ID: 190256 Sample Name: burrrn_package.exe Cookbook: default.jbs Time: 03:10:57 Date: 18/11/2019 Version: 28.0.0 Lapis Lazuli Table of Contents
Table of Contents 2 Analysis Report burrrn_package.exe 4 Overview 4 General Information 4 Detection 4 Confidence 4 Classification 5 Analysis Advice 5 Mitre Att&ck Matrix 6 Signature Overview 6 Spreading: 6 Networking: 6 Key, Mouse, Clipboard, Microphone and Screen Capturing: 6 System Summary: 6 Data Obfuscation: 7 Persistence and Installation Behavior: 7 Boot Survival: 7 Hooking and other Techniques for Hiding and Protection: 7 Malware Analysis System Evasion: 7 Anti Debugging: 7 HIPS / PFW / Operating System Protection Evasion: 7 Language, Device and Operating System Detection: 7 Behavior Graph 7 Simulations 8 Behavior and APIs 8 Antivirus, Machine Learning and Genetic Malware Detection 8 Initial Sample 8 Dropped Files 8 Unpacked PE Files 9 Domains 9 URLs 9 Yara Overview 9 Initial Sample 9 PCAP (Network Traffic) 9 Dropped Files 9 Memory Dumps 9 Unpacked PEs 9 Sigma Overview 10 Joe Sandbox View / Context 10 IPs 10 Domains 10 ASN 10 JA3 Fingerprints 10 Dropped Files 10 Screenshots 10 Thumbnails 10 Startup 11 Created / dropped Files 11 Domains and IPs 17 Contacted Domains 17 URLs from Memory and Binaries 17 Contacted IPs 18 Static File Info 18 General 18 File Icon 18 Static PE Info 18 General 19 Entrypoint Preview 19 Rich Headers 20 Copyright Joe Security LLC 2019 Page 2 of 49 Data Directories 20 Sections 20 Resources 20 Imports 21 Possible Origin 21 Network Behavior 21 Code Manipulations 21 Statistics 21 System Behavior 21 Analysis Process: burrrn_package.exe PID: 2872 Parent PID: 4212 22 General 22 File Activities 22 File Created 22 File Deleted 25 File Written 25 File Read 48 Registry Activities 48 Key Created 48 Key Value Created 48 Key Value Modified 49 Disassembly 49 Code Analysis 49
Copyright Joe Security LLC 2019 Page 3 of 49 Analysis Report burrrn_package.exe
Overview
General Information
Joe Sandbox Version: 28.0.0 Lapis Lazuli Analysis ID: 190256 Start date: 18.11.2019 Start time: 03:10:57 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 5m 15s Hypervisor based Inspection enabled: false Report type: light Sample file name: burrrn_package.exe Cookbook file name: default.jbs Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 Number of analysed new started processes analysed: 6 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled HDC enabled AMSI enabled Analysis stop reason: Timeout Detection: CLEAN Classification: clean5.winEXE@1/20@0/0 EGA Information: Successful, ratio: 100% HDC Information: Successful, ratio: 26.9% (good quality ratio 25.8%) Quality average: 84.3% Quality standard deviation: 26% HCA Information: Failed Cookbook Comments: Adjust boot time Enable AMSI Found application associated with file extension: .exe Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe, CompatTelRunner.exe Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.
Detection
Strategy Score Range Reporting Whitelisted Detection
Threshold 5 0 - 100 false
Confidence
Copyright Joe Security LLC 2019 Page 4 of 49 Strategy Score Range Further Analysis Required? Confidence
Threshold 3 0 - 5 true
Classification
Ransomware
Miner Spreading
mmaallliiiccciiioouusss
malicious
Evader Phishing
sssuusssppiiiccciiioouusss
suspicious
cccllleeaann
clean
Exploiter Banker
Spyware Trojan / Bot
Adware
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample searches for specific file, try point organization specific fake files to the analysis machine Copyright Joe Security LLC 2019 Page 5 of 49 Mitre Att&ck Matrix
Privilege Defense Credential Lateral Command and Initial Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Valid Accounts Execution Startup Items 1 Startup Items 1 Masquerading 1 Input Process Application Input Data Standard through API 1 Capture 1 Discovery 1 Deployment Capture 1 Encrypted 1 Cryptographic Software Protocol 1 Replication Service Registry Run Process Software Network File and Remote Clipboard Exfiltration Over Fallback Through Execution Keys / Startup Injection 1 Packing 1 Sniffing Directory Services Data 1 Other Network Channels Removable Folder 1 Discovery 3 Medium Media Drive-by Windows Accessibility Path Process Input System Windows Data from Automated Custom Compromise Management Features Interception Injection 1 Capture Information Remote Network Shared Exfiltration Cryptographic Instrumentation Discovery 1 2 Management Drive Protocol Exploit Public- Scheduled Task System DLL Search Obfuscated Files Credentials System Network Logon Scripts Input Capture Data Encrypted Multiband Facing Firmware Order Hijacking or in Files Configuration Communication Application Information 1 1 Discovery
Signature Overview
• Spreading • Networking • Key, Mouse, Clipboard, Microphone and Screen Capturing • System Summary • Data Obfuscation • Persistence and Installation Behavior • Boot Survival • Hooking and other Techniques for Hiding and Protection • Malware Analysis System Evasion • Anti Debugging • HIPS / PFW / Operating System Protection Evasion • Language, Device and Operating System Detection
Click to jump to signature section
Spreading:
Contains functionality to enumerate / list files inside a directory
Enumerates the file system
Networking:
Urls found in memory or binary data
Key, Mouse, Clipboard, Microphone and Screen Capturing:
Contains functionality for read data from the clipboard
Creates a DirectInput object (often for capturing keystrokes)
System Summary:
Contains functionality to shutdown / reboot the system
Detected potential crypto function
PE file contains strange resources
Classification label
Copyright Joe Security LLC 2019 Page 6 of 49 Contains functionality to check free disk space
Contains functionality to instantiate COM classes
Creates files inside the program directory
Creates files inside the user directory
Creates temporary files
PE file has an executable .text section and no other executable section
Reads ini files
Reads software policies
Sample reads its own file content
Uses an in-process (OLE) Automation server
Found GUI installer (many successful clicks)
Submission file is bigger than most known malware samples
Data Obfuscation:
Contains functionality to dynamically determine API calls
Uses code obfuscation techniques (call, push, ret)
Sample is packed with UPX
Persistence and Installation Behavior:
Drops PE files
Installs Cygwin
Creates license or readme file
Boot Survival:
Stores files to the Windows start menu directory
Hooking and other Techniques for Hiding and Protection:
Disables application error messsages (SetErrorMode)
Malware Analysis System Evasion:
Found dropped PE file which has not been started or loaded
Checks the free space of harddrives
Contains functionality to enumerate / list files inside a directory
Enumerates the file system
Program exit points
Anti Debugging:
Contains functionality to dynamically determine API calls
HIPS / PFW / Operating System Protection Evasion:
May try to detect the Windows Explorer process (often used for injection)
Language, Device and Operating System Detection:
Queries the volume information (name, serial number etc) of a device
Behavior Graph
Copyright Joe Security LLC 2019 Page 7 of 49 Hide Legend Legend: Process Signature Created File DNS/IP Info Is Dropped
Is Windows Process
Behavior Graph Number of created Registry Values ID: 190256 Number of created Files Sample: burrrn_package.exe Visual Basic Startdate: 18/11/2019 Architecture: WINDOWS Delphi Score: 5 Java
started .Net C# or VB.NET
C, C++ or other language burrrn_package.exe Is malicious
Internet 1 73
dropped dropped dropped dropped
C:\Users\user\AppData\Local\...\StartMenu.dll, PE32 C:\Program Files (x86)\Burrrn\wvunpack.exe, PE32 C:\Program Files (x86)\Burrrn\ttaenc.exe, PE32 13 other files (none is malicious)
Simulations
Behavior and APIs
No simulations
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Source Detection Scanner Label Link burrrn_package.exe 1% Virustotal Browse burrrn_package.exe 3% Metadefender Browse
Dropped Files
Source Detection Scanner Label Link C:\Program Files (x86)\Burrrn\Burrrn.exe 1% Virustotal Browse C:\Program Files (x86)\Burrrn\Burrrn.exe 0% Metadefender Browse C:\Program Files (x86)\Burrrn\MAC.exe 0% Virustotal Browse C:\Program Files (x86)\Burrrn\MAC.exe 0% Metadefender Browse C:\Program Files (x86)\Burrrn\Uninstall.exe 0% Virustotal Browse C:\Program Files (x86)\Burrrn\Uninstall.exe 0% Metadefender Browse C:\Program Files (x86)\Burrrn\WaveGain.exe 0% Virustotal Browse C:\Program Files (x86)\Burrrn\WaveGain.exe 0% Metadefender Browse C:\Program Files (x86)\Burrrn\cdrdao.exe 0% Virustotal Browse C:\Program Files (x86)\Burrrn\cdrdao.exe 0% Metadefender Browse Copyright Joe Security LLC 2019 Page 8 of 49 Source Detection Scanner Label Link C:\Program Files (x86)\Burrrn\faad.exe 1% Virustotal Browse C:\Program Files (x86)\Burrrn\faad.exe 0% Metadefender Browse C:\Program Files (x86)\Burrrn\flac.exe 0% Virustotal Browse C:\Program Files (x86)\Burrrn\flac.exe 0% Metadefender Browse C:\Program Files (x86)\Burrrn\lame.exe 0% Virustotal Browse C:\Program Files (x86)\Burrrn\lame.exe 0% Metadefender Browse C:\Program Files (x86)\Burrrn\mppdec.exe 1% Virustotal Browse C:\Program Files (x86)\Burrrn\mppdec.exe 0% Metadefender Browse C:\Program Files (x86)\Burrrn\ofr.exe 0% Virustotal Browse C:\Program Files (x86)\Burrrn\ofr.exe 0% Metadefender Browse C:\Program Files (x86)\Burrrn\shorten.exe 1% Virustotal Browse C:\Program Files (x86)\Burrrn\shorten.exe 0% Metadefender Browse
Unpacked PE Files
No Antivirus matches
Domains
No Antivirus matches
URLs
Source Detection Scanner Label Link www.burrrn.net/DVarFileInfo$ 0% Avira URL Cloud safe www.musepack.net/ 0% Virustotal Browse www.musepack.net/ 0% Avira URL Cloud safe www.burrrn.net/) 0% Avira URL Cloud safe www.apehaus.com/burrrn/ 0% Avira URL Cloud safe home.wanadoo.nl/~w.speek/speek.htm 1% Virustotal Browse home.wanadoo.nl/~w.speek/speek.htm 0% Avira URL Cloud safe www.burrrn.net/ 0% Virustotal Browse www.burrrn.net/ 0% Avira URL Cloud safe www.mp3dev.org/mp3/ 0% Virustotal Browse www.mp3dev.org/mp3/ 0% Avira URL Cloud safe home.vxu.se/mdati00/frontah/ 0% Avira URL Cloud safe www.ca5e.tk/ 0% Virustotal Browse www.ca5e.tk/ 0% Avira URL Cloud safe LosslessAudioCompression.com/ 0% Virustotal Browse LosslessAudioCompression.com/ 0% Avira URL Cloud safe
Yara Overview
Initial Sample
No yara matches
PCAP (Network Traffic)
No yara matches
Dropped Files
No yara matches
Memory Dumps
No yara matches
Unpacked PEs
No yara matches Copyright Joe Security LLC 2019 Page 9 of 49 Sigma Overview
No Sigma rule has matched
Joe Sandbox View / Context
IPs
No context
Domains
No context
ASN
No context
JA3 Fingerprints
No context
Dropped Files
No context
Screenshots
Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Copyright Joe Security LLC 2019 Page 10 of 49 Startup
System is w10x64 burrrn_package.exe (PID: 2872 cmdline: 'C:\Users\user\Desktop\burrrn_package.exe' MD5: 5AF351F824B70C73A95263C5697C1D06) cleanup
Created / dropped Files
C:\Program Files (x86)\Burrrn\Burrrn.exe
Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed Size (bytes): 481792 Entropy (8bit): 7.788810324401126 Encrypted: false MD5: B6C7272DD4186A7FF05775BA8864F88C SHA1: DB6431B8E4F93A2E9BE13E1D8C1ED6136EEB5BF0 SHA-256: 22E557E189CC6D3E1B1E67FF9CF80287783E73B683A584D2AE4BEBEE105D27FB SHA-512: 69D58DB3D0665F7FE7C894FCD3075F858EB2942F91B772275801D25BD8BB379C52A80A97A1B23EB96DF5C2FB2BDF63D70C8FB7246B9C5F0F05184F511394FBB6 Malicious: false Antivirus: Antivirus: Virustotal, Detection: 1%, Browse Antivirus: Metadefender, Detection: 0%, Browse Reputation: low
Copyright Joe Security LLC 2019 Page 11 of 49 C:\Program Files (x86)\Burrrn\Burrrn.exe
Preview: MZP...... @...... !..L.!..This program must be run under Win32..$7...... PE..L....^B*...... p.. &...... 0....@...... @...... P....0...... '...... UPX0.....p...... UPX1...... @....rsrc...... 0...... @...... 1.24 .UPX!....
C:\Program Files (x86)\Burrrn\Language\Chinese (Simplified).lng Process: C:\Users\user\Desktop\burrrn_package.exe File Type: Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators Size (bytes): 44584 Entropy (8bit): 6.3804593957947295 Encrypted: false MD5: 777E97C80A7F615DDA74801002FC6983 SHA1: A62BB58F9016567B728F205D9F392EDD991D5B13 SHA-256: 7B686C95082E45C674BAAA276D81E2450E69AD230EB79A74A85976EE91B7F2C6 SHA-512: 4A3FA7BDE97C971E00D4AA25373255A6825B67990F6E3E13E8E4BFB23A73587675D034169AD81DD8935A5A80DEEB895FACC0C6C84DE37414B9927E48C87127F2 Malicious: false Reputation: low Preview: [LANGUAGE]..000:Chinese (Simplified)..[MAIN]..001:Burrrn..002:...... 003:.....004:Burrrn..005:...... 006:...... 007:...... :..008:.....009:.....010:.....011:...... 012:...... 013:...... 014:...... 015:...... 016:...... 017:.....018:...... 019:.....020:.....106:...... [HINTS]..021:...... !!!..022:.....023:...... , ...... 024:...... , ...... !..025:...... 026:...... 027:...... , ...... 028:"...... , ...... "..029:...... 030:...... 031:..., ...... 032:...... // because this is very long, use "|" to break up the text..107:...... , ...... |...... "...... CD"|...... |...... [PROGRESS]..033:...... 034:...... 035:...... , ...... 036:...... !..037:...... !..03 8:...... : ..039:
C:\Program Files (x86)\Burrrn\Language\_changes.txt Process: C:\Users\user\Desktop\burrrn_package.exe File Type: Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators Size (bytes): 25503 Entropy (8bit): 5.92822481420948 Encrypted: false MD5: CA086FDC8A5893FEA01AE38FFAF92BC2 SHA1: D16CCBF384747F30F69683CE60D46A37934A8D50 SHA-256: 209F1522700CAAE30E8ABEBC8C4A4C8DDD0671D1AB629D02236D07A26F8E0E9C SHA-512: AEBBDE175A73C2FC3C0E781A963E9AAEACEDE374FFA228394EC57858369915956973DDA982D43A25380A36E4339695619F1007A45996B70CE1ED8FB0AF85863E Malicious: false Reputation: low Preview: ..Burrrn 1.12:..110-113 - added new strings..______..Burrrn 1.10:..077 - changed..109 - added new string..______..Burrrn 1.09:..106-108 - added new strings..______..Burrrn 1.08:..103-105 - added new strings..______..Burrrn 1.07:..093-102 - added new strings..______..Burrrn 1.06:..069-092 - added new strings..// Translation made with Translator 1.32 (http://www2.arnes.si/~sopjsimo/translator.html)..// $Translator:NL=%n:TB=%t..//..[LANGUAGE]..000:Bulgarian / Burrrn 1.1.0..[MAIN]..001:...... 002:...... 003:...... 004:Burrrn..005:...... 006:...... 007:..... CD..008:...... 009:...... 010:...... 011:...... 012:...... 013:...... 014:...... 015:...... 016:.. Burrrn..017:...... 018:...... 019:...... 020:...... 106:...... [HINTS]..021:...... !!!..022:...... 023:...... , ...... CD-ROM ...... 024:......
