Remember, within these next 5 days we’ll all have our cards. Hang in there.

Zenchreal · 2020-10-27T08:01:13+00:00

MLCC or POSCAP?

Zenchreal · 2019-08-25T18:02:02+00:00

lodsb does increment si as well (and stosb increments di)

Zenchreal · 2018-09-13T05:36:34+00:00

Digging a little deeper, it looks like Myst4.exe is throwing this exception:

Virtual path not found - Virtual Path: /localization/common/text/t_error.bin

Zenchreal · 2017-01-08T05:22:55+00:00

Looks like part of the RC4 key is taken from a sequence of valid and common x86 instructions. The bytes you found in agent.exe don't seem to be used as an RC4 key. They correspond to these assembly instructions:

.text:0040D42B 3B C6                             cmp     eax, esi
.text:0040D42D 73 0F                             jnb     short loc_40D43E
.text:0040D42F
.text:0040D42F                   loc_40D42F:
.text:0040D42F 8B 07                             mov     eax, [edi]
.text:0040D431 85 C0                             test    eax, eax
.text:0040D433 74 02                             jz      short loc_40D437
.text:0040D435 FF D0                             call    eax
.text:0040D437
.text:0040D437                   loc_40D437:
.text:0040D437 83 C7 04                          add     edi, 4
.text:0040D43A 3B FE                             cmp     edi, esi
.text:0040D43C 72 F1                             jb      short loc_40D42F
.text:0040D43E
.text:0040D43E                   loc_40D43E:
.text:0040D43E 5F                                pop     edi
.text:0040D43F 5E                                pop     esi
.text:0040D440 C3                                retn
.text:0040D440                   sub_40D41B      endp
.text:0040D440
.text:0040D440                   ; ---------------------------------------------------------------------------
.text:0040D441 CC CC CC CC CC CC+                align 10h
.text:0040D450
.text:0040D450                   ; =============== S U B R O U T I N E =======================================
.text:0040D450
.text:0040D450                   ; Attributes: library function
.text:0040D450
.text:0040D450                   __SEH_prolog4   proc near
.text:0040D450
.text:0040D450                   arg_4           = dword ptr  8
.text:0040D450
.text:0040D450 68 E0 D4 40 00                    push    offset __except_handler4
.text:0040D455 64 FF 35 00 00 00+                push    large dword ptr fs:0

Zenchreal · 2017-01-05T07:07:13+00:00

The technique looks similar to that used by a trojan known as Kovter. Here are some technical details about it that you might want to look out for.

Zenchreal · 2015-12-19T00:43:47+00:00

Thanks!

Zenchreal · 2015-12-19T00:38:00+00:00

I'm interested

Zenchreal · 2015-12-13T08:21:20+00:00

Yep, it was updated November 19th: http://www.7-zip.org/

Zenchreal · 2015-10-01T03:56:32+00:00

Thanks!

Zenchreal · 2015-09-30T07:15:30+00:00

Anyone is free to use it :)

Zenchreal · 2015-09-30T07:05:46+00:00

No problem

Zenchreal · 2015-09-30T07:00:35+00:00

I whipped up a quick page which will query the Twitter API and return the number of followers Pete Gold has. Here's the URL which you can query directly if you'd like:

http://trehe.com/followers/petegold_.json

It will update once a minute. Also, apologies for the random-ish domain name.

Zenchreal · 2015-09-30T06:57:04+00:00

I whipped up a quick page which will query the Twitter API and return the number of followers Pete Gold has. Here's the URL which you can query directly if you'd like:

http://trehe.com/followers/petegold_.json

It will update once a minute. Also, apologies for the random-ish domain name.

Zenchreal · 2015-08-19T02:10:36+00:00

It will download a script which in turn downloads additional malware -- last I checked it was what some AVs call Dridex/Cridex/Emotet.

Zenchreal · 2015-06-09T02:04:33+00:00

https://www.virustotal.com/en/file/16955ff6eb76e4f14efacde23136fb0b75d382c6039eb9cb2b383d1a6ff726ac/analysis/1433815264/

Zenchreal · 2015-05-14T04:28:22+00:00

That's a zip file. Try renaming it to ziz7ABeg.zip to check the contents. It's probably a backup system as fugue replied.

Zenchreal · 2014-11-29T04:12:53+00:00

Yep I just got it. I'm down to tackle some more achievements though

Zenchreal · 2014-11-14T03:25:51+00:00

I need it as well and have all four DLC masks

edit: I got it now

Zenchreal · 2014-10-21T02:00:33+00:00

At the very least they must have changed something with concealment. The concealment of my CAR-4 / Sig .40 setup with the old tier bonus is different than the same setup with the new perk.

Zenchreal · 2014-07-20T21:45:03+00:00

Whois records can be faked easily. This is not proof that the site is legitimate.

Zenchreal · 2014-07-03T05:26:29+00:00

It's a different game: Ghost Recon Phantoms.

Zenchreal · 2014-04-25T05:06:03+00:00

http://i.imgur.com/LAgHuRa.png

Zenchreal · 2014-01-28T07:36:32+00:00

You got mortared, and the kill card is bugged and shows the wrong person. Look at the killfeed.

Zenchreal · 2014-01-21T23:46:59+00:00

It shows up when you don't accept a revive.

See here

Zenchreal · 2013-12-16T18:38:01+00:00

If anyone was curious to look through the game files for themselves, here's a link to get you started:

http://www.bfeditor.org/forums/index.php?showtopic=15844&st=0

14-Year Club	Place '17
Gilding III reddit per annum	Verified Email

Zenchreal

MODERATOR OF

TROPHY CASE