Virus spread via wine
Jong Bin, Chae
chae at trunk.so
Tue Sep 24 09:30:15 CDT 2013
Thanks, Dan.
No. I already have that virus sample file.
For the more fun, W32:Tenga (aka Virus:Win32/Gael.D) virus behavior
signature under Wine 1.7.1 attached.
On Mon, Sep 23, 2013 at 11:12 PM, Dan Kegel <dank at kegel.com> wrote:
> Thanks, looks like you're doing good work there.
> (Are you going to ask the guy who filed 34556 for a copy of an infected
> file?)
>
> On Mon, Sep 23, 2013 at 6:32 AM, Jong Bin, Chae <chae at trunk.so> wrote:
> > Fun++;
> > /* Wine Virus Database (VirusDB)
> >
> http://sourceforge.net/apps/mediawiki/zerowine-tryout/index.php?title=VirusDB
> > */
> >
> >
> >
> > On Mon, Sep 23, 2013 at 1:20 PM, Dan Kegel <dank at kegel.com> wrote:
> >>
> >> Fun times:
> >> http://bugs.winehq.org/show_bug.cgi?id=34556
> >>
> >>
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20130924/46c245e7/attachment-0001.html>
-------------- next part --------------
trace:loaddll:load_native_dll Loaded L"C:\\r.exe" at 0x400000: native
0009:Starting process L"C:\\r.exe" (entryproc=0x6251c8)
0009:Call KERNEL32.CreateMutexA(00000000,00000000,0032fe24 "gaelicum") ret=006252bb
0009:Call KERNEL32.CreateProcessA(0032fd08 "C:\\r.exe",00000000,00000000,00000000,00000000,0000000c,00000000,00000000,0032fb18,0032fb08) ret=0062533d
trace:loaddll:load_native_dll Loaded L"C:\\r.exe" at 0x400000: native
0009:Call KERNEL32.WriteProcessMemory(00000064,00401000,006251c8,00000e52,00000000) ret=00625361
0009:Call KERNEL32.GetThreadContext(00000068,0032fb0c) ret=00625374
0009:Call KERNEL32.SetThreadContext(00000068,0032fb0c) ret=00625395
0009:Call KERNEL32.ResumeThread(00000068) ret=00625398
0025:Call KERNEL32.CreateMutexA(00000000,00000001,0033fed8 "gaelicum") ret=004011fd
0028:Starting thread proc 0x401383 (arg=0x340088)
0028:Call KERNEL32.GetVersion() ret=00401c89
0028:Call KERNEL32.CreateToolhelp32Snapshot(00000002,00000300) ret=00401d01
0028:Call KERNEL32.Process32First(00000050,0072e70c) ret=00401d0c
0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d
0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d
0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d
0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d
0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d
0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d
0027:Starting process L"C:\\windows\\system32\\explorer.exe" (entryproc=0x7ef96070)
0028:Call KERNEL32.CreateFileA(00130210 "C:\\Program Files\\BZEdit1.6.5\\uninstall.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\Program Files\\BZEdit1.6.5\\BZEdit32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0029:Starting thread proc 0x7ef90920 (arg=0x10036)
0029:Call KERNEL32.CreateFileW(00129f30 L"C:\\users\\malware\\Desktop",00100001,00000003,00000000,00000003,42000000,00000000) ret=7ef90997
0029:Call KERNEL32.CreateFileW(00129f70 L"C:\\users\\Public\\Desktop",00100001,00000003,00000000,00000003,42000000,00000000) ret=7ef909e3
0009:Call KERNEL32.GetTempPathW(00002004,004d50c8) ret=004036cc
0009:Call KERNEL32.CreateDirectoryW(004d50c8 L"C:\\users\\malware\\Temp\\",00000000) ret=004034a5
0009:Call KERNEL32.DeleteFileW(004d10c0 L"C:\\users\\malware\\Temp\\nsk810c.tmp") ret=00403704
0009:Call KERNEL32.CreateFileW(004dd0d8 L"C:\\r.exe",80000000,00000001,00000000,00000003,00000020,00000000) ret=00405a60
0009:Call user32.MessageBoxIndirectW(0040a030) ret=004058e6
0028:Call KERNEL32.CreateFileA(00130210 "C:\\Program Files\\Internet Explorer\\iexplore.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\winhlp32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\notepad.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\uninstaller.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\clock.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\ping.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\rpcss.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winevdm.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winedevice.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\gdi.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\msiexec.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\netstat.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winemine.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wmic.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\net.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\cmd.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\expand.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winhlp32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winemsibuilder.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\notepad.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\tasklist.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\schtasks.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\svchost.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winedbg.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\lodctr.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\spoolsv.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\cabarc.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\eject.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wuauclt.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\mshta.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\ipconfig.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\attrib.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wineboot.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\sc.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\ddhelp.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winecfg.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\taskmgr.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\user.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winebrowser.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\dxdiag.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\sysedit.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\findstr.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\unlodctr.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\xcopy.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\netsh.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\explorer.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\progman.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\view.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\taskkill.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\extrac32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\dosx.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\rundll32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\cacls.