C:\Program Files (x86)\Burrrn\MAC.exe
Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed Size (bytes): 74752 Entropy (8bit): 7.85493914721604 Encrypted: false MD5: 079D8E36D6CD277D07C313D49D6BD53B SHA1: 2193E698D4601959CC5BA11F47DC86AACF3D4C67 SHA-256: BBC372337BA7CFE7D729857CD74A9FDD0E798901271225B566A1205D1A2E639A SHA-512: DB69C99F2AD7D45CDA0BB022685CF97582A8F3384CB449BFB4527A71EC1A9F4B50BBBF711CBFA1FA098DC25C27BC4203ECB1A3F449C56A378752A4F58F2777 E9 Malicious: false Antivirus: Antivirus: Virustotal, Detection: 0%, Browse Antivirus: Metadefender, Detection: 0%, Browse Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... [P...1...1...1...=...1...=..k1...1...1...9...1..9...1...1..Q1...9...1..9...1...=.. 11...=...1...:...1...=...1..Rich.1...... PE..L.....@...... @...... O..-...... UPX0...... UPX1...... @....rsrc...... @...... 1.24.UPX!....
C:\Program Files (x86)\Burrrn\Uninstall.exe
Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive Copyright Joe Security LLC 2019 Page 12 of 49 C:\Program Files (x86)\Burrrn\Uninstall.exe
Size (bytes): 58776 Entropy (8bit): 6.252335897135898 Encrypted: false MD5: 5B81BD6BDD91577E8F567A344FEA28AB SHA1: 420D0090A0E29F2B04449EABA23B3DDC0D9F7D27 SHA-256: AB72FF8436720F304B73594C8AD771F974D5BD0B7A45E1CF5DE0C160AF990C28 SHA-512: CCE19F0E3D4BB61B60169E5852D1D3D9092951AD148DBD6031F5141FD32359497A7E4F63977BA06CC7E692F08E95F6ECC2E6D05A89A26C91819C8FD504726D4B Malicious: false Antivirus: Antivirus: Virustotal, Detection: 0%, Browse Antivirus: Metadefender, Detection: 0%, Browse Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... }J...$...$...$./.{...$...%.=.$.".y...$..?....$.f."...$.Rich..$...... PE..L....7.B...... Z...... 03...... p....@...... P...... r...... p...... p...... text....Y...... Z...... `.rdata...... p...... ^...... @[email protected]...... p...... @....ndata...... P...... rsrc....p...... l...t...... @..@......
C:\Program Files (x86)\Burrrn\WaveGain.exe
Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed Size (bytes): 52736 Entropy (8bit): 7.83698293995517 Encrypted: false MD5: B0F236074B84EF6C1514FDE74FE32958 SHA1: 94078A9C7A9EDE2EDED9677D4A44AB2D630053B3 SHA-256: 304AE2FE73ABE0AABF790F260DEF3EF0E61F8E42A1D462B55A7F984C398FD705 SHA-512: 3321E9C79CC30B568160BF6539D92276EA13F2251CB7BE5E4783C7617606041371DD7391BF1F1E9F71DDE6D9C44B48CE6D8AE77922A0894A4EB255CC906AE96A Malicious: false Antivirus: Antivirus: Virustotal, Detection: 0%, Browse Antivirus: Metadefender, Detection: 0%, Browse Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... B...... }.....0...... &..d...... D..0.....Rich...... PE..L...Q.W B...... @...... @...... t...... UPX0...... UPX1...... @...UPX2...... @...... 1.23.UPX!....
C:\Program Files (x86)\Burrrn\cdrdao.exe
Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed Size (bytes): 256512 Entropy (8bit): 7.873992454204069 Encrypted: false MD5: 43AC3FC8FA0185C2FDCE6C78A2F9AB77 SHA1: 0574FC1FCE1A44CCADCABAB3200BB35B8BB81C02 SHA-256: 99BE5DD86153882C7879DD0DADA1E1ECD24B0F84FB7238D5BE8046D46778E881 SHA-512: 1C3AADDAA3DFF3BE7E32945548CD24C294DCD45F6D2E9EC596A22B75BED139076B4094F369537F1A849D569C083DDF91E4378D1BFD068DA8B04801064491D099 Malicious: false Antivirus: Antivirus: Virustotal, Detection: 0%, Browse Antivirus: Metadefender, Detection: 0%, Browse Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... PE..L....m.?...... 8...... 0...#[email protected]....@...... @ ...... 0...... UPX0.....0...... UPX1...... @...... @...UPX2...... 0...... @...1.24.UPX!...... ~.D.....c....J..&...... U...... `K...t...}...E.%....f.E...... ?....m...$p.@.....|....~.].~].....freedb...~j.org #:/~cd./...... cgi uk_ukWc=.< .zcz.0,...... FATAL ERROR: .INT.N!?f..WA.)G.#..v...... '..?(.u..u..].]..}...... 4$..L.E.j~...D0...... }.xl;..@J.~..^p^....P..&.n<.|[email protected]....,.}. t...t.G.D.>v.?...G..{._.....E...... G.to....B...... <...ie...... y2i.../..M...#.C....1.1..?.~.7...Cdrdao versio....n %s - (C) An1ea.Muell9....
C:\Program Files (x86)\Burrrn\cygwin1.dll Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed Size (bytes): 417855 Entropy (8bit): 7.871689486167951 Encrypted: false MD5: E7C49C5869DD0AD9EA7E100C88AE921C SHA1: 427586099183945F8BBB21875E960C0358069CA0 SHA-256: E0F9EC36B4FD76F78B699B0665658C8F92D040973AE86751DB24009DCCCACD3A
Copyright Joe Security LLC 2019 Page 13 of 49 C:\Program Files (x86)\Burrrn\cygwin1.dll SHA-512: EADC060E03B7CEBA3368BC9FACA94FD2A7FF6A629A29D2F65C6013B0B6F1C09620996770B5C47E93C38FF00634EC1B7B2CD9BDCA4BD1FB82F241EEEDE50CB D4A Malicious: false Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... PE..L...d.l?...... #...8...... @f...... p.....a...... t..|u..Dt..`....p..D...... UPX0...... UPX1...... @....rsrc...... p ...|...... @...1.24.UPX!...... &Da.F...... b...&3.g....CONOUT$..assertion ~f.."%s" failed:..#, lin....%d..Fa ..>.r...atk of.+...... t&.U...(.D$....u..u..}'.....}..].,...... @..$z. 3.....l...... t+.'..E.%..^n..|s.t[.r[ ...n.o...... 4T.....s...jf.^....r.\$.l..`|;.....$t.... .w...^W..^...... ?5?couldn'!dynamic....ally.et[mBloa.?..xddre.Qor '' E.~.(handhp),.Ey./.-.Z.B....t.HZ..%...... ).P..$P .X...... [email protected]).1mp.....B.sA...... %P9*. .'.,. not.kQ...... WVS(.;E...m....
C:\Program Files (x86)\Burrrn\faad.exe
Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed Size (bytes): 167424 Entropy (8bit): 7.8819230197592205 Encrypted: false MD5: 5F2DD8E050A0E424C7C0491D0C1E9D1B SHA1: F9C91C1BAF53DABBA4515BD0756935E313040575 SHA-256: FF082F1B75399774A5154964A33AEF71238AE1C75D8E383852F8F494037D31B1 SHA-512: E5AEF0E639D3FD84DC0908FCBF1A8E9E67E8D12CCCFA5272AC581EB56D7D6FB80D51ABA5E8D66B41BC0FD7D0EFFB87C7894CD0C09C5B47659E23D5DC58A4 DB65 Malicious: false Antivirus: Antivirus: Virustotal, Detection: 1%, Browse Antivirus: Metadefender, Detection: 0%, Browse Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... f..d5..d5..d5..h5..d5z.j5..d5..n5.d5..`5..d5..e5..d5..w5..d 5.n5.d5Rich..d5...... PE..L....X.@...... P...... @...... UPX0...... UPX1...... @...UPX2...... @...... 1.24.UPX!....
C:\Program Files (x86)\Burrrn\flac.exe
Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed Size (bytes): 91648 Entropy (8bit): 7.881842909531025 Encrypted: false MD5: 935AE220BC3EBF5F9226E30F972A27E1 SHA1: CD33FA705A66B5E915F9E2EF63DAD7C2F6855127 SHA-256: 6581D51CC76EBE957148ACB009AF622A5C8BE67A5BDCDB8D0D2FA5FC4E824552 SHA-512: B2143EA3BBC21DA09520AA13E912FB5277D7868D1DF08C664B7D045ACABBD95A71015A1F75E5F28B09F1CE38EA3AB661857DCA376127A0799BFC6527EBC2275 8 Malicious: false Antivirus: Antivirus: Virustotal, Detection: 0%, Browse Antivirus: Metadefender, Detection: 0%, Browse Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... eS..=...=...=...... =...1...=...3...=.`.9...=...<...=...=...=.`.7...=.Rich..=...... PE..L...^..B...... `...... /...0..0/...0...@...... 0...... 0...... UPX0..... /...... UPX1.....`...0/..`...... @...UPX2...... 0...... d...... @...... 1.24.UPX!....
C:\Program Files (x86)\Burrrn\lame.exe
Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed Size (bytes): 187904 Entropy (8bit): 7.914401252957144 Encrypted: false MD5: B1C9F274A9404A140F9CA99BDD5DAA10 SHA1: 04E360C34457FCD70248ADB36A94EC0E2BEA41E7 SHA-256: 13632CB88958CC39EAF6E4A71FA5CDFBD0CC269A8CC360AAEEE10EFE9B94D86B SHA-512: C5DA3B0A5C0E52C3051D0E12A2A27EB81953F0FC58B0111301E5E388C7BF9A9D319EC53F18A08BD5386ABD9C16ED13ACF5CA93B49F1A238DAF2A2904E7B059 34 Malicious: false Antivirus: Antivirus: Virustotal, Detection: 0%, Browse Antivirus: Metadefender, Detection: 0%, Browse Reputation: low
Copyright Joe Security LLC 2019 Page 14 of 49 C:\Program Files (x86)\Burrrn\lame.exe
Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... g...#...#...#...X...!...... "...... T...... 5...A...... #...g...#...... Rich#...... PE..L...... A...... p...... @...... t...... UPX0...... UPX1...... @...UPX2...... @...... 1.24 .UPX!....
C:\Program Files (x86)\Burrrn\mppdec.exe
Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed Size (bytes): 62464 Entropy (8bit): 7.857209732233084 Encrypted: false MD5: 3D4C0082029216474DEE3C6625719CCC SHA1: 3A50CC0AB56C8D0C58848028647FD10C755D261F SHA-256: FC15977217A8003FF5CD116CC2ECB26C05FFA3F8B1EACA0C6F9BEF507E22AEFA SHA-512: A0732880640CD228A67D368339011A231115C6410B4D4E2CB0700EC706A06FF48D67C614E1F46EA2228F45A5F43F4AEE7B4F6A0BA52C99A6FCF5BB2221256F0F Malicious: false Antivirus: Antivirus: Virustotal, Detection: 1%, Browse Antivirus: Metadefender, Detection: 0%, Browse Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... S.vq..vq..vq..j}..vq..iz..vq..i{..vq.*j...vq..ib..vq..vp..vq.Ai{..vq. .U{..vq..vq..vq.Rich.vq...... PE..L...SL<>...... @...... UPX0...... UPX1...... @...UPX2...... @...... 1.24.UPX!....
C:\Program Files (x86)\Burrrn\ofr.exe
Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed Size (bytes): 90624 Entropy (8bit): 7.896574486708851 Encrypted: false MD5: 6AB1CFD5B44B9EB7C6AF3CEA4D1F4AF8 SHA1: 028F3F1C8A7E14F04B41621A005FAB0846BD6229 SHA-256: 8474A0399D6204CD26EA650E0F3E8D4C247638514D57EC341422B9EA8CEEAD0B SHA-512: 7BBD24990C79285261E7BEA94B9152E3A1B9391C0F7D50E46E2E7B9EF8ACDEBCF6E7BB00AA52A75321B13789C078838AFC71E283EC109FB362067D1B1D6DFE F6 Malicious: false Antivirus: Antivirus: Virustotal, Detection: 0%, Browse Antivirus: Metadefender, Detection: 0%, Browse Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... Rich...... PE..L...&.{@...... `...... `..P....p...... @...... t...... UPX0.....`...... UPX1.....`...p...\...... @...UPX2...... `...... @...... 1.24.UPX!....
C:\Program Files (x86)\Burrrn\oggdec.exe Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed Size (bytes): 86973 Entropy (8bit): 7.811306704619475 Encrypted: false MD5: 8E20F1310B68ED4867550C1434F18F08 SHA1: 8B457565426A4497DD118B83DC216F95CBECC033 SHA-256: 6F69F528BA9C2ED6A8E0B2910773015D64D33560C53C0E60A08084AC7D532426 SHA-512: 1E6C3736F7614D35ABD2215ADA05B322F33557474078A39891E14312091ABB8BDD867EBAC7CF67AAC1453EF0EE5F3DDDAF3756DC016E62EBA49ABCAB84C577 84 Malicious: false Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... XLy".-.q.-.q.-.qg1.q.-.q.2.q.-.q.1.q.-.q.-.q--.q~2.q.-.q.2.qe-.qRich.-.q ...... PE..L...].7=...... 0...... P...... `...... @...... t...... UPX0.....P...... UPX1.....0...`...&...... @...UPX2...... *...... @...... 1.24.UPX!....
