Gen.Variant.Kazy.51389_a0adfabc59

by malwarelabrobot on January 13th, 2017 in Malware Descriptions.

Trojan.Win32.Llac.lftm (Kaspersky), Gen:Variant.Kazy.51389 (B) (Emsisoft), Gen:Variant.Kazy.51389 (AdAware), WormRebhip.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, WormAutorun

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: a0adfabc592d6d8b55c45a229d4054ff
SHA1: 5a612914bcdd40942001c32f15d70346733dccc0
SHA256: 5b760125514253899df1c4f276d07d86ab6aa43793a6e923474ff171ba4bf988
SSDeep: 12288:qczgwp8Vui4A1ruz UfQxeezwa3xFCCCqoTXIdkkmlHNn6ccf:f9phi4wuzWeeX3bb9/svn6ccf
Size: 614400 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, NETexecutable, UPolyXv05_v6
Company: no certificate found
Created at: 2017-01-09 01:13:32
Analyzed on: Windows7 SP1 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour	Description
WormAutorun	A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.

Process activity

The Trojan creates the following process(es):

msconfig.exe:1024
msconfig.exe:5616
msconfig.exe:3032
%original file name%.exe:1976
chrome.exe:3196
svhost.exe:5584

The Trojan injects its code into the following process(es):

msconfig.exe:5688
chrome.exe:2172
iexplore.exe:1652
iexplore.exe:3800
SearchProtocolHost.exe:3136
SearchFilterHost.exe:3104
iexplore.exe:5680
taskhost.exe:252
Explorer.EXE:284
csrss.exe:316
wininit.exe:356
csrss.exe:368
winlogon.exe:416
services.exe:460
lsass.exe:468
lsm.exe:476
Dwm.exe:528
svchost.exe:580
svchost.exe:648
svchost.exe:700
svchost.exe:820
svchost.exe:860
svchost.exe:1032
svchost.exe:1132
spoolsv.exe:1244
svchost.exe:1280
TPAutoConnSvc.exe:1624
svchost.exe:1736
TPAutoConnect.exe:2068
conhost.exe:2076
SearchIndexer.exe:2136
wmiprvse.exe:2360
svchost.exe:2884
conhost.exe:3448
taskhost.exe:3500

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process msconfig.exe:1024 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe (4185 bytes)
C:\Windows\System32\drivers\etc\hosts (421 bytes)

The process msconfig.exe:5616 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Windows\System32\drivers\etc\hosts (421 bytes)

The process msconfig.exe:3032 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\XX--XX--XX.txt (619 bytes)
C:\Windows\SystemWindows\svhost.exe (4185 bytes)

The process %original file name%.exe:1976 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\msconfig.exe (4799 bytes)

The process chrome.exe:3196 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\logs.dat (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\UuU.uUu (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\XxX.xXx (6184 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\XX--XX--XX.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\UuU.uUu (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\XxX.xXx (0 bytes)

Registry activity

The process msconfig.exe:1024 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"processname" = "iexplore.exe"
"WindowClassName" = "DDEMLMom"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"

The process msconfig.exe:5616 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"

The process msconfig.exe:3032 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies" = "C:\Windows\SystemWindows\svhost.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"Policies" = "C:\Windows\SystemWindows\svhost.exe"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3SHX672F-471C-11UF-ET7N-85Q378VHK1M2}]
"StubPath" = "C:\Windows\SystemWindows\svhost.exe Restart"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"system32" = "C:\Windows\SystemWindows\svhost.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"system32" = "C:\Windows\SystemWindows\svhost.exe"

The process %original file name%.exe:1976 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process chrome.exe:3196 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\chrome_RASMANCS]
"FileDirectory" = "%windir%\tracing"
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\chrome_RASAPI32]
"MaxFileSize" = "1048576"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\chrome_RASAPI32]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\chrome_RASMANCS]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\chrome_RASAPI32]
"ConsoleTracingMask" = "4294901760"
"FileTracingMask" = "4294901760"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Google\Chrome\BLBeacon]
"failed_count" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\chrome_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 40 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\chrome_RASMANCS]
"EnableFileTracing" = "0"

[HKCU\Software\vÃƒÂtima]
"FirstExecution" = "12/01/2017 -- 01:37"

[HKLM\SOFTWARE\Microsoft\Tracing\chrome_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\chrome_RASMANCS]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft]
"PIDprocess" = "3196"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "2"

[HKCU\Software\vÃƒÂtima]
"NewIdentification" = "vÃƒÂtima"

[HKLM\SOFTWARE\Microsoft\Tracing\chrome_RASAPI32]
"EnableFileTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process svhost.exe:5584 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses.
The modified file is 421 bytes in size. The following strings are added to the hosts file listed below:

	virscan.org
	virustotal.com
	virusscan.jotti.org
	vscan.novirusthanks.org
	free.avg.com
	avg.com
	norton.com
	www.norton.com
	avast.com
	trendmicro.com
	pctools.com
	kaskersky.com
	www.kaspersky.com
	bullguard.com
	secunia.com
	community.norton.com
	av-comparatives.org
	computerhope.com
	nl.clamwin.com
	clamwin.com
	mac-forums.com
	mcafee.com
	barracudanetworks.com
	stopzilla.com
	free-av.com
	symantec.com
	eset.com

Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.

VersionInfo

Company Name: x3S5NtHe
Product Name: w2X0FbK
Product Version: 30.37.21.3
Legal Copyright: e9Y8NwCz0
Legal Trademarks: g3X4Nfr1AY
Original Filename: swwup0fn.exe
Internal Name: swwup0fn.exe
File Version: 30.37.21.3
File Description: Nomad Server
Comments: Xc87Awf5HD
Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	8192	528804	532480	5.47979	84a9772283d5ff9abef3492b13747528
.sdata	540672	100	4096	0.169443	ae710f237713d330aa5386c53c123afa
.rsrc	548864	68744	69632	3.77227	3962f4a1861a1fd0d729ab4742ebe42b
.reloc	622592	12	4096	0.011373	5b57ab3ea9e3117a0a08453cdec11d29

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://www.shafou.com/	104.28.12.66
hxxp://www.shafou.com/js.js	104.28.12.66
hxxp://www.shafou.com/favicon.ico	104.28.12.66
hxxp://e6845.dscb1.akamaiedge.net/crls/secureca.crl
hxxp://e8218.dscb1.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg==
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBiAg+LLzED5
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBiAg+LLzED5
hxxp://www3.l.google.com/GIAG2.crl
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEg0aOXToYEC
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEg0aOXToYEC
hxxp://clients.l.google.com/GIAG2.crl
hxxp://gpla1.wac.v2cdn.net/CRL/Omniroot2025.crl
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBiAg+LLzED5	216.58.209.46
hxxp://pki.google.com/GIAG2.crl	216.58.209.78
hxxp://crl.geotrust.com/crls/secureca.crl	23.43.133.163
hxxp://cdp1.public-trust.com/CRL/Omniroot2025.crl	93.184.220.20
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg==	23.43.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEg0aOXToYEC	216.58.209.46
stats.g.doubleclick.net	108.177.14.157
www.server.com	52.8.126.80
www.google-analytics.com	173.194.113.196

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1

Cache-Control: max-age = 564348

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1377

content-transfer-encoding: binary

Cache-Control: max-age=468888, public, no-transform, must-revalidate

Last-Modified: Tue, 10 Jan 2017 09:50:52 GMT

Expires: Tue, 17 Jan 2017 09:50:52 GMT

Date: Wed, 11 Jan 2017 23:38:04 GMT

Connection: keep-alive
0..]......V0..R.. .....0.....C0..?0......V.T'S...q..."...zr.*..2017011
0095052Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:.....20170110095052Z....20170117095052Z0...*.H............
.\A#...A!w......U..w.q........=.u.>.~2.&.`t6.......%.R...u..Dl..ToT
.9:,...I<h..s...?............P..M.k".x..N}....AJ.P.8~."B....Y.n...9
L...PH....E....._.."./..q..B<.JV.{0m.........O...Q....@l.U...A.#.ts
mI;...7.p.l...^=..........@...<5.o.'.G..pW.b..[g0..tu.......0...0..
.0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U....G
eoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..1712141125
35Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H....
.........0...............S....!....,.t.?....d...M@.._.=.S..,."......Gd
v._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9.Y..
..../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi....
.3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym......
..0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .
......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-OFF-
570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,r}..
....i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......a...
..G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b..K..
.PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA...  #.''.CG..K@7z..7.\_..'.]
q.f._.WN....<<< skipped >>>

GET /js.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.shafou.com/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.shafou.com

Connection: Keep-Alive

Cookie: __cfduid=d28f08602a5d694bfbd2ebb404016d4301484177871


HTTP/1.1 200 OK

Date: Wed, 11 Jan 2017 23:37:52 GMT

Content-Type: application/javascript; charset=utf-8

Content-Length: 145378

Connection: keep-alive

Last-Modified: Sat, 07 Jan 2017 05:48:55 GMT

Access-Control-Allow-Origin: *

Expires: Wed, 11 Jan 2017 07:46:48 GMT

Cache-Control: max-age=600

Content-Encoding: gzip

X-GitHub-Request-Id: B91F1124:6B71:2C9EC20:58709BBF

Via: 1.1 varnish

X-Served-By: cache-fra1220-FRA

X-Cache: MISS

X-Cache-Hits: 0

X-Timer: S1483774912.099556,VS0,VE104

X-Fastly-Request-ID: 2e6fc8f87f11d84231071c0a49cb0fccb1e19f90

CF-Cache-Status: REVALIDATED

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 31fc32f491d9292c-OTP
............iW.;.6.._a.d.m,.mf...$$..v..!.Y=y.Ox.......*.[.6....>k.
....X*.J.R...............2......h.2.Ry=...k...Q./..e..[..Cf0..Z.0s....
..,..%D.u3n........5C..S8..3.z.,....0.k.F......}..u..^g........:9..9..
1p..y..3n7.........N.....u...........(i.{p..... .U......a..u=4....p...
..].i...0.f....Q.F.R4{.Q.5..{...4\......n..u.!c>s..5.....A........;
.4j..........u...5.G.A7s.k......O.s...S~.....a......l..;............8.
..I....V...h...T{.@..5.5G.A.-..nc.\X..T|.U....Z~>.i......\9^.......
...I...._O*.a....f....n.5...*.8..>...0......C?....V=..y..}.q.<&g
t;.>.E..Gn..d{......f]..R.D...D'.x.9.#....7.Q..Q.l4hu.E.m.Q..p).d..
.A......6.["..C...G......|.6E=..w.....Av>...........Cf.p4|........t
...\V......5.P..n.....a...HTT............;F......D ....R..t..a.=.z....
.8...~R.Y..q.T..x... =..Oj.9..!S.E.O.53....C..Hy=3...O.ffB.....Y-...n.
.`..y.....yR.. .b..\.QE..o?.......A.4.....N.D....Qs........x8V..|z(..1
ssx.Y.yH#I.dS.....X..p...?_K..w.....*.*pu.........Um..A.gc.I..Q. 3^.v.
2......EFl-./"m89....#.<.^.f.....u5.gz.r..D7.]..;.......TK...).....
..L........w.......w..y..."f...1....7p0/./.v....Z=.5.8ri.Y....S..L.U..
P.7/o.*WN...........2.....Z.s.;Z.0.d1W..........-p.%..osHl....s.W..o2.
.......io...F..K(n.|...?UgF..~..........O..U.1z{..P.,..C..y...$....We.
.N...GaC.k.....5.Ac......w..? [v.{. !....a~............".'f.,d.....5.N
.=.:n.T....q.........ny:y......9.....'..T..cy.. ..\gy.=;.s....;x....y.
._x..I..u..Kz_....u..~...,.Y.~.^...w._=z..k.^.........u..#z.......H...
.{./D|.`<Tv....'.G......s?9..AA..a..s.2....j....k>...q0.5...<<< skipped >>>

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1

Cache-Control: max-age = 468888

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 10 Jan 2017 09:50:52 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com


HTTP/1.1 304 Not Modified

Content-Type: application/ocsp-response

Expires: Tue, 17 Jan 2017 09:50:52 GMT

Last-Modified: Tue, 10 Jan 2017 09:50:52 GMT

Cache-Control: max-age=468888, public, no-transform, must-revalidate

Date: Wed, 11 Jan 2017 23:38:08 GMT

Connection: keep-alive

HTTP/1.1 304 Not Modified..Content-Type: application/ocsp-response..Ex
pires: Tue, 17 Jan 2017 09:50:52 GMT..Last-Modified: Tue, 10 Jan 2017 
09:50:52 GMT..Cache-Control: max-age=468888, public, no-transform, mus
t-revalidate..Date: Wed, 11 Jan 2017 23:38:08 GMT..Connection: keep-al
ive..

GET / HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.shafou.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Wed, 11 Jan 2017 23:37:52 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 36209

Connection: keep-alive

Set-Cookie: __cfduid=d28f08602a5d694bfbd2ebb404016d4301484177871; expires=Thu, 11-Jan-18 23:37:51 GMT; path=/; domain=.shafou.com; HttpOnly

Last-Modified: Sat, 07 Jan 2017 05:48:55 GMT

Access-Control-Allow-Origin: *

Expires: Wed, 11 Jan 2017 04:41:08 GMT

Cache-Control: max-age=600

Content-Encoding: gzip

X-GitHub-Request-Id: B91F111C:6ED7:7B0325C:5875B509

Accept-Ranges: bytes

Via: 1.1 varnish

Age: 0

X-Served-By: cache-fra1245-FRA

X-Cache: HIT

X-Cache-Hits: 1

X-Timer: S1484177871.907086,VS0,VE94

Vary: Accept-Encoding

X-Fastly-Request-ID: 64a18c84cf4cb68d04cc24d99a1ea1314f98e647

Server: cloudflare-nginx

CF-RAY: 31fc32f224fa2914-OTP
...........|Y..Zr.......*.A.t....b........A......u9..V.9.$.`o6. .Z....
lH.s...............oU.g../...o}....U</..._.Z.....7U.:.5..z.......Wv
..x.....G:.....I........Z.].oK...........;..rI.z\..9...Z..zm.=..._.,s.
._........v....<...b9..8..................%...b.......o........_...
.J..-gx..C7..~......v..]......_.a..?..}....B......E.....u....$....k...
....."..y>/...E.............C.G./..t...7./l...}....M....._...nXC..|
]........L.a0.A..y...~...o./..x.k8._................<.,^c8......H.K
....|.(.5........1..b..:.(.....[?.....'..z..v....Qt..gl..O...S\.......
C....$.....:..~...H..l..&.......o[.........r.$...a.u.V.~c.8......9...x
...?...........;.......h.7.6.6...f...#.ii...4mYO..qxi.<.....Fs..&..
......5.%..?C.X.h.ao.......R.W.xZH.?.w..b....W.-..}....].m. E..Y2.....
.4-Y..Ytq..g...............T0f..6.....`.5xWb....1...|..M....m..%...:.#
.. ]...K_.r.....8.?.......2=...k.'..5a....(............V..9pI'..9mJ...
..\....\ ;3j|h]w"...pz.q'..@IOEy...$.....)...d..'\.o.9...(..'...)..\X.
"&.NEUp..;..[D.J.. Px.,....i8O..N.b..E...((:.|...9._.. .ra.`...*..yb\.
2[7k......%..4.;.>...9x.M.....Q...lt..XB...P">.C.N ._e/6.E@G..p.
.RO.~%.|1=..6...hUt-.}./1..2....,... .X.#.l..6.z.:.O.{As.... .R.......
K).....qq....N&c......eT>0)....6..M4u.......2............&C.".....]
..;.......9..G@.2...~.UJ....=..Z.j....1Q.......|\i.......au.....k`..b.
s....`^.9u)....0.,..3.KyR.:.h...$..W.x.Ni../u...#.:.^_.'.....Qr..&L...
.!..Um8ZZJ.4..|...9M.4.Q.8.K....dDL........d!.G>...d..L.Jx.......FU
..j...q.Vw.........]...q2?2?].9..Z.......8^r..c...IF_V.#....$.....<<< skipped >>>

GET /favicon.ico HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Host: VVV.shafou.com

Connection: Keep-Alive

Cookie: __cfduid=d28f08602a5d694bfbd2ebb404016d4301484177871


HTTP/1.1 404 Not Found

Date: Wed, 11 Jan 2017 23:37:53 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 87

Connection: keep-alive

ETag: W/"58708147-43"

Access-Control-Allow-Origin: *

Content-Encoding: gzip

X-GitHub-Request-Id: B91F1118:1618F:7DD4A5F:5876C1D0

Via: 1.1 varnish

X-Served-By: cache-fra1249-FRA

X-Cache: MISS

X-Cache-Hits: 0

X-Timer: S1484177872.919471,VS0,VE93

X-Fastly-Request-ID: 909bd132a5df652c8afd13a23c3b6d2dad53b52e

CF-Cache-Status: EXPIRED

Server: cloudflare-nginx

CF-RAY: 31fc32f966f22914-OTP

.......... H-.M.....R.710..(.....M-IT.()).M-,.,.U*JM J-.PRH.. I. .U2..
-...W.....k..C...HTTP/1.1 404 Not Found..Date: Wed, 11 Jan 2017 23:37:
53 GMT..Content-Type: text/html; charset=utf-8..Content-Length: 87..Co
nnection: keep-alive..ETag: W/"58708147-43"..Access-Control-Allow-Orig
in: *..Content-Encoding: gzip..X-GitHub-Request-Id: B91F1118:1618F:7DD
4A5F:5876C1D0..Via: 1.1 varnish..X-Served-By: cache-fra1249-FRA..X-Cac
he: MISS..X-Cache-Hits: 0..X-Timer: S1484177872.919471,VS0,VE93..X-Fas
tly-Request-ID: 909bd132a5df652c8afd13a23c3b6d2dad53b52e..CF-Cache-Sta
tus: EXPIRED..Server: cloudflare-nginx..CF-RAY: 31fc32f966f22914-OTP..
.......... H-.M.....R.710..(.....M-IT.()).M-,.,.U*JM J-.PRH.. I. .U2..
-...W.....k..C.....

