) #HBO_Offset_Data c6e62d8b16d03951e282287d50a01046 00006377 5355568b7424148b460885c00f843d91 (5.1.0.8513) #Number_Parameters 2 #Clean_The_Stack 1 #Handler_Dll HIPHandlers.dll #Enter_Handler HeapSpray_Detection_Handler #Exit_Handler 0 #Process_Name iexplore.exe #*API_Data_Start* #OS win2k winxp win2003 winvista win7 #Hooked_Module EScript.api ## FV: 8.0.0.456 PV: 8.0.0.2006102300 (Acrobat Reader 8.0) #HBO_Offset_Data 0203c79e37d549a36f15f36a998bcd6c 00022E16 00000000000000000000000000000000 (hbomd5 before I7) #HBO_Offset_Data 9ec70302a349d5376af3156f6ccd8b99 00022E16 00000000000000000000000000000000 (md5) ## FV: 8.1.0.137 PV: 8.1.0.2007051100 (Acrobat Reader 8.1 and Acrobat Reader 8.1.1) #HBO_Offset_Data 15bd840089155e1cf9eb5bb7d05b9fdf 00023004 00000000000000000000000000000000 #HBO_Offset_Data 0084bd151c5e1589b75bebf9df9f5bd0 00023004 00000000000000000000000000000000 ## FV: 8.1.2.86 PV: 8.1.2.2008011100 (Acrobat Reader 8.1.2 and Acrobat Reader 8.1.2SU) #HBO_Offset_Data f19d248063a1b388287ff5e164cbfecd 00023C09 00000000000000000000000000000000 #HBO_Offset_Data 80249df188b3a163e1f57f28cdfecb64 00023C09 00000000000000000000000000000000 ## FV: 8.1.3.187 PV: 8.1.3.2008101500 (Acrobat reader 8.1.3 & 8.1.4 & 8.1.5) #HBO_Offset_Data 9f641b720d8b2d3ed3b03b937ef9fd0e 00023C49 00000000000000000000000000000000 #HBO_Offset_Data 721b649f3e2d8b0d933bb0d30efdf97e 00023C49 00000000000000000000000000000000 ## FV: 8.1.6.21 PV: 8.1.6.2009052100 (Acrobat reader 8.1.6) #HBO_Offset_Data 8afe5cee63110025154afbe21bcca7a8 00023C81 00000000000000000000000000000000 #HBO_Offset_Data ee5cfe8a25001163e2fb4a15a8a7cc1b 00023C81 00000000000000000000000000000000 ## FV: 8.1.7.59 PV: 8.1.7.59 (Acrobat reader 8.1.7) #HBO_Offset_Data a4b904502e093a393906259107405475 00025018 00000000000000000000000000000000 #HBO_Offset_Data 5004b9a4393a092e9125063975544007 00025018 00000000000000000000000000000000 ## FV: 8.2.0.81 PV: 8.2.0.81 (Acrobat reader 8.2.0) #HBO_Offset_Data 2ef7570b4a19bc68cb4d3ccf3c967f0a 00025018 00000000000000000000000000000000 (md5) ## FV: 9.0.0.332 PV: 9.0.0.2008061200 (Acrobat reader 9.0) #HBO_Offset_Data 13662ad1e297723e3f71bb33524c3ead 00022882 00000000000000000000000000000000 #HBO_Offset_Data d12a66133e7297e233bb713fad3e4c52 00022882 00000000000000000000000000000000 ## FV: 9.1.0.163 PV: 9.1.0.2009022700 (Acrobat reader 9.1 & 9.1.1) #HBO_Offset_Data 399ac7bf3522ddd0e6cd01a842bcb9ee 00022882 00000000000000000000000000000000 #HBO_Offset_Data bfc79a39d0dd2235a801cde6eeb9bc42 00022882 00000000000000000000000000000000 ## FV: 9.1.2.82 PV: 9.1.2.82 (Acrobat reader 9.1.2 and 9.1.3) #HBO_Offset_Data cb4295458fef3ff7f8b0c063df74ff57 000228BD 00000000000000000000000000000000 #HBO_Offset_Data 459542cbf73fef8f63c0b0f857ff74df 000228BD 00000000000000000000000000000000 ## FV: 9.2.0.124 PV: 9.2.0.124 (Acrobat reader 9.2) #HBO_Offset_Data f46981b1d2d22668db195b3ead4c568e 000232DD 00000000000000000000000000000000 #HBO_Offset_Data b18169f46826d2d23e5b19db8e564cad 000232DD 00000000000000000000000000000000 ## FV: 9.3.0.148 PV: 9.3.0.148 (Acrobat reader 9.3) #HBO_Offset_Data 8a350d0338a3f7bbe2f0c8ea37fda541 000232DD 00000000000000000000000000000000 (md5) #Number_Parameters 3 #Clean_The_Stack 1 #Handler_Dll HIPHandlers.dll #Enter_Handler HeapSpray_Detection_Handler_Acrobat #Exit_Handler 0 #Process_Name AcroRd32.exe ## Sig 6026 (CVE-2008-1456) #*API_Data_Start* #OS win2000 winxp win2003 #Hooked_Module es.dll #HBO_Offset_Data 2d6ad3acd8e9d1d765aa60a0637ec01d 0002927b 8bff558bec56578b7d08ff34bd004274 #HBO_Offset_Data bce7c1605e0a90331b08b82ffff21625 00027b9c 8bff558bec56578b7d08ff34bd903196 #Number_Parameters 5 #Clean_The_Stack 1 #Handler_Dll HIPHandlers.dll #Enter_Handler ChangedSubscription_Enter_Handler #Exit_Handler 0 #Process_Name svchost.exe ## Sig 6027 (CVE-2008-1087) #*API_Data_Start* #OS win2000 winxp win2003 #Hooked_Module gdi32.dll #HBO_Offset_Data 33e1aef5185244bf229c81525324d802 0001335b 8bff558bec81ec50020000a11420f577 #HBO_Offset_Data 3ddf60e95ba435e154115858af978b7d 00008336 558bec81ec4c02000057ff750c33c0b9 #HBO_Offset_Data 0863975763d1c0d1df3173916dd6ff1d 0002c018 8bff558bec81ec50020000a11430c477 #Number_Parameters 4 #Clean_The_Stack 1 #Handler_Dll HIPHandlers.dll #Enter_Handler IcmCreateColorSpaceByName_Enter_Handler #Exit_Handler 0 #Process_Name iexplore.exe explorer.exe # Enter function: RpcStartDocPrinter_Enter_Handler # Vulnerabilities: 3734 (CVE-2010-2729) *API_Data_Start* OS win2k winxp win2003 Hooked_Module spoolsv.exe Hooked_API RpcStartDocPrinter Number_Parameters 3 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler RpcStartDocPrinter_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 12345678-1234-abcd-ef00-0123456789ab Procedure_Number 17 Process_Name spoolsv.exe # Enter function: NetrLogonGetDomainInfo_Enter_Handler # Vulnerabilities: 2280 (CVE-2010-2742) *API_Data_Start* OS win2003 Hooked_Module netlogon.dll Hooked_API NetrLogonGetDomainInfo Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler NetrLogonGetDomainInfo_Enter_Handler Exit_Handler 0 IS_RPC_HOOK Interface_ID 12345678-1234-abcd-ef00-01234567cffb Procedure_Number 29 Process_Name lsass.exe # Sig 6033 (CVE-2010-2568) *API_Data_Start* OS winxp win2003 winvista win7 Hooked_Module shell32.dll HBO_Offset_Data 0cf50b1f45dab08430c1dbb79fe2ca5b 000a851d 8bff558bec81ec44020000a148f5bc7c HBO_Offset_Data bb6b5267194d85e1fb7a8b50210e6818 0006efac 8bff558bec81ec44020000a15c87ae7c HBO_Offset_Data 0a8317ff6d77da369c34f88693373a6c 0014a63c 8bff558bec81ec48020000a10c4e8676 HBO_Offset_Data 43466A7FF452883B68F52B963023949C 000ce513 8bff558bec81ec48020000a10c4ec576 HBO_Offset_Data 8679917a54a08ce5b923a2d0a511babd 000f94fa 8bff558bec81ec44020000a1ac9fbc73 HBO_Offset_Data e7bed39b2b28d726e3dfb898817a01d1 000f9722 8bff558bec81ec44020000a1ac9fbc73 HBO_Offset_Data 028ef93b746ff370dfe35711a7569647 000d3b2b 8bff558bec81ec48020000a10c5e4508 HBO_Offset_Data 5d62692eeb77e32f67a966f1bdeb551b 000d3c0b 8bff558bec81ec48020000a10c4e4508 HBO_Offset_Data 4f72c8f593aab1b83fb5d62cbfbb51f9 0014a52c 8bff558bec81ec48020000a10c5e0516 HBO_Offset_Data 4a21b11997c1f14d8707c8c501ca59a7 000d3b8b 8bff558bec81ec48020000a10c4e4508 HBO_Offset_Data cf1d75e7b4a7cc6d2a21fe64c9e50a12 0014a5dc 8bff558bec81ec48020000a10c4e0516 HBO_Offset_Data 518c6116079414e7074e726925d07a41 000f94aa 8bff558bec81ec44020000a1ac9fbc73 HBO_Offset_Data 33e9ce9110597f1a47ba18b96eafa6Fa 000d3be3 8bff558bec81ec48020000a10c3ec576 HBO_Offset_Data 33e9ce9110597f1a47ba18b96eafa6fa 000d3be3 8bff558bec81ec48020000a10c3ec576 HBO_Offset_Data d5988a5048e4dc7175bca9f29fc144ae 000a4ec5 8bff558bec81ec44020000a108c5bb7c HBO_Offset_Data 33e9ce9110597f1a47ba18b96eafa6fa 000d3be3 8bff558bec81ec48020000a10c3ec576 HBO_Offset_Data 43466a7ff452883b68f52b963023949c 000ce513 8bff558bec81ec48020000a10c4ec576 HBO_Offset_Data 5845B2BB1BC12EB0ECFAA6DF1C454D73 0006efbc 8bff558bec81ec44020000a15c97ae7c HBO_Offset_Data 10C3F285E94672DAFA5C3CE310AD3840 0009abf8 8bff558bec81ec44020000a1c4edae7c Number_Parameters 1 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler _LoadCPLModule_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe explorer.exe ## Sig 6027 (CVE-2008-1087) *API_Data_Start* OS winxp winvista win2003 Hooked_Module gdi32.dll HBO_Offset_Data 33e1aef5185244bf229c81525324d802 0001335b 8bff558bec81ec50020000a11420f577 HBO_Offset_Data 3ddf60e95ba435e154115858af978b7d 00008336 558bec81ec4c02000057ff750c33c0b9 HBO_Offset_Data 0863975763d1c0d1df3173916dd6ff1d 0002c018 8bff558bec81ec50020000a11430c477 HBO_Offset_Data 92c9e62f6132909b0999462a4afa5625 0001b399 8bff558bec81ec50020000a18c30c477 HBO_Offset_Data 566448db6ace1b3201bbde40cb0345aa 000103a8 8bff558bec81ec54020000a11c60bb77 HBO_Offset_Data e9a93748d446fcfcd2c706352952402f 0001bace 8bff558bec81ec54020000a11c60ba77 HBO_Offset_Data f5aee133bf44521852819c2202d82453 0001335b 8bff558bec81ec50020000a11420f577 HBO_Offset_Data 5ea9fa89b8653a3606d9d36b6754dd2a 00014ff8 558bec81ec50020000a11810c4778945 HBO_Offset_Data a8df14d6245446962111b632f9114daa 0002c95a 8bff558bec81ec50020000a11430c477 HBO_Offset_Data 07ce1a6844e955e325c88418a0348f7a 000139be 558bec81ec50020000a11810c4778945 HBO_Offset_Data ae56eccb2fb65cb57bac6509f403cee2 0002ca46 8bff558bec81ec50020000a11430c477 HBO_Offset_Data f5052a95ee351d823e9ac96b0cdf1bb3 0002c94e 8bff558bec81ec50020000a11430c477 HBO_Offset_Data fb0032833de650e99f4632d94ce1bacd 0002c94e 8bff558bec81ec50020000a11430c477 HBO_Offset_Data cd3e3753afdc8a0a9ddf695c5ad5d579 00015929 558bec81ec50020000a11810c4778945 HBO_Offset_Data 3a3134aa8a9ed5a1938c450a6fd06533 0001327a 558bec81ec50020000a11810c4778945 HBO_Offset_Data 27ab80ad1aec9fa2868ec826c10b7cfd 0002d132 8bff558bec81ec50020000a11440c477 HBO_Offset_Data cefcbc271842f2e587959a83aed4469b 0002d262 8bff558bec81ec50020000a11440c477 HBO_Offset_Data 0c277f9b5bf1652cbc7cfd3c0d33060d 0001b399 8bff558bec81ec50020000a18c30c477 HBO_Offset_Data cf60886e05cc61f0c324014ff28a79e9 0001b399 8bff558bec81ec50020000a18c30c477 HBO_Offset_Data 9da47be6d59fd06a922dcba6739bdd2e 0001b71f 8bff558bec81ec50020000a11430f577 HBO_Offset_Data 40da54425e8857195e2e68c7fe67cc6e 0001b6bf 8bff558bec81ec50020000a11430f577 HBO_Offset_Data 3a0d35e8fb2ab3273558adaf92fc2f90 0001b727 8bff558bec81ec50020000a11430f577 HBO_Offset_Data b05ce14f2aa6c22a5807f1df2524fcb1 0001b6c7 8bff558bec81ec50020000a11430f577 HBO_Offset_Data fec4f1a72629c67eea37d9e25384a2f9 0001a8b3 8bff558bec81ec50020000a11430f577 HBO_Offset_Data c0f424c257a646c11780defd06cc9964 0001a8f3 8bff558bec81ec50020000a11430f577 HBO_Offset_Data d5a244133a4bd356fb445e3b214453e0 00013b82 558bec81ec4c02000057ff750c33c0b9 HBO_Offset_Data d7621a5c5191a85a0ec023a440995eca 00013b7d 558bec81ec4c02000057ff750c33c0b9 HBO_Offset_Data fd62b16662be241f45f462e75e85416c 0001a8b3 8bff558bec81ec50020000a11430f577 HBO_Offset_Data 664a14b083e47f83c4dac413ef7f9b10 0001a8f3 8bff558bec81ec50020000a11430f577 HBO_Offset_Data 272cee0ece130383aad3a8906cbfb6e1 0002d31a 8bff558bec81ec50020000a11440c477 Number_Parameters 4 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler IcmCreateColorSpaceByName_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe explorer.exe ## Sig 6026 (CVE-2008-1456) *API_Data_Start* OS winxp winvista win2003 win2008 Hooked_Module es.dll HBO_Offset_Data 2d6ad3acd8e9d1d765aa60a0637ec01d 0002927b 8bff558bec56578b7d08ff34bd004274 HBO_Offset_Data bce7c1605e0a90331b08b82ffff21625 00027b9c 8bff558bec56578b7d08ff34bd903196 HBO_Offset_Data 01b2ef40aaaf29786b0f906c487dd56a 0002689f 56578b7c240cff34bd8011ba768bf1ff HBO_Offset_Data 95f5fea4c6de2c3f28784d0dcc8f0dd3 000292e8 8bff558bec56578b7d08ff34bd084274 