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wusa.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\plugplay.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\krnl386.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\termsv.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winefile.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\oleview.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\cscript.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\write.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\gecko\\2.21\\wine_gecko\\plugin-hang-ui.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\gecko\\2.21\\wine_gecko\\plugin-container.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\reg.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wscript.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winepath.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\hostname.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wineconsole.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\services.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\icinfo.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\secedit.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winver.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wbem\\wmic.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wbem\\mofcomp.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\iexplore.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\control.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winemenubuilder.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wordpad.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\regsvr32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\conhost.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\Microsoft.NET\\Framework\\v1.1.4322\\ngen.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngen.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\regedit.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\command\\start.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\explorer.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\rundll.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\hh.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\winhelp.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867
trace:winsock:WS_gethostbyname "zerowine" ret 0x139be8
0025:Call KERNEL32.GetVersion() ret=0040133d
002c:Starting thread proc 0x401457 (arg=0x340088)
002d:Starting thread proc 0x401457 (arg=0x340088)
002f:Starting thread proc 0x401457 (arg=0x340088)
0030:Starting thread proc 0x401457 (arg=0x340088)
0032:Starting thread proc 0x401457 (arg=0x340088)
0033:Starting thread proc 0x401457 (arg=0x340088)
0034:Starting thread proc 0x401a3d (arg=0x340088)
0031:Starting thread proc 0x401457 (arg=0x340088)
002e:Starting thread proc 0x401457 (arg=0x340088)
trace:winsock:WSASocketW created 0060
trace:winsock:WS_connect socket 0060, ptr 0xe2ea34 { family AF_INET, address 120.22.205.1, port 139 }, length 16
trace:winsock:WSASocketW created 005c
trace:winsock:WS_connect socket 005c, ptr 0xb2ea34 { family AF_INET, address 186.127.121.1, port 139 }, length 16
trace:winsock:WSASocketW created 0064
trace:winsock:WSASocketW created 006c
trace:winsock:WS_connect socket 006c, ptr 0xf2ea34 { family AF_INET, address 91.147.241.1, port 139 }, length 16
002b:Starting thread proc 0x401457 (arg=0x340088)
trace:winsock:WSASocketW created 0070
trace:winsock:WS_connect socket 0070, ptr 0xd2ea34 { family AF_INET, address 21.98.136.1, port 139 }, length 16
trace:winsock:WSASocketW created 0074
trace:winsock:WS_connect socket 0074, ptr 0xc2ea34 { family AF_INET, address 197.205.35.1, port 139 }, length 16
trace:winsock:WSASocketW created 0078
trace:winsock:WS_connect socket 0078, ptr 0x102ea34 { family AF_INET, address 33.206.17.1, port 139 }, length 16
trace:winsock:WSASocketW created 0068
002a:Starting thread proc 0x401457 (arg=0x340088)
trace:winsock:WS_connect socket 0068, ptr 0xb2ea34 { family AF_INET, address 186.127.121.2, port 139 }, length 16
trace:winsock:WSASocketW created 0080
trace:winsock:WS_connect socket 0080, ptr 0x82ea34 { family AF_INET, address 81.14.52.1, port 139 }, length 16
trace:winsock:WS_connect socket 0064, ptr 0x112ea34 { family AF_INET, address 186.127.121.1, port 139 }, length 16
trace:winsock:WSASocketW created 0084
trace:winsock:WS_connect socket 0084, ptr 0x92ea34 { family AF_INET, address 179.205.229.1, port 139 }, length 16
trace:winsock:WSASocketW created 007c
trace:winsock:WS_connect socket 007c, ptr 0xd2ea34 { family AF_INET, address 21.98.136.2, port 139 }, length 16
trace:winsock:WSASocketW created 008c
trace:winsock:WS_connect socket 008c, ptr 0xc2ea34 { family AF_INET, address 197.205.35.2, port 139 }, length 16
trace:winsock:WSASocketW created 0090
trace:winsock:WS_connect socket 0090, ptr 0x102ea34 { family AF_INET, address 33.206.17.2, port 139 }, length 16
trace:winsock:WSASocketW created 0088
trace:winsock:WS_connect socket 0088, ptr 0xe2ea34 { family AF_INET, address 120.22.205.2, port 139 }, length 16
trace:winsock:WSASocketW created 0098
trace:winsock:WS_connect socket 0098, ptr 0xb2ea34 { family AF_INET, address 186.127.121.3, port 139 }, length 16
trace:winsock:WSASocketW created 009c
trace:winsock:WS_connect socket 009c, ptr 0x82ea34 { family AF_INET, address 81.14.52.2, port 139 }, length 16
trace:winsock:WSASocketW created 0094
trace:winsock:WS_connect socket 0094, ptr 0x112ea34 { family AF_INET, address 186.127.121.2, port 139 }, length 16
trace:winsock:WSASocketW created 00a0
trace:winsock:WS_connect socket 00a0, ptr 0x92ea34 { family AF_INET, address 179.205.229.2, port 139 }, length 16
trace:winsock:WSASocketW created 00a8
trace:winsock:WS_connect socket 00a8, ptr 0xd2ea34 { family AF_INET, address 21.98.136.3, port 139 }, length 16
trace:winsock:WSASocketW created 00ac
trace:winsock:WS_connect socket 00ac, ptr 0xc2ea34 { family AF_INET, address 197.205.35.3, port 139 }, length 16
trace:winsock:WSASocketW created 00a4
trace:winsock:WS_connect socket 00a4, ptr 0xf2ea34 { family AF_INET, address 91.147.241.2, port 139 }, length 16
trace:winsock:WSASocketW created 00b4
trace:winsock:WS_connect socket 00b4, ptr 0x102ea34 { family AF_INET, address 33.206.17.3, port 139 }, length 16
trace:winsock:WSASocketW created 00b8
trace:winsock:WS_connect socket 00b8, ptr 0xe2ea34 { family AF_INET, address 120.22.205.3, port 139 }, length 16
trace:winsock:WSASocketW created 00b0
trace:winsock:WS_connect socket 00b0, ptr 0xb2ea34 { family AF_INET, address 186.127.121.4, port 139 }, length 16
End of signature.
More information about the wine-devel
mailing list