GET /GIAG2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: pki.google.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Date: Wed, 11 Jan 2017 22:56:54 GMT

Expires: Wed, 11 Jan 2017 23:56:54 GMT

Last-Modified: Wed, 11 Jan 2017 02:15:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 499

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2484
0...0.....0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U..
..Google Internet Authority G2..170111010002Z..170121010002Z0)0'..1.3.
.*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./
0...U.......g0...*.H......................@..z.d.9y'....:.Z.9K...3..f.
......[.QEE:....E.r~..5.y.q6X..}.....D:. ;{#2...\...p.Z.,*....b...|...
.D..e..>.o3._l.uX.......H'..P"A..\.].."......X'..#./3...'{.d.}.S'..
.x.(3u..... ..#R..2..D.&cXZ.y.f.L.........G.].2.'BK ...HC...=.E..7....
q......W....HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date:
 Wed, 11 Jan 2017 22:56:54 GMT..Expires: Wed, 11 Jan 2017 23:56:54 GMT
..Last-Modified: Wed, 11 Jan 2017 02:15:00 GMT..X-Content-Type-Options
: nosniff..Server: sffe..Content-Length: 499..X-XSS-Protection: 1; mod
e=block..Cache-Control: public, max-age=3600..Age: 2484..0...0.....0..
.*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Inte
rnet Authority G2..170111010002Z..170121010002Z0)0'..1.3..*....1609152
02213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......g
0...*.H......................@..z.d.9y'....:.Z.9K...3..f.......[.QEE:.
...E.r~..5.y.q6X..}.....D:. ;{#2...\...p.Z.,*....b...|....D..e..>.o
3._l.uX.......H'..P"A..\.].."......X'..#./3...'{.d.}.S'...x.(3u..... .
.#R..2..D.&cXZ.y.f.L.........G.].2.'BK ...HC...=.E..7....q......W.....
.<<< skipped >>>

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1

Cache-Control: max-age = 564348

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com


HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1377

content-transfer-encoding: binary

Cache-Control: max-age=468888, public, no-transform, must-revalidate

Last-Modified: Tue, 10 Jan 2017 09:50:52 GMT

Expires: Tue, 17 Jan 2017 09:50:52 GMT

Date: Wed, 11 Jan 2017 23:38:04 GMT

Connection: keep-alive
0..]......V0..R.. .....0.....C0..?0......V.T'S...q..."...zr.*..2017011
0095052Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:.....20170110095052Z....20170117095052Z0...*.H............
.\A#...A!w......U..w.q........=.u.>.~2.&.`t6.......%.R...u..Dl..ToT
.9:,...I<h..s...?............P..M.k".x..N}....AJ.P.8~."B....Y.n...9
L...PH....E....._.."./..q..B<.JV.{0m.........O...Q....@l.U...A.#.ts
mI;...7.p.l...^=..........@...<5.o.'.G..pW.b..[g0..tu.......0...0..
.0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U....G
eoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..1712141125
35Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H....
.........0...............S....!....,.t.?....d...M@.._.=.S..,."......Gd
v._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9.Y..
..../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi....
.3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym......
..0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .
......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-OFF-
570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,r}..
....i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......a...
..G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b..K..
.PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA...  #.''.CG..K@7z..7.\_..'.]
q.f._.WN....<<< skipped >>>

GET /GIAG2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: pki.google.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Date: Wed, 11 Jan 2017 23:09:24 GMT

Expires: Thu, 12 Jan 2017 00:09:24 GMT

Last-Modified: Wed, 11 Jan 2017 02:15:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 499

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 1730
0...0.....0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U..
..Google Internet Authority G2..170111010002Z..170121010002Z0)0'..1.3.
.*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./
0...U.......g0...*.H......................@..z.d.9y'....:.Z.9K...3..f.
......[.QEE:....E.r~..5.y.q6X..}.....D:. ;{#2...\...p.Z.,*....b...|...
.D..e..>.o3._l.uX.......H'..P"A..\.].."......X'..#./3...'{.d.}.S'..
.x.(3u..... ..#R..2..D.&cXZ.y.f.L.........G.].2.'BK ...HC...=.E..7....
q......W....HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date:
 Wed, 11 Jan 2017 23:09:24 GMT..Expires: Thu, 12 Jan 2017 00:09:24 GMT
..Last-Modified: Wed, 11 Jan 2017 02:15:00 GMT..X-Content-Type-Options
: nosniff..Server: sffe..Content-Length: 499..X-XSS-Protection: 1; mod
e=block..Cache-Control: public, max-age=3600..Age: 1730..0...0.....0..
.*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Inte
rnet Authority G2..170111010002Z..170121010002Z0)0'..1.3..*....1609152
02213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......g
0...*.H......................@..z.d.9y'....:.Z.9K...3..f.......[.QEE:.
...E.r~..5.y.q6X..}.....D:. ;{#2...\...p.Z.,*....b...|....D..e..>.o
3._l.uX.......H'..P"A..\.].."......X'..#./3...'{.d.}.S'...x.(3u..... .
.#R..2..D.&cXZ.y.f.L.........G.].2.'BK ...HC...=.E..7....q......W.....
.<<< skipped >>>

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1

Cache-Control: max-age = 468888

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 10 Jan 2017 09:50:52 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com


HTTP/1.1 304 Not Modified

Content-Type: application/ocsp-response

Expires: Tue, 17 Jan 2017 09:50:52 GMT

Last-Modified: Tue, 10 Jan 2017 09:50:52 GMT

Cache-Control: max-age=468888, public, no-transform, must-revalidate

Date: Wed, 11 Jan 2017 23:38:08 GMT

Connection: keep-alive

HTTP/1.1 304 Not Modified..Content-Type: application/ocsp-response..Ex
pires: Tue, 17 Jan 2017 09:50:52 GMT..Last-Modified: Tue, 10 Jan 2017 
09:50:52 GMT..Cache-Control: max-age=468888, public, no-transform, mus
t-revalidate..Date: Wed, 11 Jan 2017 23:38:08 GMT..Connection: keep-al
ive..

GET /favicon.ico HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Host: VVV.shafou.com

Connection: Keep-Alive

Cookie: __cfduid=d28f08602a5d694bfbd2ebb404016d4301484177871


HTTP/1.1 404 Not Found

Date: Wed, 11 Jan 2017 23:37:58 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 87

Connection: keep-alive

ETag: W/"58708147-43"

Access-Control-Allow-Origin: *

Content-Encoding: gzip

X-GitHub-Request-Id: B91F1118:1618F:7DD4A5F:5876C1D0

Via: 1.1 varnish

X-Served-By: cache-fra1249-FRA

X-Cache: MISS

X-Cache-Hits: 0

X-Timer: S1484177872.919471,VS0,VE93

X-Fastly-Request-ID: 909bd132a5df652c8afd13a23c3b6d2dad53b52e

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 31fc3319d368291a-OTP

.......... H-.M.....R.710..(.....M-IT.()).M-,.,.U*JM J-.PRH.. I. .U2..
-...W.....k..C...HTTP/1.1 404 Not Found..Date: Wed, 11 Jan 2017 23:37:
58 GMT..Content-Type: text/html; charset=utf-8..Content-Length: 87..Co
nnection: keep-alive..ETag: W/"58708147-43"..Access-Control-Allow-Orig
in: *..Content-Encoding: gzip..X-GitHub-Request-Id: B91F1118:1618F:7DD
4A5F:5876C1D0..Via: 1.1 varnish..X-Served-By: cache-fra1249-FRA..X-Cac
he: MISS..X-Cache-Hits: 0..X-Timer: S1484177872.919471,VS0,VE93..X-Fas
tly-Request-ID: 909bd132a5df652c8afd13a23c3b6d2dad53b52e..CF-Cache-Sta
tus: HIT..Server: cloudflare-nginx..CF-RAY: 31fc3319d368291a-OTP......
...... H-.M.....R.710..(.....M-IT.()).M-,.,.U*JM J-.PRH.. I. .U2..-...
W.....k..C.....

GET /crls/secureca.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT

If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.geotrust.com


HTTP/1.1 200 OK

Server: Apache

ETag: "d954908e185ce1325b225d2331db3819:1484177421"

Last-Modified: Wed, 11 Jan 2017 23:30:21 GMT

Date: Wed, 11 Jan 2017 23:37:59 GMT

Content-Length: 325

Connection: keep-alive

Content-Type: application/pkix-crl

0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equi
fax Secure Certificate Authority..170111232300Z..170121232300Z0,0....%
...020514181157Z0.....3..020515130611Z0...*.H............t.B.%s.[.J.&l
t;!....`.^.t.B..<...\*%.:....0a. ...y.q0.09l.X.?..{Az#..P........s7
.qYx........U1......=W..ak.............Gv5.........HTTP/1.1 200 OK..Se
rver: Apache..ETag: "d954908e185ce1325b225d2331db3819:1484177421"..Las
t-Modified: Wed, 11 Jan 2017 23:30:21 GMT..Date: Wed, 11 Jan 2017 23:3
7:59 GMT..Content-Length: 325..Connection: keep-alive..Content-Type: a
pplication/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....E
quifax1-0 ..U...$Equifax Secure Certificate Authority..170111232300Z..
170121232300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H....
........t.B.%s.[.J.<!....`.^.t.B..<...\*%.:....0a. ...y.q0.09l.X
.?..{Az#..P........s7.qYx........U1......=W..ak.............Gv5.......
....

GET /GIAG2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: pki.google.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Date: Wed, 11 Jan 2017 23:09:24 GMT

Expires: Thu, 12 Jan 2017 00:09:24 GMT

Last-Modified: Wed, 11 Jan 2017 02:15:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 499

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 1729
0...0.....0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U..
..Google Internet Authority G2..170111010002Z..170121010002Z0)0'..1.3.
.*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./
0...U.......g0...*.H......................@..z.d.9y'....:.Z.9K...3..f.
......[.QEE:....E.r~..5.y.q6X..}.....D:. ;{#2...\...p.Z.,*....b...|...
.D..e..>.o3._l.uX.......H'..P"A..\.].."......X'..#./3...'{.d.}.S'..
.x.(3u..... ..#R..2..D.&cXZ.y.f.L.........G.].2.'BK ...HC...=.E..7....
q......W....HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date:
 Wed, 11 Jan 2017 23:09:24 GMT..Expires: Thu, 12 Jan 2017 00:09:24 GMT
..Last-Modified: Wed, 11 Jan 2017 02:15:00 GMT..X-Content-Type-Options
: nosniff..Server: sffe..Content-Length: 499..X-XSS-Protection: 1; mod
e=block..Cache-Control: public, max-age=3600..Age: 1729..0...0.....0..
.*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Inte
rnet Authority G2..170111010002Z..170121010002Z0)0'..1.3..*....1609152
02213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......g
0...*.H......................@..z.d.9y'....:.Z.9K...3..f.......[.QEE:.
...E.r~..5.y.q6X..}.....D:. ;{#2...\...p.Z.,*....b...|....D..e..>.o
3._l.uX.......H'..P"A..\.].."......X'..#./3...'{.d.}.S'...x.(3u..... .
.#R..2..D.&cXZ.y.f.L.........G.].2.'BK ...HC...=.E..7....q......W.....
.<<< skipped >>>

GET /GIAG2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: pki.google.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Date: Wed, 11 Jan 2017 23:36:33 GMT

Expires: Thu, 12 Jan 2017 00:36:33 GMT

Last-Modified: Wed, 11 Jan 2017 02:15:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 499

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 105
0...0.....0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U..
..Google Internet Authority G2..170111010002Z..170121010002Z0)0'..1.3.
.*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./
0...U.......g0...*.H......................@..z.d.9y'....:.Z.9K...3..f.
......[.QEE:....E.r~..5.y.q6X..}.....D:. ;{#2...\...p.Z.,*....b...|...
.D..e..>.o3._l.uX.......H'..P"A..\.].."......X'..#./3...'{.d.}.S'..
.x.(3u..... ..#R..2..D.&cXZ.y.f.L.........G.].2.'BK ...HC...=.E..7....
q......W....HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date:
 Wed, 11 Jan 2017 23:36:33 GMT..Expires: Thu, 12 Jan 2017 00:36:33 GMT
..Last-Modified: Wed, 11 Jan 2017 02:15:00 GMT..X-Content-Type-Options
: nosniff..Server: sffe..Content-Length: 499..X-XSS-Protection: 1; mod
e=block..Cache-Control: public, max-age=3600..Age: 105..0...0.....0...
*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Inter
net Authority G2..170111010002Z..170121010002Z0)0'..1.3..*....16091520
2213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......g0
...*.H......................@..z.d.9y'....:.Z.9K...3..f.......[.QEE:..
..E.r~..5.y.q6X..}.....D:. ;{#2...\...p.Z.,*....b...|....D..e..>.o3
._l.uX.......H'..P"A..\.].."......X'..#./3...'{.d.}.S'...x.(3u..... ..
#R..2..D.&cXZ.y.f.L.........G.].2.'BK ...HC...=.E..7....q......W......<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBiAg+LLzED5 HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com


HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Tue, 10 Jan 2017 15:14:06 GMT

Expires: Sat, 14 Jan 2017 15:14:06 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 116643

0..........0..... .....0......0...0......J......h.v....b..Z./..2017011
0070712Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.......@.....20170110070712Z....20170117070712Z0...*.H..............8&
lt;...am.e)8...Y<.....g.....c...Mx...n.U.......5.gW(.LE...k...U$..^
u...>...k.p0......s...G ..W.g`.....&.....j....-..GW.%.......].*..$.
...-h........O...bHthVS..e....o..>P.C..........Y.9ud..*7...........
16.....eTD..e.o..".r...iq....>.\2z.;.,......_aI.1.3P..,HTTP/1.1 200
 OK..Content-Type: application/ocsp-response..Date: Tue, 10 Jan 2017 1
5:14:06 GMT..Expires: Sat, 14 Jan 2017 15:14:06 GMT..Server: ocsp_resp
onder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-O
ptions: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 116643
..0..........0..... .....0......0...0......J......h.v....b..Z./..20170
110070712Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z.
/........@.....20170110070712Z....20170117070712Z0...*.H..............
8<...am.e)8...Y<.....g.....c...Mx...n.U.......5.gW(.LE...k...U$.
.^u...>...k.p0......s...G ..W.g`.....&.....j....-..GW.%.......].*..
$....-h........O...bHthVS..e....o..>P.C..........Y.9ud..*7.........
..16.....eTD..e.o..".r...iq....>.\2z.;.,......_aI.1.3P..,...
.

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEg0aOXToYEC HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com


HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Tue, 10 Jan 2017 12:34:07 GMT

Expires: Sat, 14 Jan 2017 12:34:07 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 126249
0..........0..... .....0......0...0......J......h.v....b..Z./..2017011
0071335Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.H4h.........20170110071335Z....20170117071335Z0...*.H..............,.
.P...<...0..2.j@Z6..Z.....0..3..'...)O.......A.2.....9_.i.@. 4.aq..
tb.I../=...1 ....o..3.e..`.k......)....US.q-3.....L.t......p^AM..i..u.
....a.Ln[.nCc............/....ys.R.0.p`.M|hU;U}^.-.j.O..8..$..........
...S>...(b....&....V..yU'..V.....dh.._^D.<..-eHTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Tue, 10 Jan 2017 12:34:0
7 GMT..Expires: Sat, 14 Jan 2017 12:34:07 GMT..Server: ocsp_responder.
.Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 126249..0...
.......0..... .....0......0...0......J......h.v....b..Z./..20170110071
335Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..H4h
.........20170110071335Z....20170117071335Z0...*.H..............,..P..
.<...0..2.j@Z6..Z.....0..3..'...)O.......A.2.....9_.i.@. 4.aq..tb.I
../=...1 ....o..3.e..`.k......)....US.q-3.....L.t......p^AM..i..u.....
a.Ln[.nCc............/....ys.R.0.p`.M|hU;U}^.-.j.O..8..$.............S
>...(b....&....V..yU'..V.....dh.._^D.<..-e..

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBiAg+LLzED5 HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com


HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Tue, 10 Jan 2017 12:47:14 GMT

Expires: Sat, 14 Jan 2017 12:47:14 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 125455

0..........0..... .....0......0...0......J......h.v....b..Z./..2017011
0070712Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.......@.....20170110070712Z....20170117070712Z0...*.H..............8&
lt;...am.e)8...Y<.....g.....c...Mx...n.U.......5.gW(.LE...k...U$..^
u...>...k.p0......s...G ..W.g`.....&.....j....-..GW.%.......].*..$.
...-h........O...bHthVS..e....o..>P.C..........Y.9ud..*7...........
16.....eTD..e.o..".r...iq....>.\2z.;.,......_aI.1.3P..,HTTP/1.1 200
 OK..Content-Type: application/ocsp-response..Date: Tue, 10 Jan 2017 1
2:47:14 GMT..Expires: Sat, 14 Jan 2017 12:47:14 GMT..Server: ocsp_resp
onder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-O
ptions: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 125455
..0..........0..... .....0......0...0......J......h.v....b..Z./..20170
110070712Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z.
/........@.....20170110070712Z....20170117070712Z0...*.H..............
8<...am.e)8...Y<.....g.....c...Mx...n.U.......5.gW(.LE...k...U$.
.^u...>...k.p0......s...G ..W.g`.....&.....j....-..GW.%.......].*..
$....-h........O...bHthVS..e....o..>P.C..........Y.9ud..*7.........
..16.....eTD..e.o..".r...iq....>.\2z.;.,......_aI.1.3P..,...
.