HBO_Offset_Data 34bbd9acc1538818f2c878898c64e793 000292e8 8bff558bec56578b7d08ff34bd084274 HBO_Offset_Data 474e1ebabb449e5fddf3cb711f6c65c8 00027c09 8bff558bec56578b7d08ff34bd903196 HBO_Offset_Data 6a6f0a359421bdf6acf056da3262e336 0002680e 56578b7c240cff34bdf801b0768bf1ff HBO_Offset_Data d430b62cef57cd2385ac81407c12c3fe 00026832 56578b7c240cff34bdf801b0768bf1ff HBO_Offset_Data a7aef75b8cf1bedc9d7919f0b9963a84 00027bfc 8bff558bec56578b7d08ff34bd903196 HBO_Offset_Data f4bf4fa769db51b106d2b4b35256988b 00014a41 8bff558bec56578b7d08ff34bd78946f HBO_Offset_Data 60c1e7bc33900a5e2fb8081b2516f2ff 00027b9c 8bff558bec56578b7d08ff34bd903196 HBO_Offset_Data dfb250bac1a9108abd777ea181e32015 000114d9 8bff558bec56578b7d08ff34bdd49397 HBO_Offset_Data f4bf4fa769db51b106d2b4b35256988b 00014a41 8bff558bec56578b7d08ff34bd78946f HBO_Offset_Data acd36a2dd7d1e9d8a060aa651dc07e63 0002927b 8bff558bec56578b7d08ff34bd004274 HBO_Offset_Data 19a799805b24990867b00c120d300c3a 00029a8c 8bff558bec56578b7d08ff34bd305274 Number_Parameters 5 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler ChangedSubscription_Enter_Handler Exit_Handler 0 Process_Name svchost.exe # sig 6039 (CVE-2011-0042, DVR-MS file vulnerability) *API_Data_Start* OS winxp winvista win7 Hooked_Module sbe.dll HBO_Offset_Data a892d132996cf2e630a535f53c5fc643 00009ad7 8bff558bec8b450c538b5d0856576a12 HBO_Offset_Data c559b8bf1ec5146e5e52d2cc21276d0a 00009ad7 8bff558bec8b450c538b5d0856576a12 HBO_Offset_Data 697ed76eb2736b1962b5e87aeec77afd 0000a3c1 8bff558bec8b450c538b5d0856576a12 HBO_Offset_Data c00e59b913085c990695699ffcbe22e5 00041e1e 8bff558bec8b450c538b5d0856576a12 HBO_Offset_Data 074341eeda7a8564c22b7f76008a3ca0 00041e06 8bff558bec8b450c538b5d0856576a12 Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler CopyMediaType_Enter_Handler Exit_Handler 0 Process_Name wmplayer.exe # Enter function: _LoadLibraryExW_Enter_Handler # Vulnerabilities: TDSS rootkit *API_Data_Start* OS winxp win2003 winvista win8w win8s Hooked_Module kernel32.dll Hooked_API LoadLibraryExW Number_Parameters 3 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler _LoadLibraryExW_Enter_Handler Exit_Handler 0 Process_Name spoolsv.exe # sig 2819 (CVE-2012-4774) *API_Data_Start* OS winxp win2003 winvista win2008 Hooked_Module kernel32.dll Hooked_API FindNextFileW Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler FindNextFileW_Enter_Handler Exit_Handler 0 Process_Name explorer.exe # block user creation *API_Data_Start* OS win2k winxp win2003 winvista win2008 win7 win2008r2 Hooked_Module samsrv.dll Hooked_API SamrCreateUser2InDomain Number_Parameters 7 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler SamrCreateUser2InDomain_Enter_Handler Exit_Handler 0 Process_Name lsass.exe #2834 *API_Data_Start* OS win2k winxp win2003 winvista win2008 win7 win8w winxw win2008r2 Hooked_Module kernel32.dll Hooked_API CreateDirectoryW Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler _CreateDirectoryW_Enter_Handler Exit_Handler 0 Process_Name java.exe ## sig 6001 (Suspicious Data Sequence in Javascript) *API_Data_Start* OS winxp win2003 win2008 winvista win7 Hooked_Module jscript.dll HBO_Offset_Data F22F10918F02BC39F7EA93455A2D8CD7 00047e4e 8bff558bec83e4f88b451483ec1483f8 HBO_Offset_Data 84ADBE77F3038579AF69DB06960A97B3 00047e2e 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data 6C9FBE89EB93018BBCF201E6CB9C5A53 00039d2e 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data E8179401795F1DFFA6E50795BDD2090A 00039d2e 