C:\Program Files (x86)\Burrrn\shorten.exe
Process: C:\Users\user\Desktop\burrrn_package.exe Copyright Joe Security LLC 2019 Page 15 of 49 C:\Program Files (x86)\Burrrn\shorten.exe
File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed Size (bytes): 95232 Entropy (8bit): 7.901222833119654 Encrypted: false MD5: F82697F4A0992981836301251D758BEA SHA1: 48ABB3D250406360FCA4177F0E560D95D7217C11 SHA-256: 7FA48181D59158AEBCB3EE754926C3D64CD6F2A0DE2D3713A72146F851E78748 SHA-512: 40B89AC3B8A8927B8E19A486C926FCA8552D7B347EF04C951C0843BA88C477612C0F2146F9046AAF958A47AFF28B22DD3DA81455A16768D5165C97C150424E75 Malicious: false Antivirus: Antivirus: Virustotal, Detection: 1%, Browse Antivirus: Metadefender, Detection: 0%, Browse Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... ".4.f.Z^f.Z^f.Z^..V^a.Z^..Q^g.Z^.T^s.Z^..P^..Z^..I^e.Z^f.[^".Z ^f.Z^D.Z^Richf.Z^...... PE..L.....J>...... p...... @...... `...... @...... t...... UPX0.....@...... UPX1.....p...`...n...... @...UPX2...... r...... @...... 1.24.UPX!....
C:\Program Files (x86)\Burrrn\ttaenc.exe Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed Size (bytes): 46080 Entropy (8bit): 7.799817038521742 Encrypted: false MD5: 31E913B2A5C06AE1DD060D861D994B60 SHA1: 54114DB6CDB2F735451CEDC9BC78360513F03A3D SHA-256: 7CEFBD560736B094B47DF9C15B7C54D97277F814341EDA0C14FB64D3CF5A01FA SHA-512: ECC69604CF2E8C51B39F8CC7298A868DED18CA5EFABBD5CFA999E13395FFE8D86185CEAED0E92D944BD2D18D55700FAE20CB9F3C1DB163E4671A07CFB6A65 071 Malicious: false Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... N...... _...... Rich...... PE..L....rtA...... @...... t...... UPX0...... UPX1...... @...UPX2...... @...... 1.24. UPX!....
C:\Program Files (x86)\Burrrn\wvunpack.exe Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed Size (bytes): 55808 Entropy (8bit): 7.869097529486343 Encrypted: false MD5: 225821D59B6A17E3310AA7F69EABA7FA SHA1: 4DAADDBCC32FF9C367081D498E44937DD18BCC6D SHA-256: BA6D5F0A87EE80FFA2E2B51DD340A9F7ADD2877F00925257987884D3831AD00F SHA-512: 8CD76CCC62D7848ACE84A3D8A75B210F4B039161A379775B3E3A0506B34A736BB63D48C35E11644DAB25B694C37451729BC9977AACB0E3F4E79C81CE369540B1 Malicious: false Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... :..~...~...~...... x...... o...... }...~...6...... Rich~...... PE..L .....OB...... @...... t...... UPX0...... UPX1...... @...UPX2...... @...... 1.24.UPX!....
C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp Process: C:\Users\user\Desktop\burrrn_package.exe File Type: data Size (bytes): 2280064 Entropy (8bit): 7.856433238941255 Encrypted: false MD5: ECF58AE5FED300BE9C0241BC1393590A SHA1: 25F5C3684ED4DD66DD2BDE5279EB39AC131D978C SHA-256: 726E289CB68C72929DA65C97365BFEFB329A1E68B9C12FFACAEA3B052F02A44A
Copyright Joe Security LLC 2019 Page 16 of 49 C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp SHA-512: B03B3EE4FF9F1B85CC11D14ACDFD859CCDA02D471E1026E2762D87E5B81DEC0053DAE5D56693F34E7471288DC8FA4CE660A2F99FBF80B834AA3036CCFC6E3E 98 Malicious: false Reputation: low Preview: .,...... `...... T ...... _+...... ,...... B...... d...T...... h...... g...... A...... j...... B...G...H...... e...:......
C:\Users\user\AppData\Local\Temp\nslE25.tmp\StartMenu.dll Process: C:\Users\user\Desktop\burrrn_package.exe File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows Size (bytes): 6656 Entropy (8bit): 4.9661684825218355 Encrypted: false MD5: 7E45B2485D98AD5A44514B6DF4FA4544 SHA1: BF000B012B341925AADDB546331064BD6949816C SHA-256: 95CF100FE8CE66189514002965C6274D2C9D3089FE885FB9230AAE547A9E4012 SHA-512: 01FA8E8CFB85243CC7EA89EDE30AAD21EED56508CC39E327C847A0C6C2121C3882D5B7068A1D56BF37D576D589697A58C1DE8FA168707AA25D5E3AAF0486FA0 D Malicious: false Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... U..FU..FU..FU..F...F..F\..F...FT..F...FT..F...FT..FRichU..F...... PE..L...{7.B...... !...... p...... $..e...... d....P..(...... `..P...... text...... `.rdata...... @[email protected]...... 0...... @....rsrc...(....P...... @[email protected]...... `...... @..B......
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burrrn\Burrrn.lnk Process: C:\Users\user\Desktop\burrrn_package.exe File Type: MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Oct 19 20:45:39 2005, mtime=Mon Nov 18 10:12:16 2019, atime=Wed Oct 19 20:45:39 2005, length=481792, window=hide Size (bytes): 3257 Entropy (8bit): 4.5732698857304985 Encrypted: false MD5: 93F03B31BB295B8E0A17AA3BF616DBA6 SHA1: 8287AF02711E4E0D38C1EB27473E2FB68D275C2A SHA-256: 1600506F16C043C3FC76E2642CBCE8C7567456627F90F2C97ACAD2F45C8739CE SHA-512: 90D82AFDEC83E086E5A13392359A0883E5CCF3A5A7E46D16720EED2A73C36ABF7D9ED90AF41F39D8F9BC503D725553E5FBFB940448F1464AA8C809F40C03CD2 1 Malicious: false Reputation: low Preview: L...... F...... Yr...... !...... Yr.....Z...... {....P.O. .:i.....+00.../C:\...... 1.....rO.Y..PROGRA~2...... L.rO.Y...... V.....|.,.P.r.o.g.r.a.m. .F.i.l.e.s. .(. x.8.6.)[email protected].,.-.2.1.8.1.7.....T.1.....rO.Y..Burrrn..>...... rO.YrO.Y.....V...... |.,.B.u.r.r.r.n.....`.2..Z..S3.. .Burrrn.exe..F...... S3..rO.Y...... 2$E.B.u.r.r.r.n...e.x.e...... W...... -...... V...... N<.....C:\Program Files (x86)\Burrrn\Burrrn.exe..@.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6 .).\.B.u.r.r.r.n.\.B.u.r.r.r.n...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.u.r.r.r.n...... *...... @Z|...K.J...... `...... X...... 585948...... x..C..Z.;...,..}....._.] Domains and IPs Contacted Domains No contacted domains info URLs from Memory and Binaries Name Source Malicious Antivirus Detection Reputation www.foobar2000.org/ oggdec.exe.0.dr false high www.burrrn.net/DVarFileInfo$ Burrrn.exe.0.dr false Avira URL Cloud: safe low www.hydrogenaudio.org/ oggdec.exe.0.dr false high www.musepack.net/ oggdec.exe.0.dr false 0%, Virustotal, Browse low Avira URL Cloud: safe www.xiph.org/ oggdec.exe.0.dr false high www.burrrn.net/) oggdec.exe.0.dr false Avira URL Cloud: safe low Copyright Joe Security LLC 2019 Page 17 of 49 Name Source Malicious Antivirus Detection Reputation www2.arnes.si/~sopjsimo/translator.html). oggdec.exe.0.dr false high www.apehaus.com/burrrn/ oggdec.exe.0.dr false Avira URL Cloud: safe low www.monkeysaudio.com/ oggdec.exe.0.dr false high www.exactaudiocopy.de/ oggdec.exe.0.dr false high www.wavpack.com/ oggdec.exe.0.dr false high home.wanadoo.nl/~w.speek/speek.htm oggdec.exe.0.dr false 1%, Virustotal, Browse low Avira URL Cloud: safe www.burrrn.net/ oggdec.exe.0.dr false 0%, Virustotal, Browse low Avira URL Cloud: safe www.mp3dev.org/mp3/ oggdec.exe.0.dr false 0%, Virustotal, Browse low Avira URL Cloud: safe home.vxu.se/mdati00/frontah/ oggdec.exe.0.dr false Avira URL Cloud: safe low www.ca5e.tk/ oggdec.exe.0.dr false 0%, Virustotal, Browse unknown Avira URL Cloud: safe cdrdao.sourceforge.net/ oggdec.exe.0.dr false high upx.sourceforge.net oggdec.exe.0.dr false high mitiok.cjb.net/ oggdec.exe.0.dr false high tagger.de.vu/ oggdec.exe.0.dr false high www.winamp.com/ oggdec.exe.0.dr false high flac.sourceforge.net/ oggdec.exe.0.dr false high LosslessAudioCompression.com/ oggdec.exe.0.dr false 0%, Virustotal, Browse low Avira URL Cloud: safe www2.arnes.si/~sopjsimo/translator.html) Chinese (Simplified).lng.0.dr false high Contacted IPs No contacted IP infos Static File Info General File type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive Entropy (8bit): 7.992886500560784 TrID: Win32 Executable (generic) a (10002005/4) 92.16% NSIS - Nullsoft Scriptable Install System (846627/2) 7.80% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00% File name: burrrn_package.exe File size: 2125249 MD5: 5af351f824b70c73a95263c5697c1d06 SHA1: e4d64f1239ee88726bbe3f4c77eff587f74ed704 SHA256: f4ff958747f1015215419fa8915729cf90592106e2d30afe0 bad2df71fe3842f SHA512: 58b95765608bbf1a62efa4166fc683b05c735ad28d87694 4b6119fbe4074650c493c68b4ff5e6a67eaa11bb4c7cc7a 23b469c18d2ad14088e045e1876105f698 SSDEEP: 49152:2uAwrENDtmpNlAJw9hRpnwvEWyS/Vlo9to:Kkg MAJw9hRWJ1/J File Content Preview: MZ...... @...... !..L.!Th is program cannot be run in DOS mode....$...... }J...$... $...$./.{...$...%.=.$.".y...$..?....$.f."...$.Rich..$...... PE..L....7.B...... Z...... File Icon Icon Hash: 78e266e6eccecece Static PE Info Copyright Joe Security LLC 2019 Page 18 of 49 General Entrypoint: 0x403330 Entrypoint Section: .text Digitally signed: false Imagebase: 0x400000 Subsystem: windows gui Image File Characteristics: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED DLL Characteristics: Time Stamp: 0x42B737D5 [Mon Jun 20 21:40:37 2005 UTC] TLS Callbacks: CLR (.Net) Version: OS Version Major: 4 OS Version Minor: 0 File Version Major: 4 File Version Minor: 0 Subsystem Version Major: 4 Subsystem Version Minor: 0 Import Hash: b711f65a9aff6a22fb2f57f0ac8bda33 Entrypoint Preview Instruction sub esp, 20h push ebx push ebp push esi xor ebx, ebx push edi mov dword ptr [esp+18h], ebx mov dword ptr [esp+10h], 00409168h mov byte ptr [esp+14h], 00000020h call dword ptr [00407030h] push ebx call dword ptr [00407280h] push 00409288h push 00423B40h mov dword ptr [004243F0h], eax call 00007F45BC7A16E7h mov esi, 0042B400h mov edi, 00000400h push esi push edi call dword ptr [004070B8h] call 00007F45BC79EE9Fh mov ebp, dword ptr [00407074h] test eax, eax jne 00007F45BC79EF43h push 000003FBh push esi call dword ptr [004070B4h] push 00409280h push esi call ebp call 00007F45BC79EE7Ch test eax, eax je 00007F45BC79F06Dh mov esi, 0042A000h push esi call dword ptr [00407154h] push edi call dword ptr [00407158h] push eax push esi call dword ptr [004070ACh] push 00000000h Copyright Joe Security LLC 2019 Page 19 of 49 Instruction call dword ptr [0040711Ch] cmp byte ptr [0042A000h], 00000022h mov dword ptr [00424340h], eax jne 00007F45BC79EF2Ch mov byte ptr [esp+14h], 00000022h mov esi, 0042A001h push dword ptr [esp+14h] push esi call 00007F45BC7A1192h push eax call dword ptr [0040721Ch] Rich Headers Programming Language: [EXP] VC++ 6.0 SP5 build 8804 Data Directories Name Virtual Address Virtual Size Is in Section IMAGE_DIRECTORY_ENTRY_EXPORT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_IMPORT 0x72c0 0xb4 .rdata IMAGE_DIRECTORY_ENTRY_RESOURCE 0x2e000 0x7000 .rsrc IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x0 0x0 IMAGE_DIRECTORY_ENTRY_SECURITY 0x0 0x0 IMAGE_DIRECTORY_ENTRY_BASERELOC 0x0 0x0 IMAGE_DIRECTORY_ENTRY_DEBUG 0x0 0x0 IMAGE_DIRECTORY_ENTRY_COPYRIGHT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x0 0x0 IMAGE_DIRECTORY_ENTRY_TLS 0x0 0x0 IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0x0 0x0 IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_IAT 0x7000 0x290 .rdata IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0x0 0x0 IMAGE_DIRECTORY_ENTRY_RESERVED 0x0 0x0 Sections Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics .text 0x1000 0x59ae 0x5a00 False 0.663845486111 data 6.43912890331 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ .rdata 0x7000 0x10cc 0x1200 False 0.420572916667 data 5.00885344091 IMAGE_SCN_CNT_INITIALIZED_DA TA, IMAGE_SCN_MEM_READ .data 0x9000 0x1b3f4 0x400 False 0.6298828125 data 5.12246770615 IMAGE_SCN_CNT_INITIALIZED_DA TA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ .ndata 0x25000 0x9000 0x0 False 0 empty 0.0 IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_ DATA, IMAGE_SCN_MEM_READ .rsrc 0x2e000 0x7000 0x6c00 False 0.613968460648 data 5.69159288085 IMAGE_SCN_CNT_INITIALIZED_DA TA, IMAGE_SCN_MEM_READ Resources Name RVA Size Type Language Country RT_BITMAP 0x2e358 0x666 data English United States RT_ICON 0x2e9c0 0xea8 data English United