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEg0aOXToYEC HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com


HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Tue, 10 Jan 2017 12:31:47 GMT

Expires: Sat, 14 Jan 2017 12:31:47 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 126389
0..........0..... .....0......0...0......J......h.v....b..Z./..2017011
0071335Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.H4h.........20170110071335Z....20170117071335Z0...*.H..............,.
.P...<...0..2.j@Z6..Z.....0..3..'...)O.......A.2.....9_.i.@. 4.aq..
tb.I../=...1 ....o..3.e..`.k......)....US.q-3.....L.t......p^AM..i..u.
....a.Ln[.nCc............/....ys.R.0.p`.M|hU;U}^.-.j.O..8..$..........
...S>...(b....&....V..yU'..V.....dh.._^D.<..-eHTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Tue, 10 Jan 2017 12:31:4
7 GMT..Expires: Sat, 14 Jan 2017 12:31:47 GMT..Server: ocsp_responder.
.Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 126389..0...
.......0..... .....0......0...0......J......h.v....b..Z./..20170110071
335Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..H4h
.........20170110071335Z....20170117071335Z0...*.H..............,..P..
.<...0..2.j@Z6..Z.....0..3..'...)O.......A.2.....9_.i.@. 4.aq..tb.I
../=...1 ....o..3.e..`.k......)....US.q-3.....L.t......p^AM..i..u.....
a.Ln[.nCc............/....ys.R.0.p`.M|hU;U}^.-.j.O..8..$.............S
>...(b....&....V..yU'..V.....dh.._^D.<..-e..

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBiAg+LLzED5 HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com


HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Tue, 10 Jan 2017 15:14:06 GMT

Expires: Sat, 14 Jan 2017 15:14:06 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 116648
0..........0..... .....0......0...0......J......h.v....b..Z./..2017011
0070712Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.......@.....20170110070712Z....20170117070712Z0...*.H..............8&
lt;...am.e)8...Y<.....g.....c...Mx...n.U.......5.gW(.LE...k...U$..^
u...>...k.p0......s...G ..W.g`.....&.....j....-..GW.%.......].*..$.
...-h........O...bHthVS..e....o..>P.C..........Y.9ud..*7...........
16.....eTD..e.o..".r...iq....>.\2z.;.,......_aI.1.3P..,HTTP/1.1 200
 OK..Content-Type: application/ocsp-response..Date: Tue, 10 Jan 2017 1
5:14:06 GMT..Expires: Sat, 14 Jan 2017 15:14:06 GMT..Server: ocsp_resp
onder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-O
ptions: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 116648
..0..........0..... .....0......0...0......J......h.v....b..Z./..20170
110070712Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z.
/........@.....20170110070712Z....20170117070712Z0...*.H..............
8<...am.e)8...Y<.....g.....c...Mx...n.U.......5.gW(.LE...k...U$.
.^u...>...k.p0......s...G ..W.g`.....&.....j....-..GW.%.......].*..
$....-h........O...bHthVS..e....o..>P.C..........Y.9ud..*7.........
..16.....eTD..e.o..".r...iq....>.\2z.;.,......_aI.1.3P..,..<<< skipped >>>

GET /crls/secureca.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 11 Jan 2017 23:30:21 GMT

If-None-Match: "d954908e185ce1325b225d2331db3819:1484177421"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.geotrust.com


HTTP/1.1 304 Not Modified

Last-Modified: Wed, 11 Jan 2017 23:30:21 GMT

ETag: "d954908e185ce1325b225d2331db3819:1484177421"

Date: Wed, 11 Jan 2017 23:38:03 GMT

Connection: keep-alive

Content-Type: application/pkix-crl

GET /crls/secureca.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 11 Jan 2017 23:30:21 GMT

If-None-Match: "d954908e185ce1325b225d2331db3819:1484177421"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.geotrust.com


HTTP/1.1 304 Not Modified

Last-Modified: Wed, 11 Jan 2017 23:30:21 GMT

ETag: "d954908e185ce1325b225d2331db3819:1484177421"

Date: Wed, 11 Jan 2017 23:38:03 GMT

Connection: keep-alive

Content-Type: application/pkix-crl

HTTP/1.1 304 Not Modified..Last-Modified: Wed, 11 Jan 2017 23:30:21 GM
T..ETag: "d954908e185ce1325b225d2331db3819:1484177421"..Date: Wed, 11 
Jan 2017 23:38:03 GMT..Connection: keep-alive..Content-Type: applicati
on/pkix-crl..

GET /CRL/Omniroot2025.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Sat, 16 Nov 2013 06:15:02 GMT

If-None-Match: "200da-5b6-4eb453c33260e"

User-Agent: Microsoft-CryptoAPI/6.1

Host: cdp1.public-trust.com


HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/x-pkcs7-crl

Date: Wed, 11 Jan 2017 23:38:47 GMT

Etag: "200da-ca3-54535e764bc17"

Last-Modified: Tue, 03 Jan 2017 19:45:01 GMT

Server: ECS (arn/45CB)

X-Cache: HIT

Content-Length: 3235

0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..170103190202Z..17033
1190202Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'yr..150701184507Z0....'#...100303201301Z0....''q..1004
14175202Z0....'L...110224181251Z0....'Pn..110309142119Z0....'....10021
6203312Z0....'#...100303201213Z0....'3#..100908172555Z0....''n..101208
175627Z0....''m..101208175749Z0....''p..101208175916Z0....'H...1101141
62156Z0#...'X>..110815145134Z0.0...U.......0#...'Z2..110818184101Z0
.0...U.......0....'g...120111164333Z0....'g...120111164409Z0....'g...1
20111164519Z0....'....100216213519Z0....''s..100414175225Z0....''k..10
0414181839Z0....'3"..100908172705Z0....'3$..100908172728Z0....''o..101
208175645Z0....''l..101208175727Z0....'H...110119195142Z0....'Nz..1103
02154045Z0....'c...111207220933Z0....'g...120111164445Z0....''r..10041
4175143Z0....'8...101012182723Z0....'e...120111163041Z0....'VJ..110714
160903Z0....'s...130123162633Z0....'....130904190524Z0....'....1310242
14319Z0....'....140129172435Z0....'....140129172453Z0....'....13102421
4310Z0....'....131101204601Z0....'....140219171632Z0....'.^..140409155
638Z0....'i...140709171930Z0....'/:..141119193302Z0....'J...1506031846
05Z0....'k...150603185020Z0....'k...150603185058Z0....'k...15060318513
1Z0....'k...120111220827Z0....'8...140716191203Z0....'....131219195909
Z0....'....140219171545Z0....'k...151105070000Z0....'q...160126173

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBiAg+LLzED5 HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com


HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Tue, 10 Jan 2017 15:14:06 GMT

Expires: Sat, 14 Jan 2017 15:14:06 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 116648
0..........0..... .....0......0...0......J......h.v....b..Z./..2017011
0070712Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.......@.....20170110070712Z....20170117070712Z0...*.H..............8&
lt;...am.e)8...Y<.....g.....c...Mx...n.U.......5.gW(.LE...k...U$..^
u...>...k.p0......s...G ..W.g`.....&.....j....-..GW.%.......].*..$.
...-h........O...bHthVS..e....o..>P.C..........Y.9ud..*7...........
16.....eTD..e.o..".r...iq....>.\2z.;.,......_aI.1.3P..,HTTP/1.1 200
 OK..Content-Type: application/ocsp-response..Date: Tue, 10 Jan 2017 1
5:14:06 GMT..Expires: Sat, 14 Jan 2017 15:14:06 GMT..Server: ocsp_resp
onder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-O
ptions: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 116648
..0..........0..... .....0......0...0......J......h.v....b..Z./..20170
110070712Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z.
/........@.....20170110070712Z....20170117070712Z0...*.H..............
8<...am.e)8...Y<.....g.....c...Mx...n.U.......5.gW(.LE...k...U$.
.^u...>...k.p0......s...G ..W.g`.....&.....j....-..GW.%.......].*..
$....-h........O...bHthVS..e....o..>P.C..........Y.9ud..*7.........
..16.....eTD..e.o..".r...iq....>.\2z.;.,......_aI.1.3P..,..<<< skipped >>>

GET /crls/secureca.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT

If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.geotrust.com


HTTP/1.1 200 OK

Server: Apache

ETag: "d954908e185ce1325b225d2331db3819:1484177421"

Last-Modified: Wed, 11 Jan 2017 23:30:21 GMT

Date: Wed, 11 Jan 2017 23:37:59 GMT

Content-Length: 325

Connection: keep-alive

Content-Type: application/pkix-crl

0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equi
fax Secure Certificate Authority..170111232300Z..170121232300Z0,0....%
...020514181157Z0.....3..020515130611Z0...*.H............t.B.%s.[.J.&l
t;!....`.^.t.B..<...\*%.:....0a. ...y.q0.09l.X.?..{Az#..P........s7
.qYx........U1......=W..ak.............Gv5.........HTTP/1.1 200 OK..Se
rver: Apache..ETag: "d954908e185ce1325b225d2331db3819:1484177421"..Las
t-Modified: Wed, 11 Jan 2017 23:30:21 GMT..Date: Wed, 11 Jan 2017 23:3
7:59 GMT..Content-Length: 325..Connection: keep-alive..Content-Type: a
pplication/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....E
quifax1-0 ..U...$Equifax Secure Certificate Authority..170111232300Z..
170121232300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H....
........t.B.%s.[.J.<!....`.^.t.B..<...\*%.:....0a. ...y.q0.09l.X
.?..{Az#..P........s7.qYx........U1......=W..ak.............Gv5.......
....

The Trojan connects to the servers at the folowing location(s):

iexplore.exe_1652:

.text

`.data

.rsrc

@.reloc

>.uzf

.us;}

IEFRAME.dll

MLANG.dll

iertutil.dll

urlmon.dll

ole32.dll

SHELL32.dll

SHLWAPI.dll

msvcrt.dll

USER32.dll

KERNEL32.dll

ADVAPI32.dll

RegOpenKeyExW

RegCloseKey

GetWindowsDirectoryW

_amsg_exit

_wcmdln

UrlApplySchemeW

PathIsURLW

UrlCanonicalizeW

UrlCreateFromPathW

iexplore.pdb

KEYW

KEYWh

KEYWD

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

user32.dll

Kernel32.DLL

xfire.exe

wlmail.exe

winamp.exe

waol.exe

sidebar.exe

psocdesigner.exe

np.exe

netscape.exe

netcaptor.exe

neoplanet.exe

msn.exe

mshtmpad.exe

mshta.exe

loader42.exe

infopath.exe

iexplore.exe

iepreview.exe

groove.exe

explorer.exe

dreamweaver.exe

contribute.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

Kernel32.dll

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

{00000000-0000-0000-0000-000000000000}

\\?\Volume

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

Windows

9.00.8112.16421

iexplore.exe_1652_rwx_01291000_00001000:

Microsoft.InternetExplorer.Default

user32.dll

iexplore.exe_1652_rwx_026C0000_00001000:

kernel32.dll

iexplore.exe_3800:

.text

`.data

.rsrc

@.reloc

>.uzf

.us;}

IEFRAME.dll

MLANG.dll

iertutil.dll

urlmon.dll

ole32.dll

SHELL32.dll

SHLWAPI.dll

msvcrt.dll

USER32.dll

KERNEL32.dll

ADVAPI32.dll

RegOpenKeyExW

RegCloseKey

GetWindowsDirectoryW

_amsg_exit

_wcmdln

UrlApplySchemeW

PathIsURLW

UrlCanonicalizeW

UrlCreateFromPathW

iexplore.pdb

KEYW

KEYWh

KEYWD

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

user32.dll

Kernel32.DLL

xfire.exe

wlmail.exe

winamp.exe

waol.exe

sidebar.exe

psocdesigner.exe

np.exe

netscape.exe

netcaptor.exe

neoplanet.exe

msn.exe

mshtmpad.exe

mshta.exe

loader42.exe

infopath.exe

iexplore.exe

iepreview.exe

groove.exe

explorer.exe

dreamweaver.exe

contribute.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

Kernel32.dll

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

{00000000-0000-0000-0000-000000000000}

\\?\Volume

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

Windows

9.00.8112.16421

iexplore.exe_1652_rwx_02800000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_02940000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_02980000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

msvcrt.dll

USER32.dll

ole32.dll

OLEAUT32.dll

TQUERY.DLL

MSSHooks.dll

IMM32.dll

SHLWAPI.dll

SrchCollatorCatalogInfo

SrchDSSLogin

SrchDSSPortManager

SrchPHHttp

SrchIndexerQuery

SrchIndexerProperties

SrchIndexerPlugin

SrchIndexerClient

SrchIndexerSchema

Msidle.dll

Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default

pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty

d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

RegDeleteKeyW

RegDeleteKeyExW

8%uiP

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

</MSG></TRC>

<MSG>

<ERR> 0xx=

<LOC> %s(%d) </LOC>

tid="0x%x"

pid="0x%x"

tagname="%s"

tagid="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

logname="%s"

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

SHELL32.dll

PROPSYS.dll

ntdll.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ReportEventW

_amsg_exit

MsgWaitForMultipleObjects

SearchProtocolHost.pdb

2 2(20282|2

4%5S5

Software\Microsoft\Windows Search

https

kernel32.dll

msTracer.dll

msfte.dll

lX-X-X-XX-XXXXXX

SOFTWARE\Microsoft\Windows Search

tquery.dll

%s\%s

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Windows Search Service

<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>

advapi32.dll

WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll

winhttp.dll

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

<MSG>

<LOC> %S(%d) </LOC>

tagname="%S"

logname="%S"

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

Microsoft Windows Search Protocol Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchProtocolHost.exe

Windows

7.00.7601.17610

iexplore.exe_1652_rwx_029C0000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_02A40000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_02D80000_00001000:

kernel32.dll

chrome.exe_2172:

.text

`.rdata

@.data

.gfids

@.tls

.rsrc

@.reloc

D$,j.Xf

j.Yf;

_tcPVj@

.PjRW

ole32.dll

POWRPROF.dll

address family not supported

broken pipe

function not supported

inappropriate io control operation

not supported

operation canceled

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

InitOnceExecuteOnce

operator

operator ""

?#%X.y

%S#[k

?OLEAUT32.dll

user32.dll

c:\b\build\slave\win-pgo\build\src\chrome\app\chrome_exe_main_win.cc

c:\b\build\slave\win-pgo\build\src\chrome\app\main_dll_loader_win.cc

Failed to load Chrome DLL from

ChromeMain

RelaunchChromeBrowserWithNewCommandLineIfNeeded

Could not find exported function

%s: option `%s' is ambiguous (could be `--%s' or `--%s')

%s: invalid option -- `-%c'

%s: argument required for option `

--%s'

0.8.0

%ls (%s) %s

hXXps://crashpad.chromium.org/

hXXps://crashpad.chromium.org/bug/new

Report %ls bugs to

%s home page: <%s>

%ls: %s

(0x%X)

Error (0x%X) while retrieving error. (0x%X)

PlatformFile.UnknownErrors.Windows

c:\b\build\slave\win-pgo\build\src\base\threading\thread_local_win.cc

0123456789

(flags = 0x%x)

Histogram: %s recorded %d samples

.syzygy

.thunks

Windows NT

Histogram.InconsistentCountHigh

Histogram.InconsistentCountLow

c:\b\build\slave\win-pgo\build\src\base\metrics\persistent_memory_allocator.cc

(%d = %3.1f%%)

UMA.CreatePersistentHistogram.Result

Dictionary keys must be quoted.

Unsupported encoding. JSON must be UTF-8.

Line: %i, column: %i, %s

widevinecdmadapter.dll

c:\b\build\slave\win-pgo\build\src\chrome\installer\util\google_update_settings.cc

Failed to write to application's ClientState key

Removed incremental installer failure key; switching to channel:

Removed multi-install failure key; switching to channel:

CHROME_PROBED_PROGRAM_FILES_PATH

chrome-sxs

c:\b\build\slave\win-pgo\build\src\chrome\installer\util\google_chrome_distribution.cc

iexplore.exe

googlechrome

googlechromeframe

c:\b\build\slave\win-pgo\build\src\chrome\installer\util\channel_info.cc

c:\b\build\slave\win-pgo\build\src\chrome\installer\util\language_selector.cc

c:\b\build\slave\win-pgo\build\src\chrome\installer\util\app_commands.cc

Cannot initialize AppCommands from an invalid key.