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data 9272D7BE356F83C56BBB6445127BF647 00039d2e 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data 773D4635360260DE9F17F3DE6996452E 00039e0e 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data 680A319B0FD31AC4D7D18A6D843244FE 00039d2e 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data 812B78D537E5BA9D8D25A66E20A37C35 00039e0e 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data 6A6426E076145D8EB2AA849F85EC8C3D 00047e4e 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data 655508B9E0BF944AC1E15630A90CEB8C 00047e4e 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data 494701186CCF559024B9DB11760B7DBC 00047dde 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data 0689622E6484934EB6E5F4D3A96311F9 00039e0e 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data 38FFEC2CD31441A6B57D7A0B490D7299 0003e18a 8bff558bec83ec1453568bf033c05733 HBO_Offset_Data 0BD0665D8BFD321D3B5A898ED09D1DF3 00047dde 8bff558bec83ec1453568bf033c05733 Number_Parameters 3 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler ScrUnescape_Enter_Handler_New Exit_Handler 0 Process_Name iexplore.exe ## sig 6001 (Suspicious Data Sequence in Javascript) *API_Data_Start* OS winxp win2003 win2008 winvista Hooked_Module jscript.dll HBO_Offset_Data 12788e3bdf0cf79051f0dc0c962ef072 0002ce47 00000000000000000000000000000000 HBO_Offset_Data 00d85f7f121cf6400c726a47bc14eadc 00031c12 00000000000000000000000000000000 HBO_Offset_Data f1ba376a4a61d4c1736bff51a1c28b96 0001e917 00000000000000000000000000000000 HBO_Offset_Data 6d697da2dfb4f63ef5c34300b043e37d 0004f850 00000000000000000000000000000000 HBO_Offset_Data 0837ddc4b4a8bb8495ef3a0ae2da4271 0002b2c8 00000000000000000000000000000000 HBO_Offset_Data ea7262d11740d6154c8133983132a938 0001b4b6 00000000000000000000000000000000 HBO_Offset_Data a9cfe237b21892fdaacdc09755f9ffe7 0004f9a0 00000000000000000000000000000000 HBO_Offset_Data 7f5fd80040f61c12476a720cdcea14bc 00031c12 8bff558bec83ec14568b750833c05689 HBO_Offset_Data B39D9A185DCB17B679A9475ECFFB33B2 0002946c 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 66348C3042FBDA0B42C3EF7A45A7CFD5 0002946c 8bff558bec83ec14568b750833c05689 HBO_Offset_Data AC0128A385762756C346E42FA5E1697C 0002c31a 8bff558bec83ec14568b750833c05689 HBO_Offset_Data F45BC6A78A7A732330949E4DE1EF84A8 0002b3e8 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 462D705964D0E70DFDADDFCC3F5FAA6D 0002946c 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 4C7D274A0E5266C5EEDD9DE0DFE9B8D6 0002c31a 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 2FF61833BE4FDE938D71B2E7B2171844 0002b3e8 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 81ECD75F0237AD86995FC988299F5BDB 0002946c 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 3F6984365B5E4F906234B32F9ACFEDA4 00019229 558bec83ec1433c0568b75083bf08945 HBO_Offset_Data C564A59C29B2386465B681CDDB086DC1 000296b6 8bff558bec83ec14568b750833c05689 HBO_Offset_Data FFC4ED6E2393316CF218D5454553CB6E 0002c21a 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 89333008D4204E561AD09DEC3E20760F 000293cc 8bff558bec83ec14568b750833c05689 HBO_Offset_Data EBFEEA31B54176B4CE09BDD38557B6A7 0002b348 8bff558bec83ec14568b750833c05689 HBO_Offset_Data C10F499E58B2B6F2E242D5400B8E7DB7 0002947c 8bff558bec83ec14568b750833c05689 HBO_Offset_Data E9C4E4038F7567FBCFA7B1ED2FEC7130 0002947c 8bff558bec83ec14568b750833c05689 HBO_Offset_Data D9B79232AE6637D4C9EB374300FE12D2 0002947c 8bff558bec83ec14568b750833c05689 HBO_Offset_Data