trace:loaddll:load_native_dll Loaded L"C:\\r.exe" at 0x400000: native 0009:Starting process L"C:\\r.exe" (entryproc=0x6251c8) 0009:Call KERNEL32.CreateMutexA(00000000,00000000,0032fe24 "gaelicum") ret=006252bb 0009:Call KERNEL32.CreateProcessA(0032fd08 "C:\\r.exe",00000000,00000000,00000000,00000000,0000000c,00000000,00000000,0032fb18,0032fb08) ret=0062533d trace:loaddll:load_native_dll Loaded L"C:\\r.exe" at 0x400000: native 0009:Call KERNEL32.WriteProcessMemory(00000064,00401000,006251c8,00000e52,00000000) ret=00625361 0009:Call KERNEL32.GetThreadContext(00000068,0032fb0c) ret=00625374 0009:Call KERNEL32.SetThreadContext(00000068,0032fb0c) ret=00625395 0009:Call KERNEL32.ResumeThread(00000068) ret=00625398 0025:Call KERNEL32.CreateMutexA(00000000,00000001,0033fed8 "gaelicum") ret=004011fd 0028:Starting thread proc 0x401383 (arg=0x340088) 0028:Call KERNEL32.GetVersion() ret=00401c89 0028:Call KERNEL32.CreateToolhelp32Snapshot(00000002,00000300) ret=00401d01 0028:Call KERNEL32.Process32First(00000050,0072e70c) ret=00401d0c 0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d 0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d 0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d 0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d 0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d 0028:Call KERNEL32.Process32Next(00000050,0072e70c) ret=00401d4d 0027:Starting process L"C:\\windows\\system32\\explorer.exe" (entryproc=0x7ef96070) 0028:Call KERNEL32.CreateFileA(00130210 "C:\\Program Files\\BZEdit1.6.5\\uninstall.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\Program Files\\BZEdit1.6.5\\BZEdit32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0029:Starting thread proc 0x7ef90920 (arg=0x10036) 0029:Call KERNEL32.CreateFileW(00129f30 L"C:\\users\\malware\\Desktop",00100001,00000003,00000000,00000003,42000000,00000000) ret=7ef90997 0029:Call KERNEL32.CreateFileW(00129f70 L"C:\\users\\Public\\Desktop",00100001,00000003,00000000,00000003,42000000,00000000) ret=7ef909e3 0009:Call KERNEL32.GetTempPathW(00002004,004d50c8) ret=004036cc 0009:Call KERNEL32.CreateDirectoryW(004d50c8 L"C:\\users\\malware\\Temp\\",00000000) ret=004034a5 0009:Call KERNEL32.DeleteFileW(004d10c0 L"C:\\users\\malware\\Temp\\nsk810c.tmp") ret=00403704 0009:Call KERNEL32.CreateFileW(004dd0d8 L"C:\\r.exe",80000000,00000001,00000000,00000003,00000020,00000000) ret=00405a60 0009:Call user32.MessageBoxIndirectW(0040a030) ret=004058e6 0028:Call KERNEL32.CreateFileA(00130210 "C:\\Program Files\\Internet Explorer\\iexplore.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\winhlp32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\notepad.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\uninstaller.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\clock.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\ping.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\rpcss.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winevdm.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winedevice.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\gdi.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\msiexec.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\netstat.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winemine.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wmic.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\net.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\cmd.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\expand.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winhlp32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winemsibuilder.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\notepad.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\tasklist.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\schtasks.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\svchost.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winedbg.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\lodctr.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\spoolsv.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\cabarc.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\eject.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wuauclt.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\mshta.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\ipconfig.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\attrib.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wineboot.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\sc.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\ddhelp.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winecfg.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\taskmgr.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\user.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winebrowser.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\dxdiag.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\sysedit.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\findstr.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\unlodctr.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\xcopy.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\netsh.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\explorer.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\progman.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\view.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\taskkill.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\extrac32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\dosx.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\rundll32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\cacls.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wusa.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\plugplay.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\krnl386.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\termsv.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winefile.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\oleview.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\cscript.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\write.