Skipping over key "

Failed to open key "

Cannot initialize an AppCommand from an invalid key.

c:\b\build\slave\win-pgo\build\src\chrome\installer\util\app_command.cc

CHROME_MAIN_TICKS

user_experience_metrics.reporting_enabled

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\client\settings.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\numeric\in_range_cast.h

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\client\crash_report_database_win.cc

x-x-x-xx-xxxxxx

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\misc\uuid.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_io_win.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_io.cc

--annotation=KEY=VALUE set a process annotation in each crash report

--database=PATH store the crash report database at PATH

create a new pipe and send its name via HANDLE

--pipe-name=PIPE communicate with the client over PIPE

--url=URL send crash reports to this Breakpad server URL,

pipe-name

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\handler\handler_main.cc

duplicate key

--annotation requires KEY=VALUE

--handshake-handle and --pipe-name are incompatible

--handshake-handle or --pipe-name is required

SetProcessShutdownParameters

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\handler\crash_report_upload_thread.cc

reserved key

FinishedWritingCrashReport failed

PrepareNewCrashReport failed

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\handler\win\crash_report_exception_handler.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_file_writer.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_writer_util.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_writable.cc

%s.%s,%s,%s

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\minidump\minidump_context_writer.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\process_snapshot_minidump.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\process_snapshot_win.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\crashpad_info_client_options.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_simple_string_dictionary_reader.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\module_snapshot_minidump.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\exception_snapshot_win.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\module_snapshot_win.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\system_snapshot_win.cc

%s %d.%d.%d.%s%s

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\process_reader_win.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\minidump\minidump_string_list_reader.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\capture_memory.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\cpu_context_win.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_reader.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_annotations_reader.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\process_subrange_reader.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\snapshot\win\pe_image_resource_reader.cc

kernel32.dll

c:\b\build\slave\win-pgo\build\src\sandbox\win\src\sandbox_policy_base.cc

NtOpenKey

NtCreateKey

GetCertificateSize

GetCertificate

GetCertificateSizeByHandle

GetCertificateByHandle

SetOPMSigningKeyAndSequenceNumbers

CreateNamedPipeW

NtOpenKeyEx

PruneCrashReportDatabase: Failed to get pending reports

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\client\prune_crash_reports.cc

PruneCrashReportDatabase: Failed to get completed reports

Database Pruning: Failed to remove report

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\exception_handler_server.cc

::GetNamedPipeClientProcessId

\\.\pipe\crashpad_%d_

ImpersonateNamedPipeClient

ConnectNamedPipe

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_reader.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\net\http_transport_win.cc

WinHttpCrackUrl

WinHttpConnect

WinHttpOpenRequest

WinHttpCloseHandle

Crashpad/0.8.0

WinHttpOpen

WinHttpSetTimeouts

WinHttpReceiveResponse

WinHttpQueryHeaders

HTTP status %d

WinHttpReadData

WinHttpAddRequestHeaders

WinHttpSendRequest

%%x

--%s%sContent-Disposition: form-data; name="%s"

; filename="%s"%s

Content-Type: %s%s

multipart/form-data; boundary=%s

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\scoped_process_suspend.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\file\file_seeker.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\process_info.cc

Reading x64 process from x86 process not supported

0x%llx   0x%llx (%s)

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\module_version.cc

<failed to retrieve error message (0x%x)>

(0xx)

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc

SetNamedPipeHandleState

WaitNamedPipe

TransactNamedPipe: expected

TransactNamedPipe

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc

c:\b\build\slave\win-pgo\build\src\third_party\crashpad\crashpad\util\net\http_body.cc

InvokeMainViaCRT

ExitMainViaCRT

Microsoft.CRTProvider

C:\b\build\slave\win-pgo\build\src\out\Release\initialexe\chrome.exe.pdb

.text$di

.text$mn

.text$x

.text$yd

.idata$5

.CRT$XCA

.CRT$XCAA

.CRT$XCC

.CRT$XCL

.CRT$XCU

.CRT$XCZ

.CRT$XIA

.CRT$XIAA

.CRT$XIAC

.CRT$XIC

.CRT$XIZ

.CRT$XLA

.CRT$XLB

.CRT$XLZ

.CRT$XPA

.CRT$XPX

.CRT$XPXA

.CRT$XPZ

.CRT$XTA

.CRT$XTZ

.rdata

.rdata$T

.rdata$r

.rdata$sxdata

.rdata$zETW0

.rdata$zETW1

.rdata$zETW2

.rdata$zETW9

.rdata$zzzdbg

.rtc$IAA

.rtc$IZZ

.rtc$TAA

.rtc$TZZ

.xdata$x

.didat$2

.didat$3

.didat$4

.didat$6

.didat$7

.edata

.idata$2

.idata$3

.idata$4

.idata$6

.data

.data$r

.didat$5

.gfids$x

.gfids$y

.tls$ZZZ

.rsrc$01

.rsrc$02

chrome.exe

SignalChromeElf

chrome_elf.dll

RegOpenKeyExW

RegEnumKeyExW

RegCreateKeyExW

RegQueryInfoKeyW

RegCloseKey

ADVAPI32.dll

CreateIoCompletionPort

GetWindowsDirectoryW

GetProcessHandleCount

KERNEL32.dll

ShellExecuteExW

SHELL32.dll

CloseWindowStation

CreateWindowStationW

GetProcessWindowStation

SetProcessWindowStation

USER32.dll

VERSION.dll

WINMM.dll

WTSAPI32.dll

RPCRT4.dll

GetCPInfo

GetProcessHeap

PeekNamedPipe

DisconnectNamedPipe

WaitNamedPipeW

WINHTTP.dll

.?AU_Crt_new_delete@std@@

a.IDATx

%F?????????3

ÿFFFFFFFFFFFFFFF?B%

:1----16

Rhgf^rrrr(   ?NOCdhgfrrrr...DlEBScjhg^rr,001k>985Tnhherr-12

:BBBBBBBBBB>>-.jdddcccca

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="54.0.2840.59" version="54.0.2840.59" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>

3 3*363@3

6 6%6-646

-0F3K4U4g4m4r4}4

1$3 303{3

081?1_1?3

4!4%4)4{4

9—9d9

; <0<6<;<

<&=.=6=>=~=

? ?$?(?,?

5 5$5(5,5

5 5$5(5,5054585

9,9094989

< <$<(<,<0<4<

4 4<4@4\4`4|4

5 5<5@5\5`5|5

KERNEL32.DLL

mscoree.dll

ext-ms-win-ntuser-windowstation-l1-1-0

portuguese-brazilian

Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

nchrome_watcher.dll

PreReadChromeChildInBrowser

${windows}

Ndebug.log

\StringFileInfo\xx\%ls

ntdll.dll

shell32.dll

resources.pak

script.log

chrome

pepflashplayer.dll

Browse the web

Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium

{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

Chrome

chrome_child.dll

chrome.dll

Google Chrome Canary

{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}

ChromeCanary

Chrome Canary HTML Document

ChromeSSHTM

{1BEAC3E3-B852-44F4-B468-8906C062422E}

{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}

Google Chrome binaries

hXXps://support.google.com/chrome/contact/chromeuninstall3?hl=$1

Google Chrome

%d.%d.%d

Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

ChromeHTML

Chrome HTML Document

{8A69D345-D564-463c-AFF1-A69D9E530F96}

{5C65F4B0-3651-4514-B207-D10CB699B14B}

Google Chrome Frame

Chrome in a Frame.

Google\Chrome Frame

Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame

{8BA986DA-5100-405E-AA35-86F34A02ACBF}

WebAccessible

-chromeframe

-chrome

lSOFTWARE\Policies\Google\Chrome

reports

settings.dat

ALPC Port

\Sessions\%d\AppContainerNamedObjects\%ls

sHKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_TEXT

HKEY_PERFORMANCE_NLSTEXT

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

pipe\

egdi32.dll

tntdll.dll

xntdll.dll

Chrome_MessageWindow

Failed to create directory %ls, last error is %d

Chrome SxS\Application

winhttp.dll

%Program Files%\Google\Chrome\Application\chrome.exe

54.0.2840.59

chrome_exe

iexplore.exe_1652_rwx_038F0000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_03930000_00001000:

kernel32.dll

SearchFilterHost.exe_3104:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

msvcrt.dll

USER32.dll

ole32.dll

OLEAUT32.dll

TQUERY.DLL

IMM32.dll

MSSHooks.dll

mscoree.dll

SHLWAPI.dll

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

RegDeleteKeyW

RegDeleteKeyExW

8%uiP

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ReportEventW

_amsg_exit

SearchFilterHost.pdb

version="5.1.0.0"

name="Microsoft.Windows.Search.MSSFH"

<requestedExecutionLevel

3 3(30383|3

kernel32.dll

Software\Microsoft\Windows Search

SOFTWARE\Microsoft\Windows Search

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Windows Search Service

tquery.dll

advapi32.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

<MSG>

<ERR> 0xx=

<LOC> %S(%d) </LOC>

tid="0x%x"

pid="0x%x"

tagname="%S"

tagid="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

logname="%S"

</MSG></TRC>

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

%s\%s

winhttp.dll

Microsoft Windows Search Filter Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchFilterHost.exe

Windows

7.00.7601.17610

iexplore.exe_1652_rwx_03970000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_039B0000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_03B00000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_03C40000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_03C80000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_03DC0000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_03E00000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_03E40000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_03E80000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_03EB0000_00001000:

GetProcessHeap

iexplore.exe_1652_rwx_03EC0000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_03EF0000_00001000:

oleaut32.dll

iexplore.exe_1652_rwx_03F30000_00001000:

oleaut32.dll

iexplore.exe_1652_rwx_03F70000_00001000:

oleaut32.dll

iexplore.exe_1652_rwx_040A0000_00001000:

advapi32.dll

iexplore.exe_1652_rwx_040E0000_00001000:

advapi32.dll

iexplore.exe_1652_rwx_04110000_00001000:

RegOpenKeyExA

iexplore.exe_1652_rwx_04120000_00001000:

advapi32.dll

iexplore.exe_1652_rwx_04250000_00001000:

RegCloseKey

iexplore.exe_1652_rwx_04260000_00001000:

advapi32.dll

iexplore.exe_1652_rwx_04290000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_042D0000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04310000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04350000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04490000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_044D0000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04510000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04550000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04590000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_045D0000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04610000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04650000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04690000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_046D0000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04710000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04750000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_04790000_00001000:

kernel32.dll

iexplore.exe_1652_rwx_047C0000_00001000:

ntdll.dll

iexplore.exe_1652_rwx_04800000_00001000:

ntdll.dll

iexplore.exe_1652_rwx_319E0000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

iexplore.exe_3800_rwx_01291000_00001000:

Microsoft.InternetExplorer.Default

user32.dll

iexplore.exe_3800_rwx_01786000_00001000:

1.6.0_18

jp2ssv.dll

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

HKEY_PERFORMANCE_DATA

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

%s\jp2iexp.dll

{5852F5ED-8BF4-11D4-A245-0080C6F74284}

jpishare.dll

NPOJI*.dll

NPJava*.dll

NPJPI*.dll

{8AD9C840-044E-11D1-B3E9-00805F499D93}

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

%s\ssvagent.exe

-ABCDEFFEDCBA}

%sd-d-d%s

-ABCDEFFEDCBB}

-ABCDEFFEDCBC}

%sd-d-FFFF%s

.._d

..

{E19F9331-3110-11D4-991C-005004D3B3DB}

SOFTWARE\Classes\CLSID\%s\InprocServer32

Mozilla

Mozilla Firefox

mozilla.org

%s00-d-d%s

1.3.0_02

.*

%s_

shell32.dll

iexplore.exe_3800_rwx_06650000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_06690000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_066D0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_06810000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_06850000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_06890000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_068D0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_06910000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_070B0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_078F0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_07B30000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_07C70000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_07CB0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_07CF0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_08030000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_08170000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_081B0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_081F0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_08220000_00001000:

GetProcessHeap

iexplore.exe_3800_rwx_08740000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_08770000_00001000:

oleaut32.dll

iexplore.exe_3800_rwx_087B0000_00001000:

oleaut32.dll

iexplore.exe_3800_rwx_087F0000_00001000:

oleaut32.dll

iexplore.exe_3800_rwx_08820000_00001000:

advapi32.dll

iexplore.exe_3800_rwx_08960000_00001000:

advapi32.dll

iexplore.exe_3800_rwx_08E90000_00001000:

RegOpenKeyExA

iexplore.exe_3800_rwx_08EA0000_00001000:

advapi32.dll

iexplore.exe_3800_rwx_08ED0000_00001000:

RegCloseKey

iexplore.exe_3800_rwx_08EE0000_00001000:

advapi32.dll

iexplore.exe_3800_rwx_09010000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09050000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09290000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_095D0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09610000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09650000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09690000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_096D0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09810000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09950000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09990000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_099D0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09A10000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09A50000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09B90000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09BD0000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09C10000_00001000:

kernel32.dll

iexplore.exe_3800_rwx_09C40000_00001000:

ntdll.dll

iexplore.exe_3800_rwx_09C80000_00001000:

ntdll.dll

iexplore.exe_3800_rwx_319F0000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

iexplore.exe_3800_rwx_69331000_00001000:

[Jw.cRw

iexplore.exe_3800_rwx_6AE31000_00001000:

d3d10d.dll

id3d10ref.dll

d3d10core.dll

d3d10warp.dll

The application was compiled against and will only work with D3D10_SDK_VERSION (%d), but the currently installed runtime is version (%d).

#pragma ruledisable 0xx

#pragma warning (disable:%d)

#pragma warning (error:%d)

#pragma warning (once:%d)

#pragma def (%s, %s, %g, %g, %g, %g)

D3D10PreprocessShader

duplicate attribute %s

unknown attribute %s, or attribute invalid for this statement

internal error: argument missing context (A%u)

?internal error: operand type mismatch

invalid register specification, expected '%c' binding

user defined %s buffers cannot be target specific

Duplicated input semantics can't change type, size, or layout ('%s').

array dimension for %s must be %i

register or offset bind %s.%s not valid

Cannot map loop to shader target, target does not support breaks

Loop only executes for %d iteration(s), forcing loop to unroll

Unable to unroll loop, loop does not appear to terminate in a timely manner (%d iteratio

iexplore.exe_3800_rwx_6AF41000_00001000:

JSCRIPT9.dll

iexplore.exe_3800_rwx_6B101000_00001000:

kInvalid parameter passed to C runtime function.

iexplore.exe_3800_rwx_6D194000_00001000:

mscoree.dll

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

GetSystemWindowsDirectoryW

PGORT80.dll

MSCoree.dll

kernel32.dll

.mixcrt

KERNEL32.DLL

msvcrt.dll

__MSVCRT_HEAP_SELECT

ADVAPI32.DLL

GetProcessWindowStation

USER32.DLL

setnewh.cpp

Microsoft.VC80.CRT.manifest

msvcr80.dll

iexplore.exe_3800_rwx_6D1D1000_00001000:

'i' is only supported with debug builds.

*** %s%ls%sSource: `%ls:%ld`

vsStageData.Color = Diffuse;

vsStageData.UV = UV;

float2 inputUV = vsStageData.UV;

vsStageData.UV.x = inputUV.x*mat3x2TextureTransform0[0]   inputUV.y*mat3x2TextureTransform0[1]   mat3x2TextureTransform0[2];

vsStageData.UV.y = inputUV.x*mat3x2TextureTransform1[0]   inputUV.y*mat3x2TextureTransform1[1]   mat3x2TextureTransform1[2];

vsStageData.Color = Color;

BlendColor = vsStageData.Color;

Diffuse = vsStageData.Color;

uv = vsStageData.UV;

halfTexelSizeNormalized_and_vCoord = Data_halfTexelSizeNormalized_and_vCoord;

halfTexelSizeNormalized_and_vCoord_and_gradientSpanNormalized = Data_halfTexelSizeNormalized_and_vCoord_and_gradientSpanNormalized;

gradOrigin_and_firstTexelRegionCenter = Data_gradOrigin_and_firstTexelRegionCenter;

USERProcessHandleQuota

GDIProcessHandleQuota

kernel32.dll

Software\Microsoft\Avalon.Graphics

d:\win7sp1_gdr\windows\wgi\shared\util\utillib\debugbreak.cpp

iexplore.exe_3800_rwx_6D441000_00001000:

DmD3D10Level9 Error x: (%d@%d) %s

gdi32.dll

D3D9 DDI returned %s. Insulating d3d9 driver from further calls...

D3D9 DDI Failed - not reporting (via callback) and returning S_OK

D3D9 DDI Failed - not reporting (via callback) and returning E_FAIL

D3D9 DDI Failed - reporting to runtime (via callback), but ignoring result

D3D9 DDI Failed following a device removed. Reporting D3DDDIERR_DEVICEREMOVED to runtime and insulating d3d9 driver from further calls.

UMD DLL %S didn't export OpenAdapter

UMD DLL %S could not be loaded

D3DKMTReleaseKeyedMutex

D3DKMTAcquireKeyedMutex

D3DKMTDestroyKeyedMutex

D3DKMTOpenKeyedMutex

D3DKMTCreateKeyedMutex

10on9 version mismatch, refusing to load driver. 10on9 will work with APIs that use version (== %u, >= %u); but the current APIs use version (%u, %u).

iexplore.exe_3800_rwx_6E8A1000_00001000:

IEShims.dll

GetProcAddressShim

AcrobatSetWindowsHook

SearchProtocolHost.exe_3136_rwx_00130000_00001000:

kernel32.dll

chrome.exe_2172_rwx_000F0000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_002D0000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_00310000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_00620000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_00750000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_00840000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_00880000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_008C0000_00001000:

kernel32.dll

msconfig.exe_5688:

`.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

####@####

kernel32.dll

VBoxService.exe

SbieDll.dll

dbghelp.dll

Software\Microsoft\Windows\CurrentVersion

55274-640-2673064-23950

76487-644-3177037-23510

76487-337-8429955-22614

\\.\Syser

\\.\SyserDbgMsg

\\.\SyserBoot

\\.\SICE

\\.\NTICE

ShellExecuteA

shell32.dll

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

GetWindowsDirectoryA

SOFTWARE\Microsoft\Windows\CurrentVersion

http\shell\open\command

\Internet Explorer\iexplore.exe

PSAPI.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Software\Microsoft\Windows\CurrentVersion\Run

Microsoft\Network\Connections\pbk\rasphone.pbk

rasapi32.dll

rnaph.dll

RAS Passwords |

uURLHistory

Password:

abe2869f-9b47-4cd9-a358-c22904dba7f7

Password

UnitPasswords

advapi32.dll

WindowsLive:name=*

xxxyyyzzz.dat

\Mozilla Firefox\

mozcrt19.dll

sqlite3.dll

nspr4.dll

plc4.dll

plds4.dll

nssutil3.dll

softokn3.dll

nss3.dll

PK11_GetInternalKeySlot

userenv.dll

\Mozilla\Firefox\

profiles.ini

\signons3.txt

\signons2.txt

\signons1.txt

\signons.txt

(unnamed password)

explorer.exe

_x_X_PASSWORDLIST_X_x_

NOIP.abc

MSN.abc

FIREFOX.abc

IELOGIN.abc

IEPASS.abc

IEAUTO.abc

IEWEB.abc

XX--XX--XX.txt

?456789:;<=

!"#$%&'()* ,-./0123

KWindows

KuURLHistory

IEpasswords

####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@####

####@#### ####@####

####@#### ####@#### ####@#### ####@####

T%XCC1

w}-cL}

XhDq.Tu

.Iu|$p

1dH0z.MNJ2

!id%9X%

kp.vK

.ClT(8

'.WH*

@.sp&

%XAWW

m.Pm=

pn.Kqz!

h%X:y

LH.dbL-.

