RedKit - Payload Memory Strings 20120112-4

1. jjjjjj
2. EPMQUR
3. UREP
4. REPMQ
5. jjjjh
6. \fXNgb
7. !This program cannot be run in DOS mode.
8. Rich
9. .text
10. `.rdata
11. @.data
12. .reloc
13. QVW3
14. jDj
15. AdjustTokenPrivileges
16. LookupPrivilegeValueA
17. OpenProcessToken
18. time
19. strcpy
20. strchr
21. rand
22. srand
23. MessageBoxA
24. GetCursorPos
25. wsprintfA
26. InternetReadFile
27. InternetCloseHandle
28. InternetOpenUrlA
29. InternetOpenA
30. Sleep
31. ExitProcess
32. Process32Next
33. Process32First
34. CreateToolhelp32Snapshot
35. VirtualFree
36. CreateRemoteThread
37. WriteProcessMemory
38. VirtualAllocEx
39. VirtualAlloc
40. GetModuleHandleA
41. lstrcmpiA
42. OpenProcess
43. GetCurrentProcess
44. ExitThread
45. LoadLibraryExA
46. GetProcAddress
47. HeapAlloc
48. GetProcessHeap
49. GetTickCount
50. OpenMutexA
51. CreateMutexA
52. WinExec
53. CloseHandle
54. WriteFile
55. CreateFileA
56. lstrlenA
57. lstrcatA
58. GetTempFileNameA
59. GetTempPathA
60. lstrcpyA
61. DeleteFileA
62. CreateProcessA
63. GetComputerNameA
64. GetModuleFileNameA
65. 0123456789abcdef
66. advapi32.dll
67. msvcrt.dll
68. user32.dll
69. wininet.dll
70. kernel32.dll
71. cmd.exe /c ping -n 1 -w 2000 192.168.123.254 > nul & del %s
72. SeDebugPrivilege
73. http://basement-gallery.com/h.htm
74. http://craportuense.com/i.htm
75. http://ouedknouz.com/c.htm
76. http://stevenyang.ca/p.htm
77. http://orderindiantoronto.com/k.htm
78. http://goediving.com/g.htm
79. http://ex9.com.br/t.htm
80. http://boersenkeller-frankfurt.de/w.htm
81. http://cash.taxi-soyuz.ru/l.htm
82. http://triathlonclub.sakura.ne.jp/o.htm
83. Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)
84. Xi3FVneIx
85. c:\documents and settings\USER\
86. v\setup.exe
87. WgvZZgv
88. Mgv
89. 3b4c8192a3b83565bbb74665e969f800
90. 1;2@2J2O2X2^2
91. 3#3(33383A3G3l3w3
92. 3;4E4O4j4r4w4
93. 5)6=6S6i6w6
94. 868@8U8b8n8
95. 9(9<9F9h9n9
96. 0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0