States RT_ICON 0x2f868 0x8a8 dBase IV DBT of @.DBF, block length 1024, next free English United States block index 40, next free block 16174275, next used block 16569290 RT_ICON 0x30110 0x568 GLS_BINARY_LSB_FIRST English United States RT_ICON 0x30678 0x25a8 data English United States RT_ICON 0x32c20 0x10a8 data English United States RT_ICON 0x33cc8 0x468 GLS_BINARY_LSB_FIRST English United States RT_DIALOG 0x34130 0x120 data English United States RT_DIALOG 0x34250 0x158 data English United States RT_DIALOG 0x343a8 0x202 data English United States RT_DIALOG 0x345b0 0xf8 data English United States Copyright Joe Security LLC 2019 Page 20 of 49 Name RVA Size Type Language Country RT_DIALOG 0x346a8 0xa0 data English United States RT_DIALOG 0x34748 0xee data English United States RT_GROUP_ICON 0x34838 0x5a data English United States RT_MANIFEST 0x34898 0x215 XML 1.0 document, ASCII text, with very long lines, English United States with no line terminators Imports DLL Import KERNEL32.dll CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, lstrcatA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, CreateFileA, GetFileSize, GetModuleFileNameA, GetTickCount, GetCurrentProcess, CopyFileA, ExitProcess, lstrcpynA, SetFileTime, GetWindowsDirectoryA, GetTempPathA, GetUserDefaultLangID, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, GlobalAlloc, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, lstrcpyA, lstrlenA, GetSystemDirectoryA, CloseHandle, lstrcmpiA, GetEnvironmentVariableA, ExpandEnvironmentStringsA, GlobalFree, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, GetModuleHandleA, LoadLibraryA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, MulDiv, GetPrivateProfileStringA, WriteFile, ReadFile, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetCommandLineA USER32.dll SystemParametersInfoA, RegisterClassA, EndDialog, ScreenToClient, GetWindowRect, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, LoadCursorA, SetCursor, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, CreateWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, IsWindow, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, CreateDialogParamA, EmptyClipboard, DestroyWindow, SetWindowLongA, LoadImageA, GetDC, EnableWindow, PeekMessageA, DispatchMessageA, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, GetDlgItem GDI32.dll SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject SHELL32.dll SHGetMalloc, SHGetPathFromIDListA, SHBrowseForFolderA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation ADVAPI32.dll RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA COMCTL32.dll ImageList_AddMasked, ImageList_Destroy, ImageList_Create ole32.dll OleInitialize, OleUninitialize, CoCreateInstance VERSION.dll GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA Possible Origin Language of compilation system Country where language is spoken Map English United States Network Behavior No network behavior found Code Manipulations Statistics System Behavior Copyright Joe Security LLC 2019 Page 21 of 49 Analysis Process: burrrn_package.exe PID: 2872 Parent PID: 4212 General Start time: 03:12:00 Start date: 18/11/2019 Path: C:\Users\user\Desktop\burrrn_package.exe Wow64 process (32bit): true Commandline: 'C:\Users\user\Desktop\burrrn_package.exe' Imagebase: 0x400000 File size: 2125249 bytes MD5 hash: 5AF351F824B70C73A95263C5697C1D06 Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low File Activities File Created Source File Path Access Attributes Options Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\ read data or list normal directory file | object name collision 1 403323 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\nsnE175.tmp read attributes | normal synchronous io success or wait 1 405855 GetTempFileNameA synchronize | non alert | non generic read directory file C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp read attributes | normal synchronous io success or wait 1 405855 GetTempFileNameA synchronize | non alert | non generic read directory file C:\Users\user\AppData\Local\Temp\nslE25.tmp read attributes | normal synchronous io success or wait 1 405855 GetTempFileNameA synchronize | non alert | non generic read directory file C:\Users read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\nslE25.tmp read data or list normal directory file | success or wait 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\nslE25.tmp\StartMenu.dll read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file Copyright Joe Security LLC 2019 Page 22 of 49 Source File Path Access Attributes Options Completion Count Address Symbol C:\Program Files (x86) read data or list normal directory file | object name collision 2 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Program Files (x86)\Burrrn read data or list normal directory file | success or wait 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Program Files (x86)\Burrrn read data or list normal directory file | object name collision 2 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Program Files (x86)\Burrrn\Language read data or list normal directory file | success or wait 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Program Files (x86)\Burrrn\Language\_changes.txt read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Bulgarian.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Catalan.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Croatian.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Dutch.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\English.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\French.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\German.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Greek.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Hungarian.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Chinese (Simplified).lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Chinese (Traditional).lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Chinese Simple.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Italiano.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Japanese.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Norwegian.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Polish.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Romanian.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file Copyright Joe Security LLC 2019 Page 23 of 49 Source File Path Access Attributes Options Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\Russian.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Slovak.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Slovenian.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Spanish.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Swedish.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Language\Turkish.lng read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Burrrn.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\cdrdao.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\cygwin1.dll read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\DontReadMe.txt read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\faad.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\flac.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\lame.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\MAC.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\mppdec.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\ofr.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\oggdec.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Readme.txt read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\shorten.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\ttaenc.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\WaveGain.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\wvunpack.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Program Files (x86)\Burrrn\Uninstall.exe read attributes | none synchronous io success or wait 1 40581F CreateFileA synchronize | non alert | non generic write directory file C:\Users read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point Copyright Joe Security LLC 2019 Page 24 of 49 Source File Path Access Attributes Options Completion Count Address Symbol C:\Users\user read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\Microsoft read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\Microsoft\Windows read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs read data or list normal directory file | object name collision 1 40160C CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\P read data or list normal directory file | success or wait 1 40160C CreateDirectoryA rograms\Burrrn directory | synchronous io synchronize non alert | open for backup ident | open reparse point File Deleted Source File Path Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\nsnE175.tmp success or wait 1 4033B9 DeleteFileA C:\Users\user\AppData\Local\Temp\nslE25.tmp success or wait 1 4054B6 DeleteFileA File Written Source File Path Offset Length Value Ascii Completion Count Address Symbol Copyright Joe Security LLC 2019 Page 25 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 32768 d1 2c 00 00 80 00 00 .,...... `...... T success or wait 2 40321E WriteFile 00 20 01 00 00 05 00 ...... _+...... ,...... 00 00 60 02 00 00 02 ...... 00 00 00 90 0a 00 00 ...... B...... c7 00 00 00 54 20 00 ....d...T...... 00 00 00 00 00 5f 2b ...... 00 00 01 00 00 00 a1 ...... 2c 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 00 00 01 00 00 80 0c 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 42 01 00 00 fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 64 00 00 00 54 00 00 00 ff ff ff ff a5 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C:\Users\user\AppData\Local\Temp\nslE25.tmp\StartMenu.dll unknown 6656 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 1 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... U..FU..FU..FU..F.. 00 00 00 00 00 00 00 .F...F\..F...FT..F...FT..F...F 00 00 00 00 00 00 00 T..FRichU..F...... PE 00 00 00 d0 00 00 00 ..L...{7.B...... !...... 0e 1f ba 0e 00 b4 09 ...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 11 b1 ba 15 55 d0 d4 46 55 d0 d4 46 55 d0 d4 46 55 d0 d5 46 7f d0 d4 46 d6 d8 89 46 5c d0 d4 46 01 f3 e4 46 54 d0 d4 46 92 d6 d2 46 54 d0 d4 46 aa f0 d0 46 54 d0 d4 46 52 69 63 68 55 d0 d4 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7b 37 b7 42 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 06 00 00 0a 00 00 00 20 00 00 00 00 00 00 d2 18 00 00 00 10 00 Copyright Joe Security LLC 2019 Page 26 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\_changes.txt unknown 340 0d 0a 42 75 72 72 72 ..Burrrn 1.12:..110-113 - success or wait 1 403050 WriteFile 6e 20 31 2e 31 32 3a added new 0d 0a 31 31 30 2d 31 strings..______..B 31 33 20 2d 20 61 64 urrrn 1.10:..077 - 64 65 64 20 6e 65 77 changed..109 - added new 20 73 74 72 69 6e 67 string..______73 0d 0a 5f 5f 5f 5f 5f ____..Burrrn 1.09:..106- 5f 5f 5f 5f 5f 5f 5f 0d 0a 108 - added new 42 75 72 72 72 6e 20 strings..______31 2e 31 30 3a 0d 0a _..Burrrn 1.08:..103-105 - 30 37 37 20 2d 20 63 added new 68 61 6e 67 65 64 0d strings..______.. 