%D=\ptu

*v.Cw

geV%FZq

%c)*L9

t`.Ju

uT.dCC7

TRÌU

TuÌU

ÌUZ

ÌU}

T_Ì

T%Ì

TB.CCU6

Te.CCU

T3.CCU

.CCUJ

.CCUm

TO.CC

Tr.CC

T8.CC

7o.TW

7o.Tq

T.CCC7d7

T.FCC8|

T.ICC

T.GCC

@T.HAC

TB.AC

TS.AC

T\.AC

Tm.AC

T~.AC

TX.AC{

T%S@CC

T%X@C

T.SCC79

|T.DCC1

D.TbGCC5

GetProcessHeap

RegOpenKeyExA

RegDeleteKeyA

RegCreateKeyExA

RegCreateKeyA

RegCloseKey

SetWindowsHookExA

GetKeyboardState

.idata

.rdata

P.reloc

P.rsrc

KERNEL32.DLL

crypt32.dll

ole32.dll

oleaut32.dll

pstorec.dll

user32.dll

SearchProtocolHost.exe_3136_rwx_01980000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_019C0000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01A00000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01A40000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01A80000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01AC0000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01B00000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01B40000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01B80000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01BC0000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01BF0000_00001000:

GetProcessHeap

SearchProtocolHost.exe_3136_rwx_01C00000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01C30000_00001000:

oleaut32.dll

SearchProtocolHost.exe_3136_rwx_01C70000_00001000:

oleaut32.dll

SearchProtocolHost.exe_3136_rwx_01CB0000_00001000:

oleaut32.dll

SearchProtocolHost.exe_3136_rwx_01D20000_00001000:

advapi32.dll

SearchProtocolHost.exe_3136_rwx_01D60000_00001000:

advapi32.dll

SearchProtocolHost.exe_3136_rwx_01D90000_00001000:

RegOpenKeyExA

SearchProtocolHost.exe_3136_rwx_01DA0000_00001000:

advapi32.dll

SearchProtocolHost.exe_3136_rwx_01DD0000_00001000:

RegCloseKey

SearchProtocolHost.exe_3136_rwx_01DE0000_00001000:

advapi32.dll

SearchProtocolHost.exe_3136_rwx_01E10000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01E90000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01ED0000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01F10000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01F50000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_01FD0000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_02010000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_02050000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_02090000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_020D0000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_02110000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_02150000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_02190000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_021D0000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_02210000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_02250000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_02290000_00001000:

kernel32.dll

SearchProtocolHost.exe_3136_rwx_022C0000_00001000:

ntdll.dll

SearchProtocolHost.exe_3136_rwx_02300000_00001000:

ntdll.dll

SearchProtocolHost.exe_3136_rwx_31A00000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

chrome.exe_2172_rwx_00130000_00001000:

kernel32.dll

chrome.exe_2172_rwx_00180000_00001000:

kernel32.dll

chrome.exe_2172_rwx_00390000_00001000:

kernel32.dll

chrome.exe_2172_rwx_009B0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_009F0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_00A30000_00001000:

kernel32.dll

chrome.exe_2172_rwx_00C70000_00001000:

kernel32.dll

chrome.exe_2172_rwx_00EB0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_00FF0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_01030000_00001000:

kernel32.dll

chrome.exe_2172_rwx_01070000_00001000:

kernel32.dll

chrome.exe_2172_rwx_010B0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_010F0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_01130000_00001000:

kernel32.dll

chrome.exe_2172_rwx_01170000_00001000:

kernel32.dll

chrome.exe_2172_rwx_011B0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_011F0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_01220000_00001000:

GetProcessHeap

chrome.exe_2172_rwx_01230000_00001000:

kernel32.dll

chrome.exe_2172_rwx_01260000_00001000:

oleaut32.dll

chrome.exe_2172_rwx_012A0000_00001000:

oleaut32.dll

chrome.exe_2172_rwx_012E0000_00001000:

oleaut32.dll

chrome.exe_2172_rwx_01310000_00001000:

advapi32.dll

chrome.exe_2172_rwx_013D9000_00001000:

ole32.dll

POWRPROF.dll

address family not supported

broken pipe

function not supported

inappropriate io control operation

not supported

operation canceled

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

KERNEL32.DLL

chrome.exe_2172_rwx_02040000_00001000:

advapi32.dll

chrome.exe_2172_rwx_02070000_00001000:

RegOpenKeyExA

chrome.exe_2172_rwx_02080000_00001000:

advapi32.dll

chrome.exe_2172_rwx_020B0000_00001000:

RegCloseKey

chrome.exe_2172_rwx_020C0000_00001000:

advapi32.dll

chrome.exe_2172_rwx_020F0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_02130000_00001000:

kernel32.dll

chrome.exe_2172_rwx_02370000_00001000:

kernel32.dll

chrome.exe_2172_rwx_023B0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_024F0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_02530000_00001000:

kernel32.dll

chrome.exe_2172_rwx_02570000_00001000:

kernel32.dll

chrome.exe_2172_rwx_025B0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_025F0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_02630000_00001000:

kernel32.dll

chrome.exe_2172_rwx_02670000_00001000:

kernel32.dll

chrome.exe_2172_rwx_026B0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_026F0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_02730000_00001000:

kernel32.dll

chrome.exe_2172_rwx_02770000_00001000:

kernel32.dll

chrome.exe_2172_rwx_027B0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_027F0000_00001000:

kernel32.dll

chrome.exe_2172_rwx_02820000_00001000:

ntdll.dll

chrome.exe_2172_rwx_02860000_00001000:

ntdll.dll

chrome.exe_2172_rwx_31A10000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

chrome.exe_2172_rwx_6ADB2000_00001000:

Microsoft\SystemCertificates

Microsoft\Windows\CurrentVersion\App Paths

Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes

Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers

Microsoft\Windows\CurrentVersion\Explorer\DriveIcons

Microsoft\Windows\CurrentVersion\Explorer\KindMap

Microsoft\Windows\CurrentVersion\Group Policy

Microsoft\Windows\CurrentVersion\Policies

Microsoft\Windows\CurrentVersion\PreviewHandlers

Microsoft\Windows\CurrentVersion\Setup

Microsoft\Windows\CurrentVersion\Telephony\Locations

Microsoft\Windows NT\CurrentVersion\Console

Microsoft\Windows NT\CurrentVersion\FontDpi

Microsoft\Windows NT\CurrentVersion\FontLink

Microsoft\Windows NT\CurrentVersion\FontMapper

Microsoft\Windows NT\CurrentVersion\Fonts

Microsoft\Windows NT\CurrentVersion\FontSubstitutes

Microsoft\Windows NT\CurrentVersion\Gre_Initialize

Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Microsoft\Windows NT\CurrentVersion\LanguagePack

Microsoft\Windows NT\CurrentVersion\NetworkCards

Microsoft\Windows NT\CurrentVersion\Perflib

Microsoft\Windows NT\CurrentVersion\Ports

Microsoft\Windows NT\CurrentVersion\Print

Microsoft\Windows NT\CurrentVersion\ProfileList

Microsoft\Windows NT\CurrentVersion\Time Zones

SearchFilterHost.exe_3104_rwx_00170000_00001000:

kernel32.dll

iexplore.exe_5680:

.text

`.data

.rsrc

@.reloc

>.uzf

.us;}

IEFRAME.dll

MLANG.dll

iertutil.dll

urlmon.dll

ole32.dll

SHELL32.dll

SHLWAPI.dll

msvcrt.dll

USER32.dll

KERNEL32.dll

ADVAPI32.dll

RegOpenKeyExW

RegCloseKey

GetWindowsDirectoryW

_amsg_exit

_wcmdln

UrlApplySchemeW

PathIsURLW

UrlCanonicalizeW

UrlCreateFromPathW

iexplore.pdb

KEYW

KEYWh

KEYWD

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

user32.dll

Kernel32.DLL

xfire.exe

wlmail.exe

winamp.exe

waol.exe

sidebar.exe

psocdesigner.exe

np.exe

netscape.exe

netcaptor.exe

neoplanet.exe

msn.exe

mshtmpad.exe

mshta.exe

loader42.exe

infopath.exe

iexplore.exe

iepreview.exe

groove.exe

explorer.exe

dreamweaver.exe

contribute.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

Kernel32.dll

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

{00000000-0000-0000-0000-000000000000}

\\?\Volume

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

Windows

9.00.8112.16421

SearchFilterHost.exe_3104_rwx_00400000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00560000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00730000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00770000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00830000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_008B0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00950000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00990000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00D60000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00DA0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00DE0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00E20000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00F60000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_00FE0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01020000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01060000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01160000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_011D0000_00001000:

GetProcessHeap

SearchFilterHost.exe_3104_rwx_011E0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01210000_00001000:

oleaut32.dll

SearchFilterHost.exe_3104_rwx_012D0000_00001000:

oleaut32.dll

SearchFilterHost.exe_3104_rwx_01350000_00001000:

oleaut32.dll

SearchFilterHost.exe_3104_rwx_01380000_00001000:

advapi32.dll

SearchFilterHost.exe_3104_rwx_01440000_00001000:

advapi32.dll

SearchFilterHost.exe_3104_rwx_014F0000_00001000:

RegOpenKeyExA

SearchFilterHost.exe_3104_rwx_01540000_00001000:

advapi32.dll

SearchFilterHost.exe_3104_rwx_015B0000_00001000:

RegCloseKey

SearchFilterHost.exe_3104_rwx_015C0000_00001000:

advapi32.dll

SearchFilterHost.exe_3104_rwx_015F0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01670000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_016F0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_017B0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01870000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_018B0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_018F0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01970000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_019B0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_019F0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01A70000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01AF0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01B70000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01C30000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01D30000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01DF0000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01E70000_00001000:

kernel32.dll

SearchFilterHost.exe_3104_rwx_01EA0000_00001000:

ntdll.dll

SearchFilterHost.exe_3104_rwx_01F20000_00001000:

ntdll.dll

SearchFilterHost.exe_3104_rwx_31A20000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

iexplore.exe_5680_rwx_01291000_00001000:

Microsoft.InternetExplorer.Default

user32.dll

iexplore.exe_5680_rwx_01836000_00001000:

1.6.0_18

jp2ssv.dll

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

HKEY_PERFORMANCE_DATA

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

%s\jp2iexp.dll

{5852F5ED-8BF4-11D4-A245-0080C6F74284}

jpishare.dll

NPOJI*.dll

NPJava*.dll

NPJPI*.dll

{8AD9C840-044E-11D1-B3E9-00805F499D93}

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

%s\ssvagent.exe

-ABCDEFFEDCBA}

%sd-d-d%s

-ABCDEFFEDCBB}

-ABCDEFFEDCBC}

%sd-d-FFFF%s

.._d

..

{E19F9331-3110-11D4-991C-005004D3B3DB}

SOFTWARE\Classes\CLSID\%s\InprocServer32

Mozilla

Mozilla Firefox

mozilla.org

%s00-d-d%s

1.3.0_02

.*

%s_

shell32.dll

iexplore.exe_5680_rwx_054D0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_05510000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_05550000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_05590000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_055D0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_06170000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_061B0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_062F0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_06330000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_06380000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_064C0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_06500000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_06640000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_06680000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_066C0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_06FB0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_06FF0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_07130000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_07160000_00001000:

GetProcessHeap

iexplore.exe_5680_rwx_07170000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_071A0000_00001000:

oleaut32.dll

iexplore.exe_5680_rwx_073E0000_00001000:

oleaut32.dll

iexplore.exe_5680_rwx_07520000_00001000:

oleaut32.dll

iexplore.exe_5680_rwx_07550000_00001000:

advapi32.dll

iexplore.exe_5680_rwx_079D0000_00001000:

advapi32.dll

iexplore.exe_5680_rwx_08170000_00001000:

RegOpenKeyExA

iexplore.exe_5680_rwx_08180000_00001000:

advapi32.dll

iexplore.exe_5680_rwx_081B0000_00001000:

RegCloseKey

iexplore.exe_5680_rwx_083C0000_00001000:

advapi32.dll

iexplore.exe_5680_rwx_085F0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_08730000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_08770000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_087B0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_08F00000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_09040000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_09580000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_095C0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_09600000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_09640000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_09680000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_097C0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_09800000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_09940000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_09980000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_09BC0000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_09C00000_00001000:

kernel32.dll

iexplore.exe_5680_rwx_09C30000_00001000:

ntdll.dll

iexplore.exe_5680_rwx_09C70000_00001000:

ntdll.dll

iexplore.exe_5680_rwx_31A30000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

iexplore.exe_5680_rwx_69331000_00001000:

[Jw.cRw

iexplore.exe_5680_rwx_6AE31000_00001000:

d3d10d.dll

id3d10ref.dll

d3d10core.dll

d3d10warp.dll

The application was compiled against and will only work with D3D10_SDK_VERSION (%d), but the currently installed runtime is version (%d).

#pragma ruledisable 0xx

#pragma warning (disable:%d)

#pragma warning (error:%d)

#pragma warning (once:%d)

#pragma def (%s, %s, %g, %g, %g, %g)

D3D10PreprocessShader

duplicate attribute %s

unknown attribute %s, or attribute invalid for this statement

internal error: argument missing context (A%u)

?internal error: operand type mismatch

invalid register specification, expected '%c' binding

user defined %s buffers cannot be target specific

Duplicated input semantics can't change type, size, or layout ('%s').

array dimension for %s must be %i

register or offset bind %s.%s not valid

Cannot map loop to shader target, target does not support breaks

Loop only executes for %d iteration(s), forcing loop to unroll

Unable to unroll loop, loop does not appear to terminate in a timely manner (%d iteratio

iexplore.exe_5680_rwx_6AF41000_00001000:

JSCRIPT9.dll

iexplore.exe_5680_rwx_6B101000_00001000:

kInvalid parameter passed to C runtime function.

iexplore.exe_5680_rwx_6D194000_00001000:

mscoree.dll

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

GetSystemWindowsDirectoryW

PGORT80.dll

MSCoree.dll

kernel32.dll

.mixcrt

KERNEL32.DLL

msvcrt.dll

__MSVCRT_HEAP_SELECT

ADVAPI32.DLL

GetProcessWindowStation

USER32.DLL

setnewh.cpp

Microsoft.VC80.CRT.manifest

msvcr80.dll

iexplore.exe_5680_rwx_6D1D1000_00001000:

'i' is only supported with debug builds.

*** %s%ls%sSource: `%ls:%ld`

vsStageData.Color = Diffuse;

vsStageData.UV = UV;

float2 inputUV = vsStageData.UV;

vsStageData.UV.x = inputUV.x*mat3x2TextureTransform0[0]   inputUV.y*mat3x2TextureTransform0[1]   mat3x2TextureTransform0[2];

vsStageData.UV.y = inputUV.x*mat3x2TextureTransform1[0]   inputUV.y*mat3x2TextureTransform1[1]   mat3x2TextureTransform1[2];

vsStageData.Color = Color;

BlendColor = vsStageData.Color;

Diffuse = vsStageData.Color;

uv = vsStageData.UV;

halfTexelSizeNormalized_and_vCoord = Data_halfTexelSizeNormalized_and_vCoord;

halfTexelSizeNormalized_and_vCoord_and_gradientSpanNormalized = Data_halfTexelSizeNormalized_and_vCoord_and_gradientSpanNormalized;

gradOrigin_and_firstTexelRegionCenter = Data_gradOrigin_and_firstTexelRegionCenter;

USERProcessHandleQuota

GDIProcessHandleQuota

kernel32.dll

Software\Microsoft\Avalon.Graphics

d:\win7sp1_gdr\windows\wgi\shared\util\utillib\debugbreak.cpp

iexplore.exe_5680_rwx_6D441000_00001000:

DmD3D10Level9 Error x: (%d@%d) %s

gdi32.dll

D3D9 DDI returned %s. Insulating d3d9 driver from further calls...

D3D9 DDI Failed - not reporting (via callback) and returning S_OK

D3D9 DDI Failed - not reporting (via callback) and returning E_FAIL

D3D9 DDI Failed - reporting to runtime (via callback), but ignoring result

D3D9 DDI Failed following a device removed. Reporting D3DDDIERR_DEVICEREMOVED to runtime and insulating d3d9 driver from further calls.