B42B20C502FCBD5B9841DAC25BAC58DC 0001e927 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 2CF588931D110B1485E85D43EC250B31 0001b4a6 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 95DB507837E05970EBAAEBC5CEF9F9F4 0001b5a6 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 991E9F5C97F332844A52C0BCE3F2EBD8 0001b5c3 8bff558bec83ec14568b750833c05689 HBO_Offset_Data E0DE314048063A8C169D3D3D9870DD37 0001e917 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 9191E643629A7224709D306C2921BBC4 00030f62 8bff558bec83ec14568b750833c05689 HBO_Offset_Data DCB288183CF77605110944232C6A2665 0002c33a 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 612C998879796B01B10961413E1BBB53 0002947c 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 6B5909788A11B970A35EFAE4FC398736 000312ea 8bff558bec83ec14568b750833c05689 HBO_Offset_Data 9A44909615371406B7B03D1AA85FC6DB 000313ea 8bff558bec83ec14568b750833c05689 HBO_Offset_Data F7B098A08EFCF4AB4247264C0AC225D2 0002947c 8bff558bec83ec14568b750833c05689 Number_Parameters 2 Clean_The_Stack 1 Handler_Dll HIPHandlers.dll Enter_Handler ScrUnescape_Enter_Handler Exit_Handler 0 Process_Name iexplore.exe *Control_Data_Start* Variable_Resolution_Module HIPResolver.dll ===================================================================================================================================================== Based on the hidden functions, the fact that it scrubs its own logs, takes control of processes in the netsvcs or svchost.exe profiles, I find it to be very suspicious. ===================================================================================================================================================== Just for fun I ran HiJackThis, but made no modifications. Downloaded both the stable and test editions. Ran both, the test edition is named respectively. Out of curiosity, the things it notes that are noted "O2 - 32": the '32' is not noted in the HJT user manual, in English or in Russian. I assume this means the same change has been made in the Sys32 files in addition to the Sys64 files..? Logs are attached for your reference. I'm both pissed that this ruined my new gaming computer, I just wanted to play League and do my course work [in college for computer programming, so this really bites]. You are correct, it is Windows 10. Will load the factory reset module screen, will start resetting but then stops at around 3-30% and says "Undoing Changes"/"We are unable to restore the factory default image at this time". I could scan in the recovery environment but would rather just start from scratch. Have access to a Windows10 key from the college, so DBAN doesn't seem like a bad idea. ====================================== =============================================================================================================== I have also attached screenshots of files that are suspicious or things I definitely did not download, or are actively being used by the malware in question. Casper/McAfee WindowsPowerShell - Pester / Chocolatey Installer [never heard of them or run anything requiring them on this machine] Often these files are associated with dates of 10/30/2015 or 07/23/2016, though they install themselves after any factory reset and then immediately change their last accessed, last modified, and date created sections to the above dates. I have been inspecting many files that fall within these parameters manually, which is how I killed the new machine playing around with HKEYs in the