0a 31 30 39 20 2d 20 Burrrn 1.07:..0 61 64 64 65 64 20 6e 65 77 20 73 74 72 69 6e 67 0d 0a 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 0d 0a 42 75 72 72 72 6e 20 31 2e 30 39 3a 0d 0a 31 30 36 2d 31 30 38 20 2d 20 61 64 64 65 64 20 6e 65 77 20 73 74 72 69 6e 67 73 0d 0a 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 0d 0a 42 75 72 72 72 6e 20 31 2e 30 38 3a 0d 0a 31 30 33 2d 31 30 35 20 2d 20 61 64 64 65 64 20 6e 65 77 20 73 74 72 69 6e 67 73 0d 0a 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 0d 0a 42 75 72 72 72 6e 20 31 2e 30 37 3a 0d 0a 30 C:\Program Files (x86)\Burrrn\Language\Bulgarian.lng unknown 3898 2f 2f 20 54 72 61 6e 73 // Translation made with success or wait 1 403050 WriteFile 6c 61 74 69 6f 6e 20 Translator 1.32 6d 61 64 65 20 77 69 (http://www2.arnes. 74 68 20 54 72 61 6e si/~sopjsimo/translator.htm 73 6c 61 74 6f 72 20 l)..// 31 2e 33 32 20 28 68 $Translator:NL=%n:TB=%t 74 74 70 3a 2f 2f 77 77 ..//.. 77 32 2e 61 72 6e 65 [LANGUAGE]..000:Bulgari 73 2e 73 69 2f 7e 73 6f an / Burrrn 1.1.0.. 70 6a 73 69 6d 6f 2f 74 [MAIN]..001:... 72 61 6e 73 6c 61 74 ....002:...... 003:...... 004: 6f 72 2e 68 74 6d 6c Burrrn..005:...... 006:..... 29 0d 0a 2f 2f 20 24 54 ...... 007:..... 72 61 6e 73 6c 61 74 6f 72 3a 4e 4c 3d 25 6e 3a 54 42 3d 25 74 0d 0a 2f 2f 0d 0a 5b 4c 41 4e 47 55 41 47 45 5d 0d 0a 30 30 30 3a 42 75 6c 67 61 72 69 61 6e 20 2f 20 42 75 72 72 72 6e 20 31 2e 31 2e 30 0d 0a 5b 4d 41 49 4e 5d 0d 0a 30 30 31 3a c7 e0 ef e8 f1 0d 0a 30 30 32 3a cf e5 e2 e5 f6 0d 0a 30 30 33 3a c0 eb e1 f3 ec 0d 0a 30 30 34 3a 42 75 72 72 72 6e 0d 0a 30 30 35 3a d1 ea ee f0 ee f1 f2 0d 0a 30 30 36 3a c8 e7 e2 e0 e6 e4 e0 ed e5 0d 0a 30 30 37 3a c2 f0 e5 ec e5 Copyright Joe Security LLC 2019 Page 27 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\Catalan.lng unknown 1777 30 30 30 3a 43 61 74 000:Catal. / Burrrn 1.0.5.. success or wait 1 403050 WriteFile 61 6c e0 20 2f 20 42 [MA 75 72 72 72 6e 20 31 IN]..001:Burrrn..002:Artista 2e 30 2e 35 0d 0a 5b .. 4d 41 49 4e 5d 0d 0a 003:T.tol..004:Burrrn..005: 30 30 31 3a 42 75 72 Vel. escr 72 72 6e 0d 0a 30 30 iptura..006:Expulsa..007:D 32 3a 41 72 74 69 73 uraci.:..008:Buida..009:Afe 74 61 0d 0a 30 30 33 geix..010:Suprimeix..011:I 3a 54 ed 74 6f 6c 0d nfo del disc..012:Esborra 0a 30 30 34 3a 42 75 CD-RW..013:Desbloca 72 72 72 6e 0d 0a 30 unitat..014:Par.metres..01 30 35 3a 56 65 6c 2e 5:Visibl 20 65 73 63 72 69 70 74 75 72 61 0d 0a 30 30 36 3a 45 78 70 75 6c 73 61 0d 0a 30 30 37 3a 44 75 72 61 63 69 f3 3a 0d 0a 30 30 38 3a 42 75 69 64 61 0d 0a 30 30 39 3a 41 66 65 67 65 69 78 0d 0a 30 31 30 3a 53 75 70 72 69 6d 65 69 78 0d 0a 30 31 31 3a 49 6e 66 6f 20 64 65 6c 20 64 69 73 63 0d 0a 30 31 32 3a 45 73 62 6f 72 72 61 20 43 44 2d 52 57 0d 0a 30 31 33 3a 44 65 73 62 6c 6f 63 61 20 75 6e 69 74 61 74 0d 0a 30 31 34 3a 50 61 72 e0 6d 65 74 72 65 73 0d 0a 30 31 35 3a 56 69 73 69 62 6c C:\Program Files (x86)\Burrrn\Language\Croatian.lng unknown 3620 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Hrvatsk success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 i....[M 30 3a 48 72 76 61 74 AIN]..001:Burrrn..002:Izvo. 73 6b 69 0d 0a 0d 0a a.. 5b 4d 41 49 4e 5d 0d .003:Album..004:Pr.iii..005: 0a 30 30 31 3a 42 75 Brzina 72 72 72 6e 0d 0a 30 snimanja..006:Izbaci CD.. 30 32 3a 49 7a 76 6f f0 007:Trajanje:..008:Bri.i 61 e8 0d 0a 30 30 33 sve.. 3a 41 6c 62 75 6d 0d 009:Dodaj..010:Makni..011 0a 30 30 34 3a 50 72 :CD info..012:Obri.i CD- 9e 69 69 69 0d 0a 30 RW..013:Otklju.aj 30 35 3a 42 72 7a 69 CD..014:Postavke..015:I 6e 61 20 73 6e 69 6d znad svih..016: 61 6e 6a 61 0d 0a 30 30 36 3a 49 7a 62 61 63 69 20 43 44 0d 0a 30 30 37 3a 54 72 61 6a 61 6e 6a 65 3a 0d 0a 30 30 38 3a 42 72 69 9a 69 20 73 76 65 0d 0a 30 30 39 3a 44 6f 64 61 6a 0d 0a 30 31 30 3a 4d 61 6b 6e 69 0d 0a 30 31 31 3a 43 44 20 69 6e 66 6f 0d 0a 30 31 32 3a 4f 62 72 69 9a 69 20 43 44 2d 52 57 0d 0a 30 31 33 3a 4f 74 6b 6c 6a 75 e8 61 6a 20 43 44 0d 0a 30 31 34 3a 50 6f 73 74 61 76 6b 65 0d 0a 30 31 35 3a 49 7a 6e 61 64 20 73 76 69 68 0d 0a 30 31 36 3a Copyright Joe Security LLC 2019 Page 28 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\Dutch.lng unknown 1633 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Nederl success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 ands / Burrrn 1.0.5.. 30 3a 4e 65 64 65 72 [MAIN]..001:Burrr 6c 61 6e 64 73 20 2f n..002:Artiest..003:Titel..00 20 42 75 72 72 72 6e 4:Brrrand..005:Schrijf 20 31 2e 30 2e 35 0d snelheid 0a 5b 4d 41 49 4e 5d ..006:Uitwerpen..007:CD 0d 0a 30 30 31 3a 42 Lengte 75 72 72 72 6e 0d 0a :..008:Legen..009:Toevoeg 30 30 32 3a 41 72 74 en..0 69 65 73 74 0d 0a 30 10:Verwijderen..011:Disc 30 33 3a 54 69 74 65 Info..012:Wis CD- 6c 0d 0a 30 30 34 3a RW..013:Unlock Dri 42 72 72 72 61 6e 64 ve..014:Instell 0d 0a 30 30 35 3a 53 63 68 72 69 6a 66 20 73 6e 65 6c 68 65 69 64 0d 0a 30 30 36 3a 55 69 74 77 65 72 70 65 6e 0d 0a 30 30 37 3a 43 44 20 4c 65 6e 67 74 65 3a 0d 0a 30 30 38 3a 4c 65 67 65 6e 0d 0a 30 30 39 3a 54 6f 65 76 6f 65 67 65 6e 0d 0a 30 31 30 3a 56 65 72 77 69 6a 64 65 72 65 6e 0d 0a 30 31 31 3a 44 69 73 63 20 49 6e 66 6f 0d 0a 30 31 32 3a 57 69 73 20 43 44 2d 52 57 0d 0a 30 31 33 3a 55 6e 6c 6f 63 6b 20 44 72 69 76 65 0d 0a 30 31 34 3a 49 6e 73 74 65 6c 6c C:\Program Files (x86)\Burrrn\Language\English.lng unknown 3406 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:English success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 ....[MA 30 3a 45 6e 67 6c 69 IN]..001:Burrrn..002:Artist.. 73 68 0d 0a 0d 0a 5b 0 4d 41 49 4e 5d 0d 0a 03:Title..004:Burrrn..005:W 30 30 31 3a 42 75 72 riting 72 72 6e 0d 0a 30 30 Speed..006:Eject..007:CD 32 3a 41 72 74 69 73 L 74 0d 0a 30 30 33 3a ength:..008:Clear..009:Add 54 69 74 6c 65 0d 0a ..010:Remove..011:Disc 30 30 34 3a 42 75 72 Info..012:Erase CD- 72 72 6e 0d 0a 30 30 RW..013:Unlock Drive.. 35 3a 57 72 69 74 69 014:Settings..015:On 6e 67 20 53 70 65 65 Top..016:About..017:Quit 64 0d 0a 30 30 36 3a 45 6a 65 63 74 0d 0a 30 30 37 3a 43 44 20 4c 65 6e 67 74 68 3a 0d 0a 30 30 38 3a 43 6c 65 61 72 0d 0a 30 30 39 3a 41 64 64 0d 0a 30 31 30 3a 52 65 6d 6f 76 65 0d 0a 30 31 31 3a 44 69 73 63 20 49 6e 66 6f 0d 0a 30 31 32 3a 45 72 61 73 65 20 43 44 2d 52 57 0d 0a 30 31 33 3a 55 6e 6c 6f 63 6b 20 44 72 69 76 65 0d 0a 30 31 34 3a 53 65 74 74 69 6e 67 73 0d 0a 30 31 35 3a 4f 6e 20 54 6f 70 0d 0a 30 31 36 3a 41 62 6f 75 74 0d 0a 30 31 37 3a 51 75 69 74 Copyright Joe Security LLC 2019 Page 29 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\French.lng unknown 3707 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Fran.ai success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 s / Burrrn 1.12.. 30 3a 46 72 61 6e e7 [MAIN]..001:Burrrn.. 61 69 73 20 2f 20 42 002:Artiste..003:Titre..004: 75 72 72 72 6e 20 31 Burrrn..005:Vitesse 2e 31 32 0d 0a 5b 4d Gravure..006 41 49 4e 5d 0d 0a 30 :Ejecter..007:Dur.e CD 30 31 3a 42 75 72 72 :..008: 72 6e 0d 0a 30 30 32 Effacer..009:Ajouter..010:E 3a 41 72 74 69 73 74 nlever..011:Infos 65 0d 0a 30 30 33 3a CD..012:Effacer CD- 54 69 74 72 65 0d 0a RW..013:D.bloquer..014:Pr 30 30 34 3a 42 75 72 opri.t.s..015:A 72 72 6e 0d 0a 30 30 35 3a 56 69 74 65 73 73 65 20 47 72 61 76 75 72 65 0d 0a 30 30 36 3a 45 6a 65 63 74 65 72 0d 0a 30 30 37 3a 44 75 72 e9 65 20 43 44 20 3a 0d 0a 30 30 38 3a 45 66 66 61 63 65 72 0d 0a 30 30 39 3a 41 6a 6f 75 74 65 72 0d 0a 30 31 30 3a 45 6e 6c 65 76 65 72 0d 0a 30 31 31 3a 49 6e 66 6f 73 20 43 44 0d 0a 30 31 32 3a 45 66 66 61 63 65 72 20 43 44 2d 52 57 0d 0a 30 31 33 3a 44 e9 62 6c 6f 71 75 65 72 0d 0a 30 31 34 3a 50 72 6f 70 72 69 e9 74 e9 73 0d 0a 30 31 35 3a 41 20 C:\Program Files (x86)\Burrrn\Language\German.lng unknown 1773 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Deutsc success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 h / Burrrn 1.0.5.. 30 3a 44 65 75 74 73 [MAIN]..001:Burrrn.. 63 68 20 2f 20 42 75 002:Interpret..003:Titel..00 72 72 72 6e 20 31 2e 4: 30 2e 35 0d 0a 5b 4d Brennen..005:Schreibgesc 41 49 4e 5d 0d 0a 30 hw...0 30 31 3a 42 75 72 72 06:Auswerfen..007:CD 72 6e 0d 0a 30 30 32 L.nge:..0 3a 49 6e 74 65 72 70 08:L.schen..009:Hinzuf.ge 72 65 74 0d 0a 30 30 n..010:Entfernen..011:Disc 33 3a 54 69 74 65 6c Info..012:CD-RW 0d 0a 30 30 34 3a 42 l.schen..013:Entsperre 72 65 6e 6e 65 6e 0d n..014:Einstell 0a 30 30 35 3a 53 63 68 72 65 69 62 67 65 73 63 68 77 2e 0d 0a 30 30 36 3a 41 75 73 77 65 72 66 65 6e 0d 0a 30 30 37 3a 43 44 20 4c e4 6e 67 65 3a 0d 0a 30 30 38 3a 4c f6 73 63 68 65 6e 0d 0a 30 30 39 3a 48 69 6e 7a 75 66 fc 67 65 6e 0d 0a 30 31 30 3a 45 6e 74 66 65 72 6e 65 6e 0d 0a 30 31 31 3a 44 69 73 63 20 49 6e 66 6f 0d 0a 30 31 32 3a 43 44 2d 52 57 20 6c f6 73 63 68 65 6e 0d 0a 30 31 33 3a 45 6e 74 73 70 65 72 72 65 6e 0d 0a 30 31 34 3a 45 69 6e 73 74 65 6c 6c Copyright Joe Security LLC 2019 Page 30 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\Greek.lng unknown 1979 4c 41 4e 47 55 41 47 LANGUAGE]..000:...... / success or wait 1 403050 WriteFile 45 5d 0d 0a 30 30 30 Burrrn 1.0.5.. 3a c5 eb eb e7 ed e9 [MAIN]..001:Burrrn.. ea dc 20 2f 20 42 75 002:...... 003:...... 0 72 72 72 6e 20 31 2e 04:...... !..005:...... 30 2e 35 0d 0a 5b 4d ...... 006:...... CD..007:...... 41 49 4e 5d 0d 0a 30 CD:..008:...... 009:. 30 31 3a 42 75 72 72 ...... 010:...... 011:... 72 6e 0d 0a 30 30 32 ...... 012:...... CD- 3a ca e1 eb eb e9 f4 RW..013:.... dd f7 ed e7 f2 0d 0a 30 30 33 3a d4 df f4 eb ef f2 0d 0a 30 30 34 3a c5 e3 e3 f1 e1 f6 de 21 0d 0a 30 30 35 3a d4 e1 f7 fd f4 e7 f4 e1 20 c5 e3 e3 f1 e1 f6 de f2 0d 0a 30 30 36 3a b8 ee ef e4 ef f2 20 43 44 0d 0a 30 30 37 3a c4 e9 dc f1 ea e5 e9 e1 20 43 44 3a 0d 0a 30 30 38 3a ca e1 e8 e1 f1 e9 f3 ec fc f2 0d 0a 30 30 39 3a d0 f1 fc f3 e8 e5 f3 e7 0d 0a 30 31 30 3a c1 f6 e1 df f1 e5 f3 e7 0d 0a 30 31 31 3a d0 eb e7 f1 ef f6 ef f1 df e5 f2 20 c4 df f3 ea ef f5 0d 0a 30 31 32 3a c4 e9 e1 e3 f1 e1 f6 de 20 43 44 2d 52 57 0d 0a 30 31 33 3a ce e5 ea eb C:\Program Files (x86)\Burrrn\Language\Hungarian.lng unknown 3370 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Hungar success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 ian..[MA 30 3a 48 75 6e 67 61 IN]..001:Burrrn..002:&El.ad 72 69 61 6e 0d 0a 5b ... 4d 41 49 4e 5d 0d 0a 003:&C.m..004:&Burrrn..0 30 30 31 3a 42 75 72 05:.r.si 72 72 6e 0d 0a 30 30 &sebess.g..006:Kidob.s..0 32 3a 26 45 6c f5 61 07:CD 64 f3 0d 0a 30 30 33 hossza:..008:&T.rl.s..009: 3a 26 43 ed 6d 0d 0a &Hozz.ad.s..010:&Elt.vol.t. 30 30 34 3a 26 42 75 s..011:Lemez 72 72 72 6e 0d 0a 30 &adatai..012:CD-R&W 30 35 3a cd 72 e1 73 t.rl.se..013:&Felszabad.t.s. 69 20 26 73 65 62 65 .014:Be.&ll.t.sok 73 73 e9 67 0d 0a 30 30 36 3a 4b 69 64 6f 62 e1 73 0d 0a 30 30 37 3a 43 44 20 68 6f 73 73 7a 61 3a 0d 0a 30 30 38 3a 26 54 f6 72 6c e9 73 0d 0a 30 30 39 3a 26 48 6f 7a 7a e1 61 64 e1 73 0d 0a 30 31 30 3a 26 45 6c 74 e1 76 6f 6c ed 74 e1 73 0d 0a 30 31 31 3a 4c 65 6d 65 7a 20 26 61 64 61 74 61 69 0d 0a 30 31 32 3a 43 44 2d 52 26 57 20 74 f6 72 6c e9 73 65 0d 0a 30 31 33 3a 26 46 65 6c 73 7a 61 62 61 64 ed 74 e1 73 0d 0a 30 31 34 3a 42 65 e1 26 6c 6c ed 74 e1 73 6f 6b Copyright Joe Security LLC 2019 Page 31 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 32768 c8 a1 d5 e2 ce c4 bc fe ...... : ..039:...... success or wait 129 40321E WriteFile ca b1 3a 20 0d 0a 30 ..!..040:...... #..041:. 33 39 3a bf cc c2 bc c9 ...... #..042: .. ..043: e8 b1 b8 ce b4 be cd ...... 044:...... 045:...... d0 f7 21 0d 0a 30 34 ..!..053:...... 066:...... :.. 30 3a b4 a6 c0 ed ce 067:...... :..068:...... :.. c4 bc fe cd ea b3 c9 [SETTINGS]..046:...... 047:. 20 23 0d 0a 30 34 31 .....048:...... 049:...... 050:.. 3a d5 fd d4 da bd e2 ...... 