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\gecko\\2.21\\wine_gecko\\plugin-hang-ui.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\gecko\\2.21\\wine_gecko\\plugin-container.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\reg.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wscript.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winepath.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\hostname.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wineconsole.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\services.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\icinfo.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\secedit.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winver.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wbem\\wmic.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wbem\\mofcomp.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\iexplore.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\control.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\winemenubuilder.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\wordpad.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\regsvr32.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\system32\\conhost.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\Microsoft.NET\\Framework\\v1.1.4322\\ngen.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngen.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\regedit.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\command\\start.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\explorer.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\rundll.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\hh.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 0028:Call KERNEL32.CreateFileA(00130210 "C:\\windows\\winhelp.exe",c0000000,00000001,00000000,00000003,00000000,00000000) ret=00401867 trace:winsock:WS_gethostbyname "zerowine" ret 0x139be8 0025:Call KERNEL32.GetVersion() ret=0040133d 002c:Starting thread proc 0x401457 (arg=0x340088) 002d:Starting thread proc 0x401457 (arg=0x340088) 002f:Starting thread proc 0x401457 (arg=0x340088) 0030:Starting thread proc 0x401457 (arg=0x340088) 0032:Starting thread proc 0x401457 (arg=0x340088) 0033:Starting thread proc 0x401457 (arg=0x340088) 0034:Starting thread proc 0x401a3d (arg=0x340088) 0031:Starting thread proc 0x401457 (arg=0x340088) 002e:Starting thread proc 0x401457 (arg=0x340088) trace:winsock:WSASocketW created 0060 trace:winsock:WS_connect socket 0060, ptr 0xe2ea34 { family AF_INET, address 120.22.205.1, port 139 }, length 16 trace:winsock:WSASocketW created 005c trace:winsock:WS_connect socket 005c, ptr 0xb2ea34 { family AF_INET, address 186.127.121.1, port 139 }, length 16 trace:winsock:WSASocketW created 0064 trace:winsock:WSASocketW created 006c trace:winsock:WS_connect socket 006c, ptr 0xf2ea34 { family AF_INET, address 91.147.241.1, port 139 }, length 16 002b:Starting thread proc 0x401457 (arg=0x340088) trace:winsock:WSASocketW created 0070 trace:winsock:WS_connect socket 0070, ptr 0xd2ea34 { family AF_INET, address 21.98.136.1, port 139 }, length 16 trace:winsock:WSASocketW created 0074 trace:winsock:WS_connect socket 0074, ptr 0xc2ea34 { family AF_INET, address 197.205.35.1, port 139 }, length 16 trace:winsock:WSASocketW created 0078 trace:winsock:WS_connect socket 0078, ptr 0x102ea34 { family AF_INET, address 33.206.17.1, port 139 }, length 16 trace:winsock:WSASocketW created 0068 002a:Starting thread proc 0x401457 (arg=0x340088) trace:winsock:WS_connect socket 0068, ptr 0xb2ea34 { family AF_INET, address 186.127.121.2, port 139 }, length 16 trace:winsock:WSASocketW created 0080 trace:winsock:WS_connect socket 0080, ptr 0x82ea34 { family AF_INET, address 81.14.52.1, port 139 }, length 16 trace:winsock:WS_connect socket 0064, ptr 0x112ea34 { family AF_INET, address 186.127.121.1, port 139 }, length 16 trace:winsock:WSASocketW created 0084 trace:winsock:WS_connect socket 0084, ptr 0x92ea34 { family AF_INET, address 179.205.229.1, port 139 }, length 16 trace:winsock:WSASocketW created 007c trace:winsock:WS_connect socket 007c, ptr 0xd2ea34 { family AF_INET, address 21.98.136.2, port 139 }, length 16 trace:winsock:WSASocketW created 008c trace:winsock:WS_connect socket 008c, ptr 0xc2ea34 { family AF_INET, address 197.205.35.2, port 139 }, length 16 trace:winsock:WSASocketW created 0090 trace:winsock:WS_connect socket 0090, ptr 0x102ea34 { family AF_INET, address 33.206.17.2, port 139 }, length 16 trace:winsock:WSASocketW created 0088 trace:winsock:WS_connect socket 0088, ptr 0xe2ea34 { family AF_INET, address 120.22.205.2, port 139 }, length 16 trace:winsock:WSASocketW created 0098 trace:winsock:WS_connect socket 0098, ptr 0xb2ea34 { family AF_INET, address 186.127.121.3, port 139 }, length 16 trace:winsock:WSASocketW created 009c trace:winsock:WS_connect socket 009c, ptr 0x82ea34 { family AF_INET, address 81.14.52.2, port 139 }, length 16 trace:winsock:WSASocketW created 0094 trace:winsock:WS_connect socket 0094, ptr 0x112ea34 { family AF_INET, address 186.127.121.2, port 139 }, length 16 trace:winsock:WSASocketW created 00a0 trace:winsock:WS_connect socket 00a0, ptr 0x92ea34 { family AF_INET, address 179.205.229.2, port 139 }, length 16 trace:winsock:WSASocketW created 00a8 trace:winsock:WS_connect socket 00a8, ptr 0xd2ea34 { family AF_INET, address 21.98.136.3, port 139 }, length 16 trace:winsock:WSASocketW created 00ac trace:winsock:WS_connect socket 00ac, ptr 0xc2ea34 { family AF_INET, address 197.205.35.3, port 139 }, length 16 trace:winsock:WSASocketW created 00a4 trace:winsock:WS_connect socket 00a4, ptr 0xf2ea34 { family AF_INET, address 91.147.241.2, port 139 }, length 16 trace:winsock:WSASocketW created 00b4 trace:winsock:WS_connect socket 00b4, ptr 0x102ea34 { family AF_INET, address 33.206.17.3, port 139 }, length 16 trace:winsock:WSASocketW created 00b8 trace:winsock:WS_connect socket 00b8, ptr 0xe2ea34 { family AF_INET, address 120.22.205.3, port 139 }, length 16 trace:winsock:WSASocketW created 00b0 trace:winsock:WS_connect socket 00b0, ptr 0xb2ea34 { family AF_INET, address 186.127.121.4, port 139 }, length 16 End of signature.