Registry section [dumb, I know]. Many of the files are installed by "Trusted Installer" "System" or "Administrator" profiles, and deny me access even with Administrative account priviliges. I managed to dig through the new machine and change permissions on most of these folders to allow myself access. Found a lot of them will not allow any changes to the security or ownership priviliges, but I can set up inconsistent states and then delete them. This resulted in my new laptop having no access to start menu, or several other useful GUI features [I was mainly using Win+R for notepad, paint, control panel, and explorer anyways] --- the malware apparently detected this, and shut off my access to System Settings, Firewall Advanced Features, and eventually other things as well. When I tried to cold boot the machine, it was dead. Probably flooding you with too much here, but it's just to show you that I have some idea of what's going on here, I just need guidance from someone more experienced. ====================================== =============================================================================================================== ====================================== =============================================================================================================== ====================================== =============================================================================================================== ===================================================================================================================================================== Thanks again for your assistance Kevin. If I had PayPal I'd donate, but there are too many issues with that program alone. I used to work at a call centre for an online bank, and half of the fraud cases we dealt with used that. Sorry. I'll pass along some good vibes, karma will definitely get you back in turn with something good. The world is too interconnected for things not to be all related to prior and future events. I would manually scrub these files, but since you're the one who's instructions I'm following, I'll await your instructions diligently. If I can pass along something interesting though, what kind of music are you interested in? Maybe I could recommend an artist or song. If you like computers, math, music, fractals, ramblings of crazy people, or just want to step into the mind of someone teetering on the brink of insanity; take a look at "Godel, Escher, Bach: An Eternal Golden Braid" by Douglas Hofstadter, pub. 1979. Worth a read. Cheers! AdwCleaner[C01].txt AdwCleaner[S01].txt 2018.11.03-20.52.07-i0-t92-d0.txt HiJackThis2.log HJTnorm.txt HJTtest.txt HiJackThis.log
  3. Got the casper virus among others, can't get rid of it. Tried MWB, SpybotSD, avast!, avira, KaperskyTDSSKiller, CCCleaner...fried a new laptop doing some manual removals, using this old one that is known to be very infected. Lasting past system resets. In registry files, among others. Files the virus(es) hide in contain: _8wekyb3d8bbwe _kzf8qxf38zg5c _htrsf667h5kn2 _31bf3856as364e35 _b03f5f7f11d50a3a _6595b64144ccf1df _b77a5c561934e089 Presuming the next steps will be HijackThis, but I'm not too familiar and would still like to be able to troubleshoot - am wary about playing with Reg files after killing the new laptop [can't factory reset it at this point, need DBAN and Win Install]. Any pointers? Regards, Chris MWBnov3.txt FRST.txt Addition.txt Shortcut.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.