051:..... c2 eb ce c4 bc fe 20 23 0d 0a 30 34 32 3a 20 b5 c4 20 0d 0a 30 34 33 3a 20 d2 f4 b9 ec 0d 0a 30 34 34 3a bf cc c2 bc b9 e2 b5 fa 0d 0a 30 34 35 3a bf cc c2 bc cd ea b3 c9 21 0d 0a 30 35 33 3a bd f8 b6 c8 0d 0a 30 36 36 3a b9 c0 bc c6 ca b1 bc e4 3a 0d 0a 30 36 37 3a d2 d1 d3 c3 ca b1 bc e4 3a 0d 0a 30 36 38 3a ca a3 d3 e0 ca b1 bc e4 3a 0d 0a 5b 53 45 54 54 49 4e 47 53 5d 0d 0a 30 34 36 3a c9 e8 d6 c3 0d 0a 30 34 37 3a c8 b7 b6 a8 0d 0a 30 34 38 3a c8 a1 cf fb 0d 0a 30 34 39 3a c4 ac c8 cf d6 b5 0d 0a 30 35 30 3a bf cc c2 bc bb fa 0d 0a 30 35 31 3a c1 d9 ca b1 ce C:\Program Files (x86)\Burrrn\Language\Chinese (Simplified).lng unknown 2764 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Chines success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 e (Simplified).. 30 3a 43 68 69 6e 65 [MAIN]..001:Burrrn..00 73 65 20 28 53 69 6d 2:...... 003:...... 004:Burrrn 70 6c 69 66 69 65 64 ..005:...... 006:...... 29 0d 0a 5b 4d 41 49 007:...... :..008:...... 009:. 4e 5d 0d 0a 30 30 31 .....010:...... 011:...... 0 3a 42 75 72 72 72 6e 12:...... 013:...... 0 0d 0a 30 30 32 3a d2 14:...... 015:...... 016: d5 ca f5 bc d2 0d 0a ...... 017:..... 30 30 33 3a d7 a8 bc ad 0d 0a 30 30 34 3a 42 75 72 72 72 6e 0d 0a 30 30 35 3a d0 b4 c8 eb cb d9 b6 c8 0d 0a 30 30 36 3a b5 af b3 f6 b9 e2 b5 fa 0d 0a 30 30 37 3a ca b1 bc e4 d7 dc bc c6 3a 0d 0a 30 30 38 3a d2 c6 b3 fd 0d 0a 30 30 39 3a cc ed bc d3 0d 0a 30 31 30 3a c9 be b3 fd 0d 0a 30 31 31 3a b5 fa c6 ac d7 ca d0 c5 0d 0a 30 31 32 3a c4 a8 b3 fd b9 e2 b5 fa 0d 0a 30 31 33 3a b2 bb cb f8 b6 a8 b9 e2 c7 fd 0d 0a 30 31 34 3a c9 e8 d6 c3 2e 2e 2e 0d 0a 30 31 35 3a b4 b0 bf da d6 c3 b6 a5 0d 0a 30 31 36 3a b9 d8 d3 da 0d 0a 30 31 37 3a cd cb b3 f6 0d Copyright Joe Security LLC 2019 Page 32 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\Chinese (Traditional) unknown 2749 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Chines success or wait 1 403050 WriteFile .lng 47 45 5d 0d 0a 30 30 e (Traditional).. 30 3a 43 68 69 6e 65 [MAIN]..001:Burrrn..0 73 65 20 28 54 72 61 02:...t....003:.M....004:Burrr 64 69 74 69 6f 6e 61 n..005:.g.J.t....006:.u.X..... 6c 29 0d 0a 5b 4d 41 .007:.....`.p:..008:...... 009: 49 4e 5d 0d 0a 30 30 .K.[..010:.R....011:...... T.. 31 3a 42 75 72 72 72 012:...... 013:.....w...... 6e 0d 0a 30 30 32 3a 014:.].m.....015:...f.m....016 aa ed ba 74 aa cc 0d :...... 017:.h.X 0a 30 30 33 3a b1 4d bf e8 0d 0a 30 30 34 3a 42 75 72 72 72 6e 0d 0a 30 30 35 3a bc 67 a4 4a b3 74 ab d7 0d 0a 30 30 36 3a bc 75 a5 58 a5 fa ba d0 0d 0a 30 30 37 3a ae c9 b6 a1 c1 60 ad 70 3a 0d 0a 30 30 38 3a b2 be b0 a3 0d 0a 30 30 39 3a b2 4b a5 5b 0d 0a 30 31 30 3a a7 52 b0 a3 0d 0a 30 31 31 3a a5 fa ba d0 b8 ea b0 54 0d 0a 30 31 32 3a a9 d9 b0 a3 a5 fa ba d0 0d 0a 30 31 33 3a a4 a3 c2 ea a9 77 ba d0 be f7 0d 0a 30 31 34 3a b3 5d b8 6d 2e 2e 2e 0d 0a 30 31 35 3a b5 a1 a4 66 b8 6d b3 bb 0d 0a 30 31 36 3a c3 f6 a9 f3 0d 0a 30 31 37 3a b0 68 a5 58 C:\Program Files (x86)\Burrrn\Language\Chinese Simple.lng unknown 2498 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Simple success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 Chinese.. 30 3a 53 69 6d 70 6c [MAIN]..001:Burrrn..002:.... 65 20 43 68 69 6e 65 ....003:...... 004:Burrrn..005: 73 65 0d 0a 5b 4d 41 ...... 006:...... 007:CD ... 49 4e 5d 0d 0a 30 30 .:..008:...... 009:...... 010:.. 31 3a 42 75 72 72 72 ....011:...... 012:.... CD- 6e 0d 0a 30 30 32 3a RW..013:...... 014:...... 01 d2 d5 ca f5 bc d2 0d 5:...... 016:...... 017:.... 0a 30 30 33 3a b1 ea ..018:...... 019 cc e2 0d 0a 30 30 34 3a 42 75 72 72 72 6e 0d 0a 30 30 35 3a d0 b4 c8 eb cb d9 b6 c8 0d 0a 30 30 36 3a b5 af b3 f6 0d 0a 30 30 37 3a 43 44 20 b3 a4 b6 c8 3a 0d 0a 30 30 38 3a c7 e5 b3 fd 0d 0a 30 30 39 3a d4 f6 bc d3 0d 0a 30 31 30 3a c9 be b3 fd 0d 0a 30 31 31 3a b5 fa c6 ac d0 c5 cf a2 0d 0a 30 31 32 3a b2 c1 b3 fd 20 43 44 2d 52 57 0d 0a 30 31 33 3a ca cd b7 c5 b9 e2 c7 fd 0d 0a 30 31 34 3a c9 e8 b6 a8 0d 0a 30 31 35 3a d7 dc d4 da d7 ee c7 b0 0d 0a 30 31 36 3a b9 d8 d3 da 0d 0a 30 31 37 3a cd cb b3 f6 0d 0a 30 31 38 3a d2 f4 b9 e6 0d 0a 30 31 39 Copyright Joe Security LLC 2019 Page 33 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\Italiano.lng unknown 1830 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Italiano success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 / Burrrn 1.0.5.. 30 3a 49 74 61 6c 69 [MAIN]..001:Burrrn. 61 6e 6f 20 2f 20 42 75 .002:Artista..003:Titolo..00 72 72 72 6e 20 31 2e 4:Brrrucia..005:Velocita' di 30 2e 35 0d 0a 5b 4d scr 41 49 4e 5d 0d 0a 30 ittura..006:Espelli..007:Dur 30 31 3a 42 75 72 72 ata 72 6e 0d 0a 30 30 32 CD:..008:Pulisci..009:Aggi 3a 41 72 74 69 73 74 un 61 0d 0a 30 30 33 3a gi..010:Rimuovi..011:Infor 54 69 74 6f 6c 6f 0d 0a mazioni sul 30 30 34 3a 42 72 72 disco..012:Cancella CD- 72 75 63 69 61 0d 0a RW..013:Sblocc 30 30 35 3a 56 65 6c 6f 63 69 74 61 27 20 64 69 20 73 63 72 69 74 74 75 72 61 0d 0a 30 30 36 3a 45 73 70 65 6c 6c 69 0d 0a 30 30 37 3a 44 75 72 61 74 61 20 43 44 3a 0d 0a 30 30 38 3a 50 75 6c 69 73 63 69 0d 0a 30 30 39 3a 41 67 67 69 75 6e 67 69 0d 0a 30 31 30 3a 52 69 6d 75 6f 76 69 0d 0a 30 31 31 3a 49 6e 66 6f 72 6d 61 7a 69 6f 6e 69 20 73 75 6c 20 64 69 73 63 6f 0d 0a 30 31 32 3a 43 61 6e 63 65 6c 6c 61 20 43 44 2d 52 57 0d 0a 30 31 33 3a 53 62 6c 6f 63 63 C:\Program Files (x86)\Burrrn\Language\Japanese.lng unknown 3526 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:...{.... success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 [MAIN] 30 3a 93 fa 96 7b 8c ..001:Burrrn..002:...... 003: ea 0d 0a 5b 4d 41 49 ...... 004:Burrrn..005:...... 4e 5d 0d 0a 30 30 31 ...x..006:.....o....007:...... 3a 42 75 72 72 72 6e ..:..008:...... 009:...... 010:. 0d 0a 30 30 32 3a 8d .....011:.h...C.u...... 012:CD- ec 8b c8 8e d2 0d 0a RW...... 013:...b.N...... 014:.. 30 30 33 3a 91 e8 96 ....015:...... \....016:.o.[ bc 0d 0a 30 30 34 3a .W...... 017 42 75 72 72 72 6e 0d 0a 30 30 35 3a 8f 91 82 ab 8d 9e 82 dd 91 ac 93 78 0d 0a 30 30 36 3a 8e e6 82 e8 8f 6f 82 b5 0d 0a 30 30 37 3a 8d c4 90 b6 8e 9e 8a d4 3a 0d 0a 30 30 38 3a 8f c1 8b 8e 0d 0a 30 30 39 3a 92 c7 89 c1 0d 0a 30 31 30 3a 8d ed 8f 9c 0d 0a 30 31 31 3a 83 68 83 89 83 43 83 75 8f ee 95 f1 0d 0a 30 31 32 3a 43 44 2d 52 57 8f c1 8b 8e 0d 0a 30 31 33 3a 83 8d 83 62 83 4e 89 f0 8f 9c 0d 0a 30 31 34 3a 90 dd 92 e8 0d 0a 30 31 35 3a 88 ea 94 d4 8f e3 82 c9 95 5c 8e a6 0d 0a 30 31 36 3a 83 6f 81 5b 83 57 83 87 83 93 8f ee 95 f1 0d 0a 30 31 37 Copyright Joe Security LLC 2019 Page 34 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\Norwegian.lng unknown 3616 2f 2f 20 4e 6f 72 73 6b // Norsk oversettelse for success or wait 1 403050 WriteFile 20 6f 76 65 72 73 65 Burrrn 1.13 av Eivind Eide. 74 74 65 6c 73 65 20 ....[L 66 6f 72 20 42 75 72 ANGUAGE]..000:Norsk.... 72 72 6e 20 31 2e 31 [MAIN]. 33 20 61 76 20 45 69 .001:Burrrn..002:Artist..003 76 69 6e 64 20 45 69 :T 64 65 2e 20 0d 0a 0d ittel..004:Burrrn..005:Skriv 0a 5b 4c 41 4e 47 55 ehastighet..006:L.s 41 47 45 5d 0d 0a 30 ut..007:CD l 30 30 3a 4e 6f 72 73 engde:..008:T.m..009:Legg 6b 0d 0a 0d 0a 5b 4d til..010:Fjern..011:Disk 41 49 4e 5d 0d 0a 30 info..012:Visk ut CD-RW. 30 31 3a 42 75 72 72 72 6e 0d 0a 30 30 32 3a 41 72 74 69 73 74 0d 0a 30 30 33 3a 54 69 74 74 65 6c 0d 0a 30 30 34 3a 42 75 72 72 72 6e 0d 0a 30 30 35 3a 53 6b 72 69 76 65 68 61 73 74 69 67 68 65 74 0d 0a 30 30 36 3a 4c f8 73 20 75 74 0d 0a 30 30 37 3a 43 44 20 6c 65 6e 67 64 65 3a 0d 0a 30 30 38 3a 54 f8 6d 0d 0a 30 30 39 3a 4c 65 67 67 20 74 69 6c 0d 0a 30 31 30 3a 46 6a 65 72 6e 0d 0a 30 31 31 3a 44 69 73 6b 20 69 6e 66 6f 0d 0a 30 31 32 3a 56 69 73 6b 20 75 74 20 43 44 2d 52 57 0d C:\Program Files (x86)\Burrrn\Language\Polish.lng unknown 3646 5b 4c 41 4e 47 55 41 [LANGUAGE]..//vPL by success or wait 1 403050 WriteFile 47 45 5d 0d 0a 2f 2f 76 KHRoN [ [email protected] 50 4c 20 62 79 20 4b ]..000:Polish.... 48 52 6f 4e 20 5b 20 [MAIN]..001:Burrrn..002:A 6b 68 72 6f 6e 40 70 6f uto 63 7a 74 61 2e 66 6d r..003:Tytu...004:Nagrrraj.. 20 5d 0d 0a 30 30 30 005:Pr.dko.. 3a 50 6f 6c 69 73 68 zapisu..006:Wysu... 0d 0a 0d 0a 5b 4d 41 007:D.ugo.. 49 4e 5d 0d 0a 30 30 CD:..008:Wyczy.... 31 3a 42 75 72 72 72 009:Dodaj..010:Usu...011:I 6e 0d 0a 30 30 32 3a nfo o dysku..012:Czy.. CD- 41 75 74 6f 72 0d 0a RW..013:Odblokuj..014:U 30 30 33 3a 54 79 74 75 b3 0d 0a 30 30 34 3a 4e 61 67 72 72 72 61 6a 0d 0a 30 30 35 3a 50 72 ea 64 6b 6f 9c e6 20 7a 61 70 69 73 75 0d 0a 30 30 36 3a 57 79 73 75 f1 0d 0a 30 30 37 3a 44 b3 75 67 6f 9c e6 20 43 44 3a 0d 0a 30 30 38 3a 57 79 63 7a 79 9c e6 0d 0a 30 30 39 3a 44 6f 64 61 6a 0d 0a 30 31 30 3a 55 73 75 f1 0d 0a 30 31 31 3a 49 6e 66 6f 20 6f 20 64 79 73 6b 75 0d 0a 30 31 32 3a 43 7a 79 9c e6 20 43 44 2d 52 57 0d 0a 30 31 33 3a 4f 64 62 6c 6f 6b 75 6a 0d 0a 30 31 34 3a 55 Copyright Joe Security LLC 2019 Page 35 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\Romanian.lng unknown 3372 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Roman success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 ian / Burrrn 1.11.. 30 3a 52 6f 6d 61 6e [MAIN]..001:Burrrn.. 69 61 6e 20 2f 20 42 002:Artist..003:Titlu..004:A 75 72 72 72 6e 20 31 rr 2e 31 31 0d 0a 5b 4d rde..005:Viteza..006:Ejecte 41 49 4e 5d 0d 0a 30 aza 30 31 3a 42 75 72 72 ..007:Lungime:..008:Curat 72 6e 0d 0a 30 30 32 a..00 3a 41 72 74 69 73 74 9:Adauga..010:Sterge..011 0d 0a 30 30 33 3a 54 :Disc Info..012:Sterge CD- 69 74 6c 75 0d 0a 30 RW..013:D 30 34 3a 41 72 72 72 eblocheaza..014:Setari..01 64 65 0d 0a 30 30 35 5:In Fata..016:Desp 3a 56 69 74 65 7a 61 0d 0a 30 30 36 3a 45 6a 65 63 74 65 61 7a 61 0d 0a 30 30 37 3a 4c 75 6e 67 69 6d 65 3a 0d 0a 30 30 38 3a 43 75 72 61 74 61 0d 0a 30 30 39 3a 41 64 61 75 67 61 0d 0a 30 31 30 3a 53 74 65 72 67 65 0d 0a 30 31 31 3a 44 69 73 63 20 49 6e 66 6f 0d 0a 30 31 32 3a 53 74 65 72 67 65 20 43 44 2d 52 57 0d 0a 30 31 33 3a 44 65 62 6c 6f 63 68 65 61 7a 61 0d 0a 30 31 34 3a 53 65 74 61 72 69 0d 0a 30 31 35 3a 49 6e 20 46 61 74 61 0d 0a 30 31 36 3a 44 65 73 70 C:\Program Files (x86)\Burrrn\Language\Russian.lng unknown 3831 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Russia success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 n / Burrrn 1.1.3.... 30 3a 52 75 73 73 69 [MAIN]..001:...... 61 6e 20 2f 20 42 75 ..002:...... 003:...... 004: 72 72 72 6e 20 31 2e ...... 005:...... 0 31 2e 33 0d 0a 0d 0a 06:...... 007:..... CD..008:. 5b 4d 41 49 4e 5d 0d ...... 009:...... 010:... 0a 30 30 31 3a c7 e0 ...... 011:....-...... 012:..... ef e8 f1 fc 0d 0a 30 30 ....013:...... 014:...... 32 3a c0 f0 f2 e8 f1 f2 .....015:...... 0d 0a 30 30 33 3a c0 eb fc e1 ee ec 0d 0a 30 30 34 3a c7 e0 ef e8 f1 fc 0d 0a 30 30 35 3a d1 ea ee f0 ee f1 f2 fc 20 e7 e0 ef e8 f1 e8 0d 0a 30 30 36 3a c2 fb e1 f0 ee f1 0d 0a 30 30 37 3a c2 f0 e5 ec ff 20 43 44 0d 0a 30 30 38 3a ce f7 e8 f1 f2 e8 f2 fc 0d 0a 30 30 39 3a c4 ee e1 e0 e2 e8 f2 fc 0d 0a 30 31 30 3a d3 e4 e0 eb e8 f2 fc 0d 0a 30 31 31 3a c4 e8 f1 ea 2d e8 ed f4 ee 0d 0a 30 31 32 3a d1 f2 e5 f0 e5 f2 fc 0d 0a 30 31 33 3a d0 e0 e7 e1 eb ee ea e8 f0 2e 0d 0a 30 31 34 3a cd e0 f1 f2 f0 ee e9 ea e8 0d 0a 30 31 35 3a cf ee e2 e5 f0 f5 Copyright Joe Security LLC 2019 Page 36 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\Slovak.lng unknown 2961 2f 2f 20 54 72 61 6e 73 // Translation made with success or wait 1 403050 WriteFile 6c 61 74 69 6f 6e 20 Translator 1.32 6d 61 64 65 20 77 69 (http://www2.arnes. 74 68 20 54 72 61 6e si/~sopjsimo/translator.htm 73 6c 61 74 6f 72 20 l)..// 31 2e 33 32 20 28 68 $Translator:NL=%n:TB=%t 74 74 70 3a 2f 2f 77 77 ..//.. 77 32 2e 61 72 6e 65 [LANGUAGE]..000:Slovak. 73 2e 73 69 2f 7e 73 6f .[MA 70 6a 73 69 6d 6f 2f 74 IN]..001:Burrrn..002:Umele 72 61 6e 73 6c 61 74 c..0 6f 72 2e 68 74 6d 6c 03:Titul..004:Napal..005:R 29 0d 0a 2f 2f 20 24 54 ychlost 72 61 6e 73 6c 61 74 palenia..006:Vysun..007:Dl 6f 72 3a 4e 4c 3d 25 zka CD:..008:Vy 6e 3a 54 42 3d 25 74 0d 0a 2f 2f 0d 0a 5b 4c 41 4e 47 55 41 47 45 5d 0d 0a 30 30 30 3a 53 6c 6f 76 61 6b 0d 0a 5b 4d 41 49 4e 5d 0d 0a 30 30 31 3a 42 75 72 72 72 6e 0d 0a 30 30 32 3a 55 6d 65 6c 65 63 0d 0a 30 30 33 3a 54 69 74 75 6c 0d 0a 30 30 34 3a 4e 61 70 61 6c 0d 0a 30 30 35 3a 52 79 63 68 6c 6f 73 74 20 70 61 6c 65 6e 69 61 0d 0a 30 30 36 3a 56 79 73 75 6e 0d 0a 30 30 37 3a 44 6c 7a 6b 61 20 43 44 3a 0d 0a 30 30 38 3a 56 79 C:\Program Files (x86)\Burrrn\Language\Slovenian.lng unknown 3584 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Sloven success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 ski - SI / Burrrn 1.12.... 30 3a 53 6c 6f 76 65 [MAIN]..001: 6e 73 6b 69 20 2d 20 Zapi.i..002:Izvajalec..003: 53 49 20 2f 20 42 75 Nas 72 72 72 6e 20 31 2e lov..004:Zapi.i..005:Hitrost 31 32 0d 0a 0d 0a 5b zap...006:Izvleci..007:.as 4d 41 49 4e 5d 0d 0a skupaj..008:Zbri.i 30 30 31 3a 5a 61 70 seznam..009:Dod 69 9a 69 0d 0a 30 30 aj..010:Odstrani..011:O 32 3a 49 7a 76 61 6a nosilcu..012:Zbri.i CD- 61 6c 65 63 0d 0a 30 RW..013:Odkleni 30 33 3a 4e 61 73 6c pogon..014:N 6f 76 0d 0a 30 30 34 3a 5a 61 70 69 9a 69 0d 0a 30 30 35 3a 48 69 74 72 6f 73 74 20 7a 61 70 2e 0d 0a 30 30 36 3a 49 7a 76 6c 65 63 69 0d 0a 30 30 37 3a e8 61 73 20 73 6b 75 70 61 6a 0d 0a 30 30 38 3a 5a 62 72 69 9a 69 20 73 65 7a 6e 61 6d 0d 0a 30 30 39 3a 44 6f 64 61 6a 0d 0a 30 31 30 3a 4f 64 73 74 72 61 6e 69 0d 0a 30 31 31 3a 4f 20 6e 6f 73 69 6c 63 75 0d 0a 30 31 32 3a 5a 62 72 69 9a 69 20 43 44 2d 52 57 0d 0a 30 31 33 3a 4f 64 6b 6c 65 6e 69 20 70 6f 67 6f 6e 0d 0a 30 31 34 3a 4e Copyright Joe Security LLC 2019 Page 37 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\Spanish.lng unknown 3491 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:Espa.ol success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 / Burrrn 1.0.9.. 30 3a 45 73 70 61 f1 6f [MAIN]..001:Burrrn.. 6c 20 2f 20 42 75 72 002:Artista..003:T.tulo..004 72 72 6e 20 31 2e 30 :B 2e 39 0d 0a 5b 4d 41 urrrn..005:Velocidad..006: 49 4e 5d 0d 0a 30 30 Expulsar..007: Duraci.n 31 3a 42 75 72 72 72 ..008:Borrar 6e 0d 0a 30 30 32 3a lista..009:A.adir..010:Elim 41 72 74 69 73 74 61 inar..011:Informaci.n..012: 0d 0a 30 30 33 3a 54 Borrar CD- ed 74 75 6c 6f 0d 0a RW..013:Desbloquear..01 30 30 34 3a 42 75 72 4:Configuraci.n 72 72 6e 0d 0a 30 30 35 3a 56 65 6c 6f 63 69 64 61 64 0d 0a 30 30 36 3a 45 78 70 75 6c 73 61 72 0d 0a 30 30 37 3a 20 44 75 72 61 63 69 f3 6e 20 0d 0a 30 30 38 3a 42 6f 72 72 61 72 20 6c 69 73 74 61 0d 0a 30 30 39 3a 41 f1 61 64 69 72 0d 0a 30 31 30 3a 45 6c 69 6d 69 6e 61 72 0d 0a 30 31 31 3a 49 6e 66 6f 72 6d 61 63 69 f3 6e 0d 0a 30 31 32 3a 42 6f 72 72 61 72 20 43 44 2d 52 57 0d 0a 30 31 33 3a 44 65 73 62 6c 6f 71 75 65 61 72 0d 0a 30 31 34 3a 43 6f 6e 66 69 67 75 72 61 63 69 f3 6e C:\Program Files (x86)\Burrrn\Language\Swedish.lng unknown 3323 2f 2f 20 54 72 61 6e 73 // Translation made with success or wait 1 403050 WriteFile 6c 61 74 69 6f 6e 20 Translator 1.32 6d 61 64 65 20 77 69 (http://www2.arnes. 74 68 20 54 72 61 6e si/~sopjsimo/translator.htm 73 6c 61 74 6f 72 20 l)..// 31 2e 33 32 20 28 68 $Translator:NL=%n:TB=%t 74 74 70 3a 2f 2f 77 77 ..//.. 77 32 2e 61 72 6e 65 [LANGUAGE]..000:Svensk 73 2e 73 69 2f 7e 73 6f a / Burrrn 1.0.9.. 70 6a 73 69 6d 6f 2f 74 [MAIN]..001:Burrr 72 61 6e 73 6c 61 74 n..002:Artist..003:Titel..004 6f 72 2e 68 74 6d 6c : 29 0d 0a 2f 2f 20 24 54 Burrrn..005:Skrivhastighet. 72 61 6e 73 6c 61 74 .006:Mata ut..007: 6f 72 3a 4e 4c 3d 25 6e 3a 54 42 3d 25 74 0d 0a 2f 2f 0d 0a 5b 4c 41 4e 47 55 41 47 45 5d 0d 0a 30 30 30 3a 53 76 65 6e 73 6b 61 20 2f 20 42 75 72 72 72 6e 20 31 2e 30 2e 39 0d 0a 5b 4d 41 49 4e 5d 0d 0a 30 30 31 3a 42 75 72 72 72 6e 0d 0a 30 30 32 3a 41 72 74 69 73 74 0d 0a 30 30 33 3a 54 69 74 65 6c 0d 0a 30 30 34 3a 42 75 72 72 72 6e 0d 0a 30 30 35 3a 53 6b 72 69 76 68 61 73 74 69 67 68 65 74 0d 0a 30 30 36 3a 4d 61 74 61 20 75 74 0d 0a 30 30 37 3a Copyright Joe Security LLC 2019 Page 38 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Language\Turkish.lng unknown 3393 5b 4c 41 4e 47 55 41 [LANGUAGE]..000:T.rk.e... success or wait 1 403050 WriteFile 47 45 5d 0d 0a 30 30 .[MAI 30 3a 54 fc 72 6b e7 N]..001:Yakkk..002:Sanat.. 65 0d 0a 0d 0a 5b 4d ..00 41 49 4e 5d 0d 0a 30 3:Ba.l.k..004:Yakkk..005:Y 30 31 3a 59 61 6b 6b azma 6b 0d 0a 30 30 32 3a H.z...006:..kart..007:CD 53 61 6e 61 74 e7 fd Uzun 0d 0a 30 30 33 3a 42 lu.u:..008:Temizle..009:Ekl 61 fe 6c fd 6b 0d 0a 30 e..010:Kald.r..011:Disk 30 34 3a 59 61 6b 6b Bilgisi..012:CD-RW 6b 0d 0a 30 30 35 3a Sil..013:CD Kilidini 59 61 7a 6d 61 20 48 A...014:Ayarlar..015:.stte fd 7a fd 0d 0a 30 30 36 tut..016:Hakk.nda 3a c7 fd 6b 61 72 74 0d 0a 30 30 37 3a 43 44 20 55 7a 75 6e 6c 75 f0 75 3a 0d 0a 30 30 38 3a 54 65 6d 69 7a 6c 65 0d 0a 30 30 39 3a 45 6b 6c 65 0d 0a 30 31 30 3a 4b 61 6c 64 fd 72 0d 0a 30 31 31 3a 44 69 73 6b 20 42 69 6c 67 69 73 69 0d 0a 30 31 32 3a 43 44 2d 52 57 20 53 69 6c 0d 0a 30 31 33 3a 43 44 20 4b 69 6c 69 64 69 6e 69 20 41 e7 0d 0a 30 31 34 3a 41 79 61 72 6c 61 72 0d 0a 30 31 35 3a dc 73 74 74 65 20 74 75 74 0d 0a 30 31 36 3a 48 61 6b 6b fd 6e 64 61 C:\Program Files (x86)\Burrrn\Burrrn.exe unknown 16384 4d 5a 50 00 02 00 00 MZP...... @..... success or wait 30 403050 WriteFile 00 04 00 0f 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!..This program 00 00 40 00 1a 00 00 must be run under 00 00 00 00 00 00 00 Win32..$7 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 01 00 00 ...... ba 10 00 0e 1f b4 09 ...... cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Copyright Joe Security LLC 2019 Page 39 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\cdrdao.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 16 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... PE..L....m.?...... 00 00 00 00 00 00 00 .....8...... 0...#[email protected].. 00 00 00 00 00 00 00 ..@...... @ 00 00 00 80 00 00 00 ...... 0e 1f ba 0e 00 b4 09 ...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 93 6d 9d 3f 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 38 00 f0 03 00 00 10 00 00 00 30 08 00 80 23 0c 00 00 40 08 00 00 30 0c 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 40 0c 00 00 10 00 00 00 00 00 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 C:\Program Files (x86)\Burrrn\cygwin1.dll unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 25 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... PE..L...d.l?...... 00 00 00 00 00 00 00 .#...8...... @f...... p.. 00 00 00 00 00 00 00 ...a...... 00 00 00 80 00 00 00 ...... 0e 1f ba 0e 00 b4 09 ...... t..|u. cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 64 b9 6c 3f 00 d2 0e 00 00 00 00 00 e0 00 0e 23 0b 01 02 38 00 c0 05 00 00 80 00 00 00 a0 0e 00 40 66 14 00 00 b0 0e 00 00 70 14 00 00 00 00 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 f0 14 00 00 10 00 00 00 00 00 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a4 74 14 00 7c 75 00 Copyright Joe Security LLC 2019 Page 40 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\DontReadMe.txt unknown 10461 0d 0a 20 20 20 3d 3d .. success or wait 1 403050 WriteFile 3d 3d 3d 3d 3d 3d 3d ======3d 3d 3d 3d 3d 3d 3d ======.. 3d 3d 3d 3d 3d 3d 3d Burrrn 1.14..=== . 3d 3d 3d 3d 3d 3d 3d 2003-2005 by Gambit 3d 3d 3d 0d 0a 20 20 ======.. h 20 20 20 20 20 20 20 ttp://www.burrrn.net/.. 20 20 20 20 20 42 75 [email protected].. ==== 72 72 72 6e 20 31 2e ======31 34 0d 0a 3d 3d 3d ======...... 20 20 20 20 20 20 a9 ======..=== About === 20 32 30 30 33 2d 32 ======30 30 35 20 62 79 20 47 61 6d 62 69 74 20 20 20 20 20 20 3d 3d 3d 3d 3d 3d 0d 0a 20 20 20 20 20 20 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 62 75 72 72 72 6e 2e 6e 65 74 2f 0d 0a 20 20 20 20 20 20 20 20 20 20 20 62 75 72 72 72 6e 40 62 75 72 72 72 6e 2e 6e 65 74 0d 0a 20 20 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0d 0a 0d 0a 0d 0a 20 20 20 3d 3d 3d 3d 3d 3d 3d 0d 0a 3d 3d 3d 20 41 62 6f 75 74 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d C:\Program Files (x86)\Burrrn\faad.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 11 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... f..d5..d5..d5..h5.. 00 00 00 00 00 00 00 d5z.j5..d5..n5..d5..`5..d5..e 00 00 00 00 00 00 00 5 00 00 00 d8 00 00 00 ..d5..w5..d5..n5..d5Rich..d 0e 1f ba 0e 00 b4 09 5...... PE..L....X.@...... cd 21 b8 01 4c cd 21 ...... 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd cd 0a 66 f9 ac 64 35 f9 ac 64 35 f9 ac 64 35 82 b0 68 35 fe ac 64 35 7a b0 6a 35 ff ac 64 35 96 b3 6e 35 f2 ac 64 35 96 b3 60 35 fa ac 64 35 f9 ac 65 35 c1 ac 64 35 9b b3 77 35 fd ac 64 35 cf 8a 6e 35 d2 ac 64 35 52 69 63 68 f9 ac 64 35 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d7 58 ee 40 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 90 02 00 00 10 00 00 00 10 02 Copyright Joe Security LLC 2019 Page 41 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\flac.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 6 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... eS...=...=...=...... 00 00 00 00 00 00 00 =...1...=...3...=.`.9...=...<. 00 00 00 00 00 00 00 ..=...=...=.`.7...=.Rich..=... 00 00 00 d8 00 00 00 ...... PE..L...^..B...... 0e 1f ba 0e 00 b4 09 .....`...... / cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 65 53 e3 88 04 3d b0 88 04 3d b0 88 04 3d b0 ea 1b 2e b0 8a 04 3d b0 f3 18 31 b0 8f 04 3d b0 0b 18 33 b0 82 04 3d b0 60 1b 39 b0 8b 04 3d b0 88 04 3c b0 c0 04 3d b0 88 04 3d b0 8b 04 3d b0 60 1b 37 b0 b0 04 3d b0 52 69 63 68 88 04 3d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5e 1d 03 42 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 60 01 00 00 10 00 00 00 20 2f C:\Program Files (x86)\Burrrn\lame.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 12 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... g...#...#...#...X...!. 00 00 00 00 00 00 00 ...... "...... T...... 5...A... 00 00 00 00 00 00 00 ...#...g...#...... Rich#..... 00 00 00 e0 00 00 00 ...... PE..L...... A.... 0e 1f ba 0e 00 b4 09 ...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 67 97 90 97 23 f6 fe c4 23 f6 fe c4 23 f6 fe c4 58 ea f2 c4 21 f6 fe c4 15 d0 f5 c4 22 f6 fe c4 15 d0 f4 c4 54 f6 fe c4 a0 ea f0 c4 35 f6 fe c4 41 e9 ed c4 20 f6 fe c4 23 f6 ff c4 67 f6 fe c4 23 f6 fe c4 15 f6 fe c4 52 69 63 68 23 f6 fe c4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 c7 e6 04 41 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 e0 02 Copyright Joe Security LLC 2019 Page 42 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\MAC.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 5 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode....$...... 00 00 00 00 00 00 00 [P...1...1...1...=...1 00 00 00 00 00 00 00 ...=..k1...1...1...9...1...9.. 00 00 00 00 00 00 00 .1...1..Q1...9...1...9...1...= 00 00 00 00 01 00 00 ..11...=...1...:...1...=...1.. 0e 1f ba 0e 00 b4 09 Rich.1...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 5b 50 93 85 1f 31 fd d6 1f 31 fd d6 1f 31 fd d6 1a 3d f2 d6 08 31 fd d6 1a 3d a2 d6 6b 31 fd d6 1f 31 fd d6 1e 31 fd d6 0c 39 a0 d6 1d 31 fd d6 9c 39 a0 d6 1c 31 fd d6 1f 31 fc d6 51 31 fd d6 0c 39 94 d6 0d 31 fd d6 9c 39 a2 d6 0d 31 fd d6 1a 3d 9d d6 31 31 fd d6 1a 3d a1 d6 1e 31 fd d6 f3 3a a3 d6 1e 31 fd d6 1a 3d a7 d6 1e 31 fd d6 52 69 63 68 1f 31 fd d6 00 00 00 00 00 00 00 C:\Program Files (x86)\Burrrn\mppdec.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 4 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... S.vq..vq..vq..j}..v 00 00 00 00 00 00 00 q..iz..vq..i{..vq.*j...vq..ib. 00 00 00 00 00 00 00 .vq..vp..vq.Ai{..vq..U{..vq..v 00 00 00 f8 00 00 00 q..vq.Rich.vq...... 0e 1f ba 0e 00 b4 09 ...... PE..L.. cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed 17 1f 53 a9 76 71 00 a9 76 71 00 a9 76 71 00 d2 6a 7d 00 a0 76 71 00 c6 69 7a 00 a8 76 71 00 c6 69 7b 00 de 76 71 00 2a 6a 7f 00 bf 76 71 00 cb 69 62 00 a0 76 71 00 a9 76 70 00 ce 76 71 00 41 69 7b 00 a8 76 71 00 af 55 7b 00 bc 76 71 00 a9 76 71 00 ab 76 71 00 52 69 63 68 a9 76 71 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 Copyright Joe Security LLC 2019 Page 43 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\ofr.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 6 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... Ri 00 00 00 e8 00 00 00 ch...... PE..L...&. 0e 1f ba 0e 00 b4 09 {@...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc fc 8d b2 88 9d e3 e1 88 9d e3 e1 88 9d e3 e1 f3 81 ef e1 8a 9d e3 e1 e7 82 e8 e1 82 9d e3 e1 0b 81 ed e1 95 9d e3 e1 e7 82 e9 e1 d6 9d e3 e1 ea 82 f0 e1 8b 9d e3 e1 88 9d e2 e1 b5 9d e3 e1 dc be d2 e1 ae 9d e3 e1 88 9d e3 e1 8e 9d e3 e1 52 69 63 68 88 9d e3 e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 26 b2 7b 40 00 00 00 00 00 00 00 00 e0 00 0f C:\Program Files (x86)\Burrrn\oggdec.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 5 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode....$...... XLy".-.q.-.q.- 00 00 00 00 00 00 00 .qg1.q.-.q.2.q.-.q.1.q.-.q.- 00 00 00 00 00 00 00 .q--.q~2.q.-.q.2.qe-.qRich.- 00 00 00 00 00 00 00 .q...... 00 00 00 e0 00 00 00 ...... PE..L...].7=.... 0e 1f ba 0e 00 b4 09 ...... 0. cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 58 4c 79 22 1c 2d 17 71 1c 2d 17 71 1c 2d 17 71 67 31 1b 71 1d 2d 17 71 f4 32 1c 71 1d 2d 17 71 9f 31 19 71 07 2d 17 71 1c 2d 16 71 2d 2d 17 71 7e 32 04 71 1f 2d 17 71 f4 32 1d 71 65 2d 17 71 52 69 63 68 1c 2d 17 71 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5d ee 37 3d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 30 01 Copyright Joe Security LLC 2019 Page 44 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Readme.txt unknown 10173 0d 0a 20 20 20 3d 3d .. success or wait 1 403050 WriteFile 3d 3d 3d 3d 3d 3d 3d ======3d 3d 3d 3d 3d 3d 3d ======.. 3d 3d 3d 3d 3d 3d 3d Burrrn 1.14..=== . 3d 3d 3d 3d 3d 3d 3d 2003-2005 by Gambit 3d 3d 3d 0d 0a 20 20 ======.. h 20 20 20 20 20 20 20 ttp://www.burrrn.net/.. 20 20 20 20 20 42 75 [email protected].. ==== 72 72 72 6e 20 31 2e ======31 34 0d 0a 3d 3d 3d ======...... 20 20 20 20 20 20 a9 ======..=== About === 20 32 30 30 33 2d 32 ======30 30 35 20 62 79 20 47 61 6d 62 69 74 20 20 20 20 20 20 3d 3d 3d 3d 3d 3d 0d 0a 20 20 20 20 20 20 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 62 75 72 72 72 6e 2e 6e 65 74 2f 0d 0a 20 20 20 20 20 20 20 20 20 20 20 62 75 72 72 72 6e 40 62 75 72 72 72 6e 2e 6e 65 74 0d 0a 20 20 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0d 0a 0d 0a 0d 0a 20 20 20 3d 3d 3d 3d 3d 3d 3d 0d 0a 3d 3d 3d 20 41 62 6f 75 74 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d C:\Program Files (x86)\Burrrn\shorten.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 6 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... ".4.f.Z^f.Z^f.Z^..V^a. 00 00 00 00 00 00 00 Z^..Q^g.Z^..T^s.Z^..P^..Z^. 00 00 00 00 00 00 00 .I^e.Z^f. 00 00 00 d8 00 00 00 [^".Z^f.Z^D.Z^Richf.Z^.. 0e 1f ba 0e 00 b4 09 ...... PE..L.....J>...... cd 21 b8 01 4c cd 21 .....p...... @. 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 22 cc 34 0d 66 ad 5a 5e 66 ad 5a 5e 66 ad 5a 5e 1d b1 56 5e 61 ad 5a 5e 09 b2 51 5e 67 ad 5a 5e e5 b1 54 5e 73 ad 5a 5e 09 b2 50 5e 17 ad 5a 5e 04 b2 49 5e 65 ad 5a 5e 66 ad 5b 5e 22 ad 5a 5e 66 ad 5a 5e 44 ad 5a 5e 52 69 63 68 66 ad 5a 5e 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f9 8f 4a 3e 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 70 01 00 00 10 00 00 00 40 02 Copyright Joe Security LLC 2019 Page 45 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\ttaenc.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 3 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... N...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 _...... Rich...... 00 00 00 e0 00 00 00 ...... PE..L....rtA.... 0e 1f ba 0e 00 b4 09 ...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4e a9 b0 9c 0a c8 de cf 0a c8 de cf 0a c8 de cf c0 eb f9 cf 0b c8 de cf f0 ec c3 cf 08 c8 de cf f0 ec 9e cf 1c c8 de cf f0 eb c7 cf 09 c8 de cf 0a c8 df cf 5f c8 de cf f0 ec c2 cf 8c c8 de cf f0 ec e3 cf 0b c8 de cf 52 69 63 68 0a c8 de cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0a 72 74 41 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 07 00 00 b0 00 C:\Program Files (x86)\Burrrn\WaveGain.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 4 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... B...... }..... 00 00 00 00 00 00 00 ..0...... &...d...... 00 00 00 00 00 00 00 D...0...... Rich...... 00 00 00 d8 00 00 00 ...... PE..L...Q.WB...... 0e 1f ba 0e 00 b4 09 ...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 42 e7 b2 da 06 86 dc 89 06 86 dc 89 06 86 dc 89 7d 9a d0 89 02 86 dc 89 30 a0 d7 89 07 86 dc 89 85 9a d2 89 26 86 dc 89 64 99 cf 89 05 86 dc 89 06 86 dd 89 44 86 dc 89 30 a0 d6 89 86 86 dc 89 52 69 63 68 06 86 dc 89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 51 f7 57 42 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 d0 00 00 00 10 00 00 00 10 03 Copyright Joe Security LLC 2019 Page 46 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\wvunpack.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 4 403050 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... :...~...~...~...... x. 00 00 00 00 00 00 00 ...... o...... }...~... 00 00 00 00 00 00 00 6...... Rich~...... PE 00 00 00 d0 00 00 00 ..L.....OB...... 0e 1f ba 0e 00 b4 09 ...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3a ef e5 97 7e 8e 8b c4 7e 8e 8b c4 7e 8e 8b c4 05 92 87 c4 78 8e 8b c4 96 91 80 c4 7f 8e 8b c4 fd 92 85 c4 6f 8e 8b c4 1c 91 98 c4 7d 8e 8b c4 7e 8e 8a c4 36 8e 8b c4 96 91 81 c4 0a 8e 8b c4 52 69 63 68 7e 8e 8b c4 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 19 8d 4f 42 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 e0 00 00 00 10 00 00 00 10 01 00 90 f2 01 00 00 20 01 C:\Program Files (x86)\Burrrn\Uninstall.exe unknown 57344 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 1 402800 WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... }J...$...$...$./.{... 00 00 00 00 00 00 00 $...%.=.$.".y...$..?....$.f.". 00 00 00 00 00 00 00 ..$.Rich..$...... 00 00 00 d8 00 00 00 ...... PE..L....7.B...... 0e 1f ba 0e 00 b4 09 .....Z...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e5 7d 4a a8 a1 1c 24 fb a1 1c 24 fb a1 1c 24 fb 2f 14 7b fb a3 1c 24 fb a1 1c 25 fb 3d 1c 24 fb 22 14 79 fb b0 1c 24 fb f5 3f 14 fb a8 1c 24 fb 66 1a 22 fb a0 1c 24 fb 52 69 63 68 a1 1c 24 fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d5 37 b7 42 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5a 00 00 00 d8 01 00 00 04 00 Copyright Joe Security LLC 2019 Page 47 of 49 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files (x86)\Burrrn\Uninstall.exe unknown 1432 01 00 00 00 ef be ad ...... NullsoftInstE...... ]. success or wait 1 403050 WriteFile de 4e 75 6c 6c 73 6f ....".|.y.g..>y.^.....b...D\PD 66 74 49 6e 73 74 45 9.DQ..9..... 1a 00 00 98 05 00 00 <.u..S]...Sb~...Z. 5d 00 00 80 00 00 22 I..R.5y"....`T....#..+...nL<.E 86 7c 18 79 e0 67 ed ..T5%.#..T..(...... Sf...V be 3e 79 d2 5e c8 c7 ..o.J.;Y../..C..gF..J...W=...L 01 07 d7 62 05 9c ce 6%9.&}....)$..n....a.....U..>. 44 5c 50 44 39 9e 44 OAQ..E..H...<.._.....2...f[.B. 51 03 1d 39 0f 89 af ba 9e.m|.>.A*K.s.. 06 3c ac 75 dd cc 53 5d cd bf 8d 53 62 7e 95 e6 b8 5a e4 49 95 c6 52 a6 35 79 22 da 01 9b b7 60 54 8e 81 df 0b 23 e2 11 2b b1 9e b1 6e 4c 3c ac 45 ed b4 54 35 25 15 23 86 c2 54 f6 ea 28 b0 fd c0 84 d1 d5 19 1a 1e 20 f5 53 66 1e 10 bb 56 cc ed 6f 18 4a f0 3b 59 b0 88 2f c5 f2 43 ac 09 67 46 0f fc 4a 1e 06 d0 57 3d 85 06 a2 4c 36 25 39 c3 26 7d 1f 1e f0 c2 29 24 d4 ab 6e d4 ec c2 e8 61 de c7 09 fc d8 55 ef 08 3e 07 4f 41 51 ed 01 45 d8 e4 48 18 a4 ea 3c 06 ea 5f ca 02 04 a6 82 32 2e ec 18 66 5b 0b 42 8a 39 65 f5 6d 7c 97 3e 13 41 2a 4b ca 73 ec b2 File Read Source File Path Offset Length Completion Count Address Symbol C:\Users\user\Desktop\burrrn_package.exe unknown 512 success or wait 177 4032D0 ReadFile C:\Users\user\Desktop\burrrn_package.exe unknown 4 success or wait 1 4032D0 ReadFile C:\Users\user\Desktop\burrrn_package.exe unknown 16384 success or wait 1 4032D0 ReadFile C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 4 success or wait 1 402FDA ReadFile C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 11473 success or wait 1 403090 ReadFile C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 4 success or wait 1 402FDA ReadFile C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 6656 success or wait 1 403034 ReadFile C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 4 success or wait 40 402FDA ReadFile C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 340 success or wait 163 403034 ReadFile C:\Users\user\Desktop\burrrn_package.exe unknown 16384 success or wait 126 4032D0 ReadFile C:\Users\user\Desktop\burrrn_package.exe unknown 57344 success or wait 1 4032D0 ReadFile C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 4 success or wait 1 402FDA ReadFile C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 22436 success or wait 1 403090 ReadFile C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 4 success or wait 1 402FDA ReadFile C:\Users\user\AppData\Local\Temp\nsiE1A5.tmp unknown 1432 success or wait 1 403034 ReadFile Registry Activities Key Created Source Key Path Completion Count Address Symbol HKEY_CURRENT_USER\Software\Burrrn success or wait 1 4023EC RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cue success or wait 1 4023EC RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burrrn success or wait 1 4023EC RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burrrn\DefaultIcon success or wait 1 4023EC RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burrrn\Shell success or wait 1 4023EC RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burrrn\Shell\Open success or wait 1 4023EC RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burrrn\Shell\Open\Command success or wait 1 4023EC RegCreateKeyExA Key Value Created Copyright Joe Security LLC 2019 Page 48 of 49 Source Key Path Name Type Data Completion Count Address Symbol HKEY_CURRENT_USER\Software\Burrrn Start Menu unicode Burrrn success or wait 1 402445 RegSetValueExA Folder Key Value Modified Source Key Path Name Type Old Data New Data Completion Count Address Symbol HKEY_CURRENT_USER\Softwar NULL unicode C:\Program Files (x86)\Burrrn success or wait 1 402445 RegSetValueExA e\Burrrn HKEY_LOCAL_MACHINE\SOFT NULL unicode Burrrn success or wait 1 402445 RegSetValueExA WARE\Classes\.cue HKEY_LOCAL_MACHINE\SOFT NULL unicode Burrrn Cue File success or wait 1 402445 RegSetValueExA WARE\Classes\Burrrn HKEY_LOCAL_MACHINE\SOFT NULL unicode C:\Program Files (x86)\Burrrn\ success or wait 1 402445 RegSetValueExA WARE\Cl Burrrn.exe,1 asses\Burrrn\DefaultIcon HKEY_LOCAL_MACHINE\SOFT NULL unicode "C:\Program Files (x86)\Burrrn success or wait 1 402445 RegSetValueExA WARE\Cl \Burrrn.exe" "%1" asses\Burrrn\Shell\Open\Comma nd Disassembly Code Analysis Copyright Joe Security LLC 2019 Page 49 of 49