UMD DLL %S didn't export OpenAdapter

UMD DLL %S could not be loaded

D3DKMTReleaseKeyedMutex

D3DKMTAcquireKeyedMutex

D3DKMTDestroyKeyedMutex

D3DKMTOpenKeyedMutex

D3DKMTCreateKeyedMutex

10on9 version mismatch, refusing to load driver. 10on9 will work with APIs that use version (== %u, >= %u); but the current APIs use version (%u, %u).

iexplore.exe_5680_rwx_6E8A1000_00001000:

IEShims.dll

GetProcAddressShim

AcrobatSetWindowsHook

msconfig.exe_5688_rwx_000D0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_00210000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_00250000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_002A0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_002E0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_00400000_000B1000:

`.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

####@####

kernel32.dll

VBoxService.exe

SbieDll.dll

dbghelp.dll

Software\Microsoft\Windows\CurrentVersion

55274-640-2673064-23950

76487-644-3177037-23510

76487-337-8429955-22614

\\.\Syser

\\.\SyserDbgMsg

\\.\SyserBoot

\\.\SICE

\\.\NTICE

ShellExecuteA

shell32.dll

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

GetWindowsDirectoryA

SOFTWARE\Microsoft\Windows\CurrentVersion

http\shell\open\command

\Internet Explorer\iexplore.exe

PSAPI.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Software\Microsoft\Windows\CurrentVersion\Run

Microsoft\Network\Connections\pbk\rasphone.pbk

rasapi32.dll

rnaph.dll

RAS Passwords |

uURLHistory

Password:

abe2869f-9b47-4cd9-a358-c22904dba7f7

Password

UnitPasswords

advapi32.dll

WindowsLive:name=*

xxxyyyzzz.dat

\Mozilla Firefox\

mozcrt19.dll

sqlite3.dll

nspr4.dll

plc4.dll

plds4.dll

nssutil3.dll

softokn3.dll

nss3.dll

PK11_GetInternalKeySlot

userenv.dll

\Mozilla\Firefox\

profiles.ini

\signons3.txt

\signons2.txt

\signons1.txt

\signons.txt

(unnamed password)

explorer.exe

_x_X_PASSWORDLIST_X_x_

NOIP.abc

MSN.abc

FIREFOX.abc

IELOGIN.abc

IEPASS.abc

IEAUTO.abc

IEWEB.abc

XX--XX--XX.txt

?456789:;<=

!"#$%&'()* ,-./0123

KWindows

KuURLHistory

IEpasswords

####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@#### ####@####

####@#### ####@####

####@#### ####@#### ####@#### ####@####

T%XCC1

w}-cL}

XhDq.Tu

.Iu|$p

1dH0z.MNJ2

!id%9X%

kp.vK

.ClT(8

'.WH*

@.sp&

%XAWW

m.Pm=

pn.Kqz!

h%X:y

LH.dbL-.

%D=\ptu

*v.Cw

geV%FZq

%c)*L9

t`.Ju

uT.dCC7

TRÌU

TuÌU

ÌUZ

ÌU}

T_Ì

T%Ì

TB.CCU6

Te.CCU

T3.CCU

.CCUJ

.CCUm

TO.CC

Tr.CC

T8.CC

7o.TW

7o.Tq

T.CCC7d7

T.FCC8|

T.ICC

T.GCC

@T.HAC

TB.AC

TS.AC

T\.AC

Tm.AC

T~.AC

TX.AC{

T%S@CC

T%X@C

T.SCC79

|T.DCC1

D.TbGCC5

GetProcessHeap

RegOpenKeyExA

RegDeleteKeyA

RegCreateKeyExA

RegCreateKeyA

RegCloseKey

SetWindowsHookExA

GetKeyboardState

.idata

.rdata

P.reloc

P.rsrc

KERNEL32.DLL

crypt32.dll

ole32.dll

oleaut32.dll

pstorec.dll

user32.dll

msconfig.exe_5688_rwx_012C0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01300000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01340000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01380000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_013C0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01400000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01440000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01480000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_014C0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01500000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01540000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01580000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_015C0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_015F0000_00001000:

GetProcessHeap

msconfig.exe_5688_rwx_01600000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01630000_00001000:

oleaut32.dll

msconfig.exe_5688_rwx_01670000_00001000:

oleaut32.dll

msconfig.exe_5688_rwx_016B0000_00001000:

oleaut32.dll

msconfig.exe_5688_rwx_016E0000_00001000:

advapi32.dll

msconfig.exe_5688_rwx_01720000_00001000:

advapi32.dll

msconfig.exe_5688_rwx_01750000_00001000:

RegOpenKeyExA

msconfig.exe_5688_rwx_01760000_00001000:

advapi32.dll

msconfig.exe_5688_rwx_01790000_00001000:

RegCloseKey

msconfig.exe_5688_rwx_017A0000_00001000:

advapi32.dll

msconfig.exe_5688_rwx_017D0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01810000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01850000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01890000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_018D0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01910000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01950000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01990000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_019D0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01A10000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01A50000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01A90000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01AD0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01B10000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01B50000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01B90000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01BD0000_00001000:

kernel32.dll

msconfig.exe_5688_rwx_01C00000_00001000:

ntdll.dll

msconfig.exe_5688_rwx_01C40000_00001000:

ntdll.dll

msconfig.exe_5688_rwx_31A40000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

taskhost.exe_252_rwx_01110000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01200000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01280000_00001000:

kernel32.dll

taskhost.exe_252_rwx_012F0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01390000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01410000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01510000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01590000_00001000:

kernel32.dll

taskhost.exe_252_rwx_019A0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01EE0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01EF0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01F30000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01F70000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01FB0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_01FF0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02030000_00001000:

kernel32.dll

taskhost.exe_252_rwx_020B0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_020F0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02130000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02170000_00001000:

kernel32.dll

taskhost.exe_252_rwx_021B0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_021E0000_00001000:

GetProcessHeap

taskhost.exe_252_rwx_021F0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02220000_00001000:

oleaut32.dll

taskhost.exe_252_rwx_02260000_00001000:

oleaut32.dll

taskhost.exe_252_rwx_022A0000_00001000:

oleaut32.dll

taskhost.exe_252_rwx_022D0000_00001000:

advapi32.dll

taskhost.exe_252_rwx_02350000_00001000:

advapi32.dll

taskhost.exe_252_rwx_02380000_00001000:

RegOpenKeyExA

taskhost.exe_252_rwx_02390000_00001000:

advapi32.dll

taskhost.exe_252_rwx_023C0000_00001000:

RegCloseKey

taskhost.exe_252_rwx_023D0000_00001000:

advapi32.dll

taskhost.exe_252_rwx_02400000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02440000_00001000:

kernel32.dll

taskhost.exe_252_rwx_024C0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02500000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02540000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02580000_00001000:

kernel32.dll

taskhost.exe_252_rwx_025C0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02600000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02640000_00001000:

kernel32.dll

taskhost.exe_252_rwx_026C0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02700000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02740000_00001000:

kernel32.dll

taskhost.exe_252_rwx_027A0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_027E0000_00001000:

kernel32.dll

taskhost.exe_252_rwx_02810000_00001000:

ntdll.dll

taskhost.exe_252_rwx_02850000_00001000:

ntdll.dll

taskhost.exe_252_rwx_318B0000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

Explorer.EXE_284_rwx_00B10000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_02CD0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_039E0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_03A30000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_03AC0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_03BA0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_03C60000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_03CE0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04510000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04590000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04630000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04700000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04780000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_047C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04800000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_048D0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04950000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04990000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04A10000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04A50000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04B10000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04BD0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04C10000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04C50000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04C90000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04D10000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04D50000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04DD0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04E10000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04E50000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04E90000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04ED0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04F10000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04F50000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_04F90000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_05010000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_05050000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_05090000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_050D0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_05110000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_05150000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_05190000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_05210000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_074B0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_074F0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_07520000_00001000:

GetProcessHeap

Explorer.EXE_284_rwx_07530000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_08900000_00001000:

user32.dll

Explorer.EXE_284_rwx_08940000_00001000:

user32.dll

Explorer.EXE_284_rwx_08980000_00001000:

user32.dll

Explorer.EXE_284_rwx_089B0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_089F0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08A20000_00001000:

RegOpenKeyExA

Explorer.EXE_284_rwx_08A70000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08AA0000_00001000:

RegCloseKey

Explorer.EXE_284_rwx_08AB0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08AE0000_00001000:

oleaut32.dll

Explorer.EXE_284_rwx_08B60000_00001000:

oleaut32.dll

Explorer.EXE_284_rwx_08BA0000_00001000:

oleaut32.dll

Explorer.EXE_284_rwx_08BE0000_00001000:

oleaut32.dll

Explorer.EXE_284_rwx_08C10000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08C50000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08C90000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08CC0000_00001000:

RegOpenKeyExA

Explorer.EXE_284_rwx_08CD0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08D80000_00001000:

RegOpenKeyA

Explorer.EXE_284_rwx_08D90000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08DD0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08E00000_00001000:

RegEnumKeyExA

Explorer.EXE_284_rwx_08E10000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08E50000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08E80000_00001000:

RegDeleteKeyA

Explorer.EXE_284_rwx_08E90000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08EC0000_00001000:

RegCreateKeyA

Explorer.EXE_284_rwx_08ED0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08F00000_00001000:

RegCloseKey

Explorer.EXE_284_rwx_08F10000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08F50000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08F90000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_08FD0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_09010000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_09040000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_090C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09100000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09140000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09180000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_091B0000_00001000:

WinExec

Explorer.EXE_284_rwx_091C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09200000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09240000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09280000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_092C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09300000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09340000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09380000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_093C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09400000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09440000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09480000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_094C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09500000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09530000_00001000:

SetNamedPipeHandleState

Explorer.EXE_284_rwx_09540000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09580000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_095C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09600000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09640000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09680000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_096C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09700000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09740000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09780000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_097C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09800000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09840000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09880000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_098C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09900000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09940000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09980000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_099C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09A00000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09A40000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09A80000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09AC0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09B00000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09B40000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09B80000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09BC0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09C00000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09C40000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09C80000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09CC0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09D00000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09D30000_00001000:

GetProcessHeap

Explorer.EXE_284_rwx_09D40000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09D80000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09DC0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09E00000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09E40000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09E80000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09EC0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09F00000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09F40000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09F80000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_09FC0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A000000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A040000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A080000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A0C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A100000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A140000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A180000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A1C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A200000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A240000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A280000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A2C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A300000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A340000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A380000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A3C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A3F0000_00001000:

CreatePipe

Explorer.EXE_284_rwx_0A400000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A440000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A480000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A4C0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A500000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A540000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0A570000_00001000:

mpr.dll

Explorer.EXE_284_rwx_0A5F0000_00001000:

mpr.dll

Explorer.EXE_284_rwx_0A630000_00001000:

mpr.dll

Explorer.EXE_284_rwx_0A670000_00001000:

mpr.dll

Explorer.EXE_284_rwx_0A6A0000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A6E0000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A720000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A760000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A7A0000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A7E0000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A820000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A8A0000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A8E0000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A920000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A960000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A9A0000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0A9E0000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0AA20000_00001000:

gdi32.dll

Explorer.EXE_284_rwx_0AA50000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AA90000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AAD0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AB10000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AB40000_00001000:

keybd_event

Explorer.EXE_284_rwx_0AB50000_00001000:

user32.dll

Explorer.EXE_284_rwx_0ABD0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AC10000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AC50000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AC90000_00001000:

user32.dll

Explorer.EXE_284_rwx_0ACD0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AD10000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AD50000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AD90000_00001000:

user32.dll

Explorer.EXE_284_rwx_0ADD0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AE10000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AE50000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AE90000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AED0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AF10000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AF50000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AF90000_00001000:

user32.dll

Explorer.EXE_284_rwx_0AFD0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B010000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B050000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B090000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B0D0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B110000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B140000_00001000:

MapVirtualKeyA

Explorer.EXE_284_rwx_0B150000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B190000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B1D0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B210000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B250000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B290000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B2D0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B310000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B350000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B390000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B3D0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B410000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B450000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B490000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B4D0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B510000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B550000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B590000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B5C0000_00001000:

GetKeyboardState

Explorer.EXE_284_rwx_0B5D0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B600000_00001000:

GetKeyboardLayoutNameA

Explorer.EXE_284_rwx_0B610000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B640000_00001000:

GetKeyState

Explorer.EXE_284_rwx_0B650000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B690000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B6D0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B710000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B750000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B790000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B7D0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B810000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B840000_00001000:

GetAsyncKeyState

Explorer.EXE_284_rwx_0B850000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B890000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B8D0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B910000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B940000_00001000:

ExitWindowsEx

Explorer.EXE_284_rwx_0B950000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B980000_00001000:

EnumWindows

Explorer.EXE_284_rwx_0B990000_00001000:

user32.dll

Explorer.EXE_284_rwx_0B9D0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0BA10000_00001000:

user32.dll

Explorer.EXE_284_rwx_0BA50000_00001000:

user32.dll

Explorer.EXE_284_rwx_0BA90000_00001000:

user32.dll

Explorer.EXE_284_rwx_0BAD0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0BB10000_00001000:

user32.dll

Explorer.EXE_284_rwx_0BB50000_00001000:

user32.dll

Explorer.EXE_284_rwx_0BB90000_00001000:

user32.dll

Explorer.EXE_284_rwx_0BBD0000_00001000:

user32.dll

Explorer.EXE_284_rwx_0BC10000_00001000:

user32.dll

Explorer.EXE_284_rwx_0BC50000_00001000:

user32.dll

Explorer.EXE_284_rwx_0BC80000_00001000:

ntdll.dll

Explorer.EXE_284_rwx_0BCC0000_00001000:

ntdll.dll

Explorer.EXE_284_rwx_0BD00000_00001000:

ntdll.dll

Explorer.EXE_284_rwx_0BD30000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0BD70000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0BDA0000_00001000:

wininet.dll

Explorer.EXE_284_rwx_0BE20000_00001000:

wininet.dll

Explorer.EXE_284_rwx_0BEE0000_00001000:

wininet.dll

Explorer.EXE_284_rwx_0BF20000_00001000:

wininet.dll

Explorer.EXE_284_rwx_0BF50000_00001000:

wininet.dll

Explorer.EXE_284_rwx_0BF80000_00001000:

FtpGetFileSize

Explorer.EXE_284_rwx_0BF90000_00001000:

wininet.dll

Explorer.EXE_284_rwx_0BFC0000_00001000:

FtpSetCurrentDirectoryA

Explorer.EXE_284_rwx_0BFD0000_00001000:

wininet.dll

Explorer.EXE_284_rwx_0C000000_00001000:

FtpOpenFileA

Explorer.EXE_284_rwx_0C010000_00001000:

wininet.dll

Explorer.EXE_284_rwx_0C040000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C080000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C0C0000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C100000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C140000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C1C0000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C200000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C240000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C280000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C2C0000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C300000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C340000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C380000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C3C0000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C400000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C440000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C480000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C4C0000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C500000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C540000_00001000:

wsock32.dll

Explorer.EXE_284_rwx_0C570000_00001000:

ole32.dll

Explorer.EXE_284_rwx_0C5B0000_00001000:

ole32.dll

Explorer.EXE_284_rwx_0C5F0000_00001000:

ole32.dll

Explorer.EXE_284_rwx_0C620000_00001000:

ole32.dll

Explorer.EXE_284_rwx_0C660000_00001000:

ole32.dll

Explorer.EXE_284_rwx_0C6E0000_00001000:

ole32.dll

Explorer.EXE_284_rwx_0C720000_00001000:

ole32.dll

Explorer.EXE_284_rwx_0C750000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0C7D0000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0C810000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0C850000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0C8D0000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0C910000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0C950000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0C990000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0C9D0000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0CA10000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0CA50000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0CA90000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0CAD0000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0CB10000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0CB50000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0CB80000_00001000:

GdiplusShutdown

Explorer.EXE_284_rwx_0CB90000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0CBD0000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0CC10000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0CC50000_00001000:

gdiplus.dll

Explorer.EXE_284_rwx_0CC80000_00001000:

AVICAP32.DLL

Explorer.EXE_284_rwx_0CCC0000_00001000:

AVICAP32.DLL

Explorer.EXE_284_rwx_0CD10000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0CD50000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0CD90000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0CDD0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0CE10000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0CE90000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0CED0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0CF10000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0CF90000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0CFD0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0D000000_00001000:

shell32.dll

Explorer.EXE_284_rwx_0D040000_00001000:

shell32.dll

Explorer.EXE_284_rwx_0D080000_00001000:

shell32.dll

Explorer.EXE_284_rwx_0D0B0000_00001000:

winmm.dll

Explorer.EXE_284_rwx_0D0F0000_00001000:

winmm.dll

Explorer.EXE_284_rwx_0D130000_00001000:

winmm.dll

Explorer.EXE_284_rwx_0D1B0000_00001000:

winmm.dll

Explorer.EXE_284_rwx_0D1F0000_00001000:

winmm.dll

Explorer.EXE_284_rwx_0D270000_00001000:

winmm.dll

Explorer.EXE_284_rwx_0D2B0000_00001000:

winmm.dll

Explorer.EXE_284_rwx_0D2F0000_00001000:

winmm.dll

Explorer.EXE_284_rwx_0D330000_00001000:

winmm.dll

Explorer.EXE_284_rwx_0D360000_00001000:

powrprof.dll

Explorer.EXE_284_rwx_0D3A0000_00001000:

powrprof.dll

Explorer.EXE_284_rwx_0D3D0000_00001000:

msacm32.dll

Explorer.EXE_284_rwx_0D450000_00001000:

msacm32.dll

Explorer.EXE_284_rwx_0D4D0000_00001000:

msacm32.dll

Explorer.EXE_284_rwx_0D510000_00001000:

msacm32.dll

Explorer.EXE_284_rwx_0D550000_00001000:

msacm32.dll

Explorer.EXE_284_rwx_0D590000_00001000:

msacm32.dll

Explorer.EXE_284_rwx_0D5D0000_00001000:

msacm32.dll

Explorer.EXE_284_rwx_0D610000_00001000:

msacm32.dll

Explorer.EXE_284_rwx_0D640000_00001000:

ADVAPI32.DLL

Explorer.EXE_284_rwx_0D680000_00001000:

ADVAPI32.DLL

Explorer.EXE_284_rwx_0D6C0000_00001000:

ADVAPI32.DLL

Explorer.EXE_284_rwx_0D700000_00001000:

ADVAPI32.DLL

Explorer.EXE_284_rwx_0D880000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0D9A0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DA20000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DA70000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DAB0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DB90000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DBD0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DC10000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DC50000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DCD0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DD10000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DD50000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DD90000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DDD0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DE10000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DE50000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DE90000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DEC0000_00001000:

GetProcessHeap

Explorer.EXE_284_rwx_0DED0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0DF00000_00001000:

oleaut32.dll

Explorer.EXE_284_rwx_0DF40000_00001000:

oleaut32.dll

Explorer.EXE_284_rwx_0DF80000_00001000:

oleaut32.dll

Explorer.EXE_284_rwx_0DFB0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0DFF0000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0E020000_00001000:

RegOpenKeyExA

Explorer.EXE_284_rwx_0E030000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0E060000_00001000:

RegCloseKey

Explorer.EXE_284_rwx_0E070000_00001000:

advapi32.dll

Explorer.EXE_284_rwx_0E0A0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E0E0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E160000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E1E0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E260000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E2A0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E2E0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E320000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E360000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E3A0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E3E0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E420000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E460000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E4A0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E4E0000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E520000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E560000_00001000:

kernel32.dll

Explorer.EXE_284_rwx_0E590000_00001000:

ntdll.dll

Explorer.EXE_284_rwx_0E5D0000_00001000:

ntdll.dll

Explorer.EXE_284_rwx_10410000_0005C000:

.idata

.reloc

P.rsrc

kernel32.dll

Portions Copyright (c) 1999,2003 Avenger by NhT

SHFileOperationA

shell32.dll

URLDownloadToFileA

urlmon.dll

ShellExecuteA

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

GetWindowsDirectoryA

SOFTWARE\Microsoft\Windows\CurrentVersion

http\shell\open\command

\Internet Explorer\iexplore.exe

####@####

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

Portugal

Turkey

Windows 3.1

Windows 95 (Release 2)

Windows 95

Windows 98 SE

Windows 98

Windows ME

Windows 7

Windows Vista

%s %s

Windows XP Professional x64

Windows XP Home

Windows XP Professional

Windows 2000 Professional

Windows NT %d.%d

Windows 2008

%s %s Server

Windows 2003 Server Datacenter

Windows 2003 Server Enterprise

Windows 2003 Server Web Edition

Windows 2003 Server

Windows Home Server

Windows 2003 Server (Release 2)

Windows 2000 Server Datacenter

Windows 2000 Server Enterprise

Windows 2000 Server Web Edition

Windows 2000 Server

Windows NT 4.0 Server Datacenter

Windows NT 4.0 Server Enterprise

Windows NT 4.0 Server Web Edition

Windows NT 4.0 Server

Unknown Platform ID (%d)

%d.%d

%s (Build: %d

- Service Pack: %s

KERNEL32.DLL

teste.vbs

teste.txt

Set objSecurityCenter = GetObject("winmgmts:\\.\root\SecurityCenter")

Set colFirewall = objSecurityCenter.ExecQuery("Select * From FirewallProduct",,48)

Set colAntiVirus = objSecurityCenter.ExecQuery("Select * From AntiVirusProduct",,48)

Set objFileSystem = CreateObject("Scripting.fileSystemObject")

Set objFile = objFileSystem.CreateTextFile("

Info = Info & "F" & CountFw & ") " & objFirewall.displayName & " v" & objFirewall.versionNumber & Enter

Info = Info & "A" & CountAV & ") " & objAntiVirus.displayName & " v" & objAntiVirus.versionNumber & Enter

objFile.WriteLine(Info)

objFile.Close

cscript.exe

AVICAP32.dll

tFtpAccess

BuildImportTable: can't load library:

BuildImportTable: ReallocMemory failed

BuildImportTable: GetProcAddress failed

BTMemoryLoadLibary: BuildImportTable failed

BTMemoryGetProcAddress: no export table found

BTMemoryGetProcAddress: DLL doesn't export anything

BTMemoryGetProcAddress: exported symbol not found

SetupApi.dll

SetupDiOpenClassRegKey

SetupDiOpenClassRegKeyExA

SetupDiOpenClassRegKeyExW

SetupDiCreateDeviceInterfaceRegKeyA

SetupDiCreateDeviceInterfaceRegKeyW

SetupDiOpenDeviceInterfaceRegKey

SetupDiDeleteDeviceInterfaceRegKey

SetupDiCreateDevRegKeyA

SetupDiCreateDevRegKeyW

SetupDiOpenDevRegKey

SetupDiDeleteDevRegKey

CM_DEVCAP_LOCKSUPPORTED

CM_DEVCAP_EJECTSUPPORTED

PDCAP_D0_SUPPORTED

PDCAP_D1_SUPPORTED

PDCAP_D2_SUPPORTED

PDCAP_D3_SUPPORTED

PDCAP_WAKE_FROM_D0_SUPPORTED

PDCAP_WAKE_FROM_D1_SUPPORTED

PDCAP_WAKE_FROM_D2_SUPPORTED

PDCAP_WAKE_FROM_D3_SUPPORTED

PDCAP_WARM_EJECT_SUPPORTED

HKEY_CLASSES_ROOT

HKEY_CURRENT_CONFIG

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

127.0.0.1

iphlpapi.dll

AllocateAndGetTcpExTableFromStack

AllocateAndGetUdpExTableFromStack

SetTcpEntry

GetExtendedTcpTable

GetExtendedUdpTable

Mozilla3_5Password

GetChromePass

StartHttpProxy

1.2.3

XxX.xXx

UuU.uUu

keyboardkey

webcaminactive

webcamgetbuffer

webcam

enviarexecnormal

enviarexechidden

openweb

downexec

sendftp

keylogger

keyloggergetlog

keyloggereraselog

keyloggerativar

keyloggerdesativar

renamekey

windowsfechar

windowsmax

windowsmin

windowsmostrar

windowsocultar

windowsmintodas

windowscaption

listarportas

listarportasdns

finalizarprocessoportas

webcamsettings

chatmsg

getpassword

updateservidorweb

keyloggersearch

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

PSAPI.dll

\config\SteamAppData.vdf

AutoLoginUser

/ClientRegistry.Blob

\ClientRegistry.blob

\steam.dll

%SYS%

ÞSKTOP%

TThreadSearch`%D

FirstExecution

chatmsg|

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

listarjanelas|windowsfechar|

listarjanelas|windowsmax|

listarjanelas|windowsmin|

listarjanelas|windowsmostrar|

listarjanelas|windowsocultar|

listarjanelas|windowsmintodas|

listarjanelas|windowscaption|

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

listarportas|listadeportaspronta|

listarportas|finalizarconexao|

listarportas|finalizarprocessoportas|Y|

listarportas|finalizarprocessoportas|N|

registro|renamekey|

keylogger|keylogger|keyloggerativar|

keylogger|keylogger|keyloggerdesativar|

keylogger|keyloggergetlog|

keylogger|keylogger|keyloggervazio|

keyloggersearchok|

webcam|webcaminactive|

webcam|webcamactive|

_x_X_PASSWORDLIST_X_x_

NOIP.abc

MSN.abc

FIREFOX.abc

IELOGIN.abc

IEPASS.abc

IEAUTO.abc

IEWEB.abc

SOFTWARE\Mozilla\Mozilla Firefox

getfirefox

getielogin

getiepass

getieweb

getchrome

getpassword|getpasswordlist|

getpassword|getpassworderror|

##@@## ##@@## ##@@##

Windows\CurrentVersion\Uninstall\eDonkey2000

UNWISE.EXE

ntdll.dll

icon=shell32.dll,4

shellexecute=

autorun.inf

XX--XX--XX.txt

logs.dat

SQLite3.dll

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

GetProcessHeap

user32.dll

advapi32.dll

RegOpenKeyExA

RegCloseKey

oleaut32.dll

RegOpenKeyA

RegEnumKeyExA

RegDeleteKeyA

RegCreateKeyA

WinExec

SetNamedPipeHandleState

CreatePipe

mpr.dll

gdi32.dll

keybd_event

MapVirtualKeyA

GetKeyboardState

GetKeyboardLayoutNameA

GetKeyState

GetAsyncKeyState

ExitWindowsEx

EnumWindows

wininet.dll

FtpGetFileSize

FtpSetCurrentDirectoryA

FtpOpenFileA

wsock32.dll

ole32.dll

gdiplus.dll

GdiplusShutdown

AVICAP32.DLL

winmm.dll

powrprof.dll

msacm32.dll

ADVAPI32.DLL

7-727:7?7

4.4 5=5`5|5 6

> >$>(>,>

>'>3><>]>}>

040=0^0~0

2 2/2]2}2

:$:6:^:~:

; ;%;-;5;

KWindows

UnitExecutarComandos

uftp

UrlMon

.UnitBytesSize

UnitListarPortasAtivas

UnitWebcam

UnitKeylogger

Explorer.EXE_284_rwx_318D0000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

Explorer.EXE_284_rwx_6AAB1000_00001000:

P.txm.t

/t-O.tGI1t

.t,Q.tE

;.tS@.t

WERCONCPL.dll

Explorer.EXE_284_rwx_6ADE1000_00001000:

Microsoft\Windows\WerCplSupport

Explorer.EXE_284_rwx_6D011000_00001000:

dRegDeleteKeyW

RegDeleteKeyExW

mscoree.dll

Invalid parameter passed to C runtime functi

Software\Policies\Microsoft\Windows\Network Connections

advapi32.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

hXXp://VVV.microsoft.com/AvailableNetwork/Info

Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class.

@%s,-%d

xmlns:an='hXXp://VVV.microsoft.com/AvailableNetwork/Info'

support

::{7007acc7-3202-11d1-aad2-00805fc1270e}

shell:::{21ec2020-3aea-1069-a2dd-08002b30309d}

ekernel32.dll

kernelbase.dll

KERNEL32.DLL

KERNELBASE.DLL

Explorer.EXE_284_rwx_6E661000_00001000:

FXSAPI.dll

FaxEnumPortsA

FaxEnumPortsExA

FaxEnumPortsExW

FaxEnumPortsW

Explorer.EXE_284_rwx_6E781000_00001000:

Software\Microsoft\Windows NT\CurrentVersion\

6wow32.dll

Explorer.EXE_284_rwx_6E7B1000_00001000:

.trp.t

.t%w.trp.t

@.tL~.trB.tJ,1t3

.tl2/t7

.t*4.txm.t

/tu4.tl

.tQY/t

Explorer.EXE_284_rwx_6E881000_00001000:

%d, %ld, %ld, %ld, %d, %d

%s %s - -:d:d M

CreateIoCompletionPort

u:u:u:lu

avicap32.pdb

Version: %d.%d.%d.%d

C:\CAPTURE.AVI

open %s shareable alias mciframes

wow32.dll

Explorer.EXE_284_rwx_6F451000_00001000:

tiptsf.dll

Explorer.EXE_284_rwx_6F7D1000_00001000:

gameux.dll

csrss.exe_316_rwx_014F0000_00001000:

kernel32.dll

csrss.exe_316_rwx_01770000_00001000:

kernel32.dll

csrss.exe_316_rwx_017F0000_00001000:

kernel32.dll

csrss.exe_316_rwx_01830000_00001000:

kernel32.dll

csrss.exe_316_rwx_01870000_00001000:

kernel32.dll

csrss.exe_316_rwx_018B0000_00001000:

kernel32.dll

csrss.exe_316_rwx_018F0000_00001000:

kernel32.dll

csrss.exe_316_rwx_01930000_00001000:

kernel32.dll

csrss.exe_316_rwx_01970000_00001000:

kernel32.dll

csrss.exe_316_rwx_019B0000_00001000:

kernel32.dll

csrss.exe_316_rwx_019F0000_00001000:

kernel32.dll

csrss.exe_316_rwx_01A30000_00001000:

kernel32.dll

csrss.exe_316_rwx_01A70000_00001000:

kernel32.dll

csrss.exe_316_rwx_01AB0000_00001000:

kernel32.dll

csrss.exe_316_rwx_01AF0000_00001000:

kernel32.dll

csrss.exe_316_rwx_01B30000_00001000:

kernel32.dll

csrss.exe_316_rwx_01B70000_00001000:

kernel32.dll

csrss.exe_316_rwx_01BB0000_00001000:

kernel32.dll

csrss.exe_316_rwx_01BE0000_00001000:

GetProcessHeap

csrss.exe_316_rwx_01BF0000_00001000:

kernel32.dll

csrss.exe_316_rwx_01C20000_00001000:

oleaut32.dll

csrss.exe_316_rwx_01C60000_00001000:

oleaut32.dll

csrss.exe_316_rwx_01CA0000_00001000:

oleaut32.dll

csrss.exe_316_rwx_01CD0000_00001000:

advapi32.dll

csrss.exe_316_rwx_01D10000_00001000:

advapi32.dll

csrss.exe_316_rwx_01D40000_00001000:

RegOpenKeyExA

csrss.exe_316_rwx_01D50000_00001000:

advapi32.dll

csrss.exe_316_rwx_01D80000_00001000:

RegCloseKey

csrss.exe_316_rwx_01D90000_00001000:

advapi32.dll

csrss.exe_316_rwx_01DC0000_00001000:

kernel32.dll

csrss.exe_316_rwx_01E00000_00001000:

kernel32.dll

csrss.exe_316_rwx_01E40000_00001000:

kernel32.dll

csrss.exe_316_rwx_01E80000_00001000:

kernel32.dll

csrss.exe_316_rwx_01EC0000_00001000:

kernel32.dll

csrss.exe_316_rwx_01F00000_00001000:

kernel32.dll

csrss.exe_316_rwx_01F40000_00001000:

kernel32.dll

csrss.exe_316_rwx_01F80000_00001000:

kernel32.dll

csrss.exe_316_rwx_01FC0000_00001000:

kernel32.dll

csrss.exe_316_rwx_02000000_00001000:

kernel32.dll

csrss.exe_316_rwx_02040000_00001000:

kernel32.dll

csrss.exe_316_rwx_02080000_00001000:

kernel32.dll

csrss.exe_316_rwx_020C0000_00001000:

kernel32.dll

csrss.exe_316_rwx_02100000_00001000:

kernel32.dll

csrss.exe_316_rwx_02140000_00001000:

kernel32.dll

csrss.exe_316_rwx_02180000_00001000:

kernel32.dll

csrss.exe_316_rwx_021C0000_00001000:

kernel32.dll

csrss.exe_316_rwx_021F0000_00001000:

ntdll.dll

csrss.exe_316_rwx_02230000_00001000:

ntdll.dll

csrss.exe_316_rwx_31780000_00009000:

.idata

.reloc

P.rsrc

%x`x1

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

wininit.exe_356_rwx_00120000_00001000:

kernel32.dll

wininit.exe_356_rwx_004C0000_00001000:

kernel32.dll

wininit.exe_356_rwx_00540000_00001000:

kernel32.dll

wininit.exe_356_rwx_00600000_00001000:

kernel32.dll

wininit.exe_356_rwx_00640000_00001000:

kernel32.dll

wininit.exe_356_rwx_00680000_00001000:

kernel32.dll

wininit.exe_356_rwx_01300000_00001000:

kernel32.dll

wininit.exe_356_rwx_01340000_00001000:

kernel32.dll

wininit.exe_356_rwx_01380000_00001000:

kernel32.dll

wininit.exe_356_rwx_013C0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01400000_00001000:

kernel32.dll

wininit.exe_356_rwx_01750000_00001000:

kernel32.dll

wininit.exe_356_rwx_01790000_00001000:

kernel32.dll

wininit.exe_356_rwx_017D0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01810000_00001000:

kernel32.dll

wininit.exe_356_rwx_01850000_00001000:

kernel32.dll

wininit.exe_356_rwx_01890000_00001000:

kernel32.dll

wininit.exe_356_rwx_018D0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01900000_00001000:

GetProcessHeap

wininit.exe_356_rwx_01910000_00001000:

kernel32.dll

wininit.exe_356_rwx_01940000_00001000:

oleaut32.dll

wininit.exe_356_rwx_01980000_00001000:

oleaut32.dll

wininit.exe_356_rwx_019C0000_00001000:

oleaut32.dll

wininit.exe_356_rwx_019F0000_00001000:

advapi32.dll

wininit.exe_356_rwx_01A30000_00001000:

advapi32.dll

wininit.exe_356_rwx_01A60000_00001000:

RegOpenKeyExA

wininit.exe_356_rwx_01A70000_00001000:

advapi32.dll

wininit.exe_356_rwx_01AA0000_00001000:

RegCloseKey

wininit.exe_356_rwx_01AB0000_00001000:

advapi32.dll

wininit.exe_356_rwx_01AE0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01B20000_00001000:

kernel32.dll

wininit.exe_356_rwx_01B60000_00001000:

kernel32.dll

wininit.exe_356_rwx_01BA0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01BE0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01C20000_00001000:

kernel32.dll

wininit.exe_356_rwx_01C60000_00001000:

kernel32.dll

wininit.exe_356_rwx_01CA0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01CE0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01D20000_00001000:

kernel32.dll

wininit.exe_356_rwx_01D60000_00001000:

kernel32.dll

wininit.exe_356_rwx_01DA0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01DE0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01E20000_00001000:

kernel32.dll

wininit.exe_356_rwx_01E60000_00001000:

kernel32.dll

wininit.exe_356_rwx_01EA0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01EE0000_00001000:

kernel32.dll

wininit.exe_356_rwx_01F10000_00001000:

ntdll.dll

wininit.exe_356_rwx_01F50000_00001000:

ntdll.dll

wininit.exe_356_rwx_31790000_00009000:

.idata

.reloc

P.rsrc

%x`y1

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

csrss.exe_368_rwx_02020000_00001000:

kernel32.dll

csrss.exe_368_rwx_02190000_00001000:

kernel32.dll

csrss.exe_368_rwx_021D0000_00001000:

kernel32.dll

csrss.exe_368_rwx_02210000_00001000:

kernel32.dll

csrss.exe_368_rwx_02290000_00001000:

kernel32.dll

csrss.exe_368_rwx_022D0000_00001000:

kernel32.dll

csrss.exe_368_rwx_02310000_00001000:

kernel32.dll

csrss.exe_368_rwx_02350000_00001000:

kernel32.dll

csrss.exe_368_rwx_02390000_00001000:

kernel32.dll

csrss.exe_368_rwx_023D0000_00001000:

kernel32.dll

csrss.exe_368_rwx_02410000_00001000:

kernel32.dll

csrss.exe_368_rwx_02450000_00001000:

kernel32.dll

csrss.exe_368_rwx_02490000_00001000:

kernel32.dll

csrss.exe_368_rwx_024D0000_00001000:

kernel32.dll

csrss.exe_368_rwx_02510000_00001000:

kernel32.dll

csrss.exe_368_rwx_02550000_00001000:

kernel32.dll

csrss.exe_368_rwx_02590000_00001000:

kernel32.dll

csrss.exe_368_rwx_025D0000_00001000:

kernel32.dll

csrss.exe_368_rwx_02600000_00001000:

GetProcessHeap

csrss.exe_368_rwx_02610000_00001000:

kernel32.dll

csrss.exe_368_rwx_02640000_00001000:

oleaut32.dll

csrss.exe_368_rwx_02680000_00001000:

oleaut32.dll

csrss.exe_368_rwx_02700000_00001000:

oleaut32.dll

csrss.exe_368_rwx_02730000_00001000:

advapi32.dll

csrss.exe_368_rwx_02770000_00001000:

advapi32.dll

csrss.exe_368_rwx_027A0000_00001000:

RegOpenKeyExA

csrss.exe_368_rwx_027B0000_00001000:

advapi32.dll

csrss.exe_368_rwx_027E0000_00001000:

RegCloseKey

csrss.exe_368_rwx_027F0000_00001000:

advapi32.dll

csrss.exe_368_rwx_02820000_00001000:

kernel32.dll

csrss.exe_368_rwx_02860000_00001000:

kernel32.dll

csrss.exe_368_rwx_06370000_00001000:

kernel32.dll

csrss.exe_368_rwx_063B0000_00001000:

kernel32.dll

csrss.exe_368_rwx_06430000_00001000:

kernel32.dll

csrss.exe_368_rwx_064B0000_00001000:

kernel32.dll

csrss.exe_368_rwx_064F0000_00001000:

kernel32.dll

csrss.exe_368_rwx_06530000_00001000:

kernel32.dll

csrss.exe_368_rwx_06570000_00001000:

kernel32.dll

csrss.exe_368_rwx_065F0000_00001000:

kernel32.dll

csrss.exe_368_rwx_06630000_00001000:

kernel32.dll

csrss.exe_368_rwx_06FE0000_00001000:

kernel32.dll

csrss.exe_368_rwx_07020000_00001000:

kernel32.dll

csrss.exe_368_rwx_07060000_00001000:

kernel32.dll

csrss.exe_368_rwx_070A0000_00001000:

kernel32.dll

csrss.exe_368_rwx_070E0000_00001000:

kernel32.dll

csrss.exe_368_rwx_07120000_00001000:

kernel32.dll

csrss.exe_368_rwx_07150000_00001000:

ntdll.dll

csrss.exe_368_rwx_07190000_00001000:

ntdll.dll

csrss.exe_368_rwx_317A0000_00009000:

.idata

.reloc

P.rsrc

%x`z1

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

winlogon.exe_416_rwx_000C0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_00300000_00001000:

kernel32.dll

winlogon.exe_416_rwx_005A0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_005E0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_006A0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_00760000_00001000:

kernel32.dll

winlogon.exe_416_rwx_007A0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_008A0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_009A0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_009E0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_00A20000_00001000:

kernel32.dll

winlogon.exe_416_rwx_00A60000_00001000:

kernel32.dll

winlogon.exe_416_rwx_00BE0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_00C20000_00001000:

kernel32.dll

winlogon.exe_416_rwx_01B70000_00001000:

kernel32.dll

winlogon.exe_416_rwx_01BB0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_01BF0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_01C30000_00001000:

kernel32.dll

winlogon.exe_416_rwx_01CA0000_00001000:

GetProcessHeap

winlogon.exe_416_rwx_01CB0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_01CE0000_00001000:

oleaut32.dll

winlogon.exe_416_rwx_01D20000_00001000:

oleaut32.dll

winlogon.exe_416_rwx_01D60000_00001000:

oleaut32.dll

winlogon.exe_416_rwx_01D90000_00001000:

advapi32.dll

winlogon.exe_416_rwx_01DD0000_00001000:

advapi32.dll

winlogon.exe_416_rwx_01E80000_00001000:

RegOpenKeyExA

winlogon.exe_416_rwx_01E90000_00001000:

advapi32.dll

winlogon.exe_416_rwx_01EC0000_00001000:

RegCloseKey

winlogon.exe_416_rwx_01ED0000_00001000:

advapi32.dll

winlogon.exe_416_rwx_01F00000_00001000:

kernel32.dll

winlogon.exe_416_rwx_01F40000_00001000:

kernel32.dll

winlogon.exe_416_rwx_01F80000_00001000:

kernel32.dll

winlogon.exe_416_rwx_01FC0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_02000000_00001000:

kernel32.dll

winlogon.exe_416_rwx_02040000_00001000:

kernel32.dll

winlogon.exe_416_rwx_02080000_00001000:

kernel32.dll

winlogon.exe_416_rwx_020C0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_02140000_00001000:

kernel32.dll

winlogon.exe_416_rwx_02180000_00001000:

kernel32.dll

winlogon.exe_416_rwx_021C0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_02200000_00001000:

kernel32.dll

winlogon.exe_416_rwx_02240000_00001000:

kernel32.dll

winlogon.exe_416_rwx_02280000_00001000:

kernel32.dll

winlogon.exe_416_rwx_022C0000_00001000:

kernel32.dll

winlogon.exe_416_rwx_02300000_00001000:

kernel32.dll

winlogon.exe_416_rwx_02340000_00001000:

kernel32.dll

winlogon.exe_416_rwx_02370000_00001000:

ntdll.dll

winlogon.exe_416_rwx_023B0000_00001000:

ntdll.dll

winlogon.exe_416_rwx_317B0000_00009000:

.idata

.reloc

P.rsrc

%x`{1

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

services.exe_460_rwx_001D0000_00001000:

kernel32.dll

services.exe_460_rwx_003A0000_00001000:

kernel32.dll

services.exe_460_rwx_005C0000_00001000:

kernel32.dll

services.exe_460_rwx_00710000_00001000:

kernel32.dll

services.exe_460_rwx_007D0000_00001000:

kernel32.dll

services.exe_460_rwx_00850000_00001000:

kernel32.dll

services.exe_460_rwx_00990000_00001000:

kernel32.dll

services.exe_460_rwx_00A10000_00001000:

kernel32.dll

services.exe_460_rwx_00AD0000_00001000:

kernel32.dll

services.exe_460_rwx_01660000_00001000:

kernel32.dll

services.exe_460_rwx_016E0000_00001000:

kernel32.dll

services.exe_460_rwx_01A60000_00001000:

kernel32.dll

services.exe_460_rwx_01AE0000_00001000:

kernel32.dll

services.exe_460_rwx_01B60000_00001000:

kernel32.dll

services.exe_460_rwx_01BE0000_00001000:

kernel32.dll

services.exe_460_rwx_01C60000_00001000:

kernel32.dll

services.exe_460_rwx_01DA0000_00001000:

kernel32.dll

services.exe_460_rwx_01DE0000_00001000:

kernel32.dll

services.exe_460_rwx_01E50000_00001000:

GetProcessHeap

services.exe_460_rwx_01E60000_00001000:

kernel32.dll

services.exe_460_rwx_01ED0000_00001000:

oleaut32.dll

services.exe_460_rwx_01F10000_00001000:

oleaut32.dll

services.exe_460_rwx_01F90000_00001000:

oleaut32.dll

services.exe_460_rwx_02000000_00001000:

advapi32.dll

services.exe_460_rwx_02040000_00001000:

advapi32.dll

services.exe_460_rwx_02070000_00001000:

RegOpenKeyExA

services.exe_460_rwx_02080000_00001000:

advapi32.dll

services.exe_460_rwx_020B0000_00001000:

RegCloseKey

services.exe_460_rwx_020C0000_00001000:

advapi32.dll

services.exe_460_rwx_020F0000_00001000:

kernel32.dll

services.exe_460_rwx_02130000_00001000:

kernel32.dll

services.exe_460_rwx_02170000_00001000:

kernel32.dll

services.exe_460_rwx_021B0000_00001000:

kernel32.dll

services.exe_460_rwx_021F0000_00001000:

kernel32.dll

services.exe_460_rwx_02230000_00001000:

kernel32.dll

services.exe_460_rwx_02270000_00001000:

kernel32.dll

services.exe_460_rwx_022B0000_00001000:

kernel32.dll

services.exe_460_rwx_022F0000_00001000:

kernel32.dll

services.exe_460_rwx_02330000_00001000:

kernel32.dll

services.exe_460_rwx_02370000_00001000:

kernel32.dll

services.exe_460_rwx_023B0000_00001000:

kernel32.dll

services.exe_460_rwx_023F0000_00001000:

kernel32.dll

services.exe_460_rwx_02430000_00001000:

kernel32.dll

services.exe_460_rwx_02470000_00001000:

kernel32.dll

services.exe_460_rwx_024B0000_00001000:

kernel32.dll

services.exe_460_rwx_024F0000_00001000:

kernel32.dll

services.exe_460_rwx_02520000_00001000:

ntdll.dll

services.exe_460_rwx_02560000_00001000:

ntdll.dll

services.exe_460_rwx_317C0000_00009000:

.idata

.reloc

P.rsrc

%x`|1

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

lsass.exe_468_rwx_001E0000_00001000:

kernel32.dll

lsass.exe_468_rwx_00770000_00001000:

kernel32.dll

lsass.exe_468_rwx_00B40000_00001000:

kernel32.dll

lsass.exe_468_rwx_00B80000_00001000:

kernel32.dll

lsass.exe_468_rwx_00BC0000_00001000:

kernel32.dll

lsass.exe_468_rwx_00D40000_00001000:

kernel32.dll

lsass.exe_468_rwx_00E90000_00001000:

kernel32.dll

lsass.exe_468_rwx_00ED0000_00001000:

kernel32.dll

lsass.exe_468_rwx_00F50000_00001000:

kernel32.dll

lsass.exe_468_rwx_01050000_00001000:

kernel32.dll

lsass.exe_468_rwx_010D0000_00001000:

kernel32.dll

lsass.exe_468_rwx_01110000_00001000:

kernel32.dll

lsass.exe_468_rwx_01190000_00001000:

kernel32.dll

lsass.exe_468_rwx_011D0000_00001000:

kernel32.dll

lsass.exe_468_rwx_01210000_00001000:

kernel32.dll

lsass.exe_468_rwx_01250000_00001000:

kernel32.dll

lsass.exe_468_rwx_01290000_00001000:

kernel32.dll

lsass.exe_468_rwx_012D0000_00001000:

kernel32.dll

lsass.exe_468_rwx_01300000_00001000:

GetProcessHeap

lsass.exe_468_rwx_01310000_00001000:

kernel32.dll

lsass.exe_468_rwx_01340000_00001000:

oleaut32.dll

lsass.exe_468_rwx_01380000_00001000:

oleaut32.dll

lsass.exe_468_rwx_013C0000_00001000:

oleaut32.dll

lsass.exe_468_rwx_013F0000_00001000:

advapi32.dll

lsass.exe_468_rwx_01430000_00001000:

advapi32.dll

lsass.exe_468_rwx_01460000_00001000:

RegOpenKeyExA

lsass.exe_468_rwx_01470000_00001000:

advapi32.dll

lsass.exe_468_rwx_014A0000_00001000:

RegCloseKey

lsass.exe_468_rwx_014B0000_00001000:

advapi32.dll

lsass.exe_468_rwx_014E0000_00001000:

kernel32.dll

lsass.exe_468_rwx_01520000_00001000:

kernel32.dll

lsass.exe_468_rwx_01560000_00001000:

kernel32.dll

lsass.exe_468_rwx_015A0000_00001000:

kernel32.dll

lsass.exe_468_rwx_015E0000_00001000:

kernel32.dll

lsass.exe_468_rwx_01620000_00001000:

kernel32.dll

lsass.exe_468_rwx_01660000_00001000:

kernel32.dll

lsass.exe_468_rwx_016A0000_00001000:

kernel32.dll

lsass.exe_468_rwx_016E0000_00001000:

kernel32.dll

lsass.exe_468_rwx_01720000_00001000:

kernel32.dll

lsass.exe_468_rwx_01760000_00001000:

kernel32.dll

lsass.exe_468_rwx_017A0000_00001000:

kernel32.dll

lsass.exe_468_rwx_017E0000_00001000:

kernel32.dll

lsass.exe_468_rwx_01820000_00001000:

kernel32.dll

lsass.exe_468_rwx_01860000_00001000:

kernel32.dll

lsass.exe_468_rwx_018A0000_00001000:

kernel32.dll

lsass.exe_468_rwx_018E0000_00001000:

kernel32.dll

lsass.exe_468_rwx_01910000_00001000:

ntdll.dll

lsass.exe_468_rwx_01950000_00001000:

ntdll.dll

lsass.exe_468_rwx_317D0000_00009000:

.idata

.reloc

P.rsrc

%x`}1

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

lsm.exe_476_rwx_00110000_00001000:

kernel32.dll

lsm.exe_476_rwx_00150000_00001000:

kernel32.dll

lsm.exe_476_rwx_00300000_00001000:

kernel32.dll

lsm.exe_476_rwx_00380000_00001000:

kernel32.dll

lsm.exe_476_rwx_003C0000_00001000:

kernel32.dll

lsm.exe_476_rwx_00720000_00001000:

kernel32.dll

lsm.exe_476_rwx_007A0000_00001000:

kernel32.dll

lsm.exe_476_rwx_00860000_00001000:

kernel32.dll

lsm.exe_476_rwx_00920000_00001000:

kernel32.dll

lsm.exe_476_rwx_00960000_00001000:

kernel32.dll

lsm.exe_476_rwx_009A0000_00001000:

kernel32.dll

lsm.exe_476_rwx_00A20000_00001000:

kernel32.dll

lsm.exe_476_rwx_00A60000_00001000:

kernel32.dll

lsm.exe_476_rwx_00BA0000_00001000:

kernel32.dll

lsm.exe_476_rwx_00C20000_00001000:

kernel32.dll

lsm.exe_476_rwx_00C60000_00001000:

kernel32.dll

lsm.exe_476_rwx_00CA0000_00001000:

kernel32.dll

lsm.exe_476_rwx_00CE0000_00001000:

kernel32.dll

lsm.exe_476_rwx_00D10000_00001000:

GetProcessHeap

lsm.exe_476_rwx_00D20000_00001000:

kernel32.dll

lsm.exe_476_rwx_00D50000_00001000:

oleaut32.dll

lsm.exe_476_rwx_00D70000_00001000:

oleaut32.dll

lsm.exe_476_rwx_00DD0000_00001000:

oleaut32.dll

lsm.exe_476_rwx_00E00000_00001000:

advapi32.dll

lsm.exe_476_rwx_00E40000_00001000:

advapi32.dll

lsm.exe_476_rwx_00E70000_00001000:

RegOpenKeyExA

lsm.exe_476_rwx_00E80000_00001000:

advapi32.dll

lsm.exe_476_rwx_00EB0000_00001000:

RegCloseKey

lsm.exe_476_rwx_00EC0000_00001000:

advapi32.dll

lsm.exe_476_rwx_00EF0000_00001000:

kernel32.dll

lsm.exe_476_rwx_00F30000_00001000:

kernel32.dll

lsm.exe_476_rwx_00F70000_00001000:

kernel32.dll

lsm.exe_476_rwx_01000000_00001000:

kernel32.dll

lsm.exe_476_rwx_01040000_00001000:

kernel32.dll

lsm.exe_476_rwx_01080000_00001000:

kernel32.dll

lsm.exe_476_rwx_010C0000_00001000:

kernel32.dll

lsm.exe_476_rwx_01100000_00001000:

kernel32.dll

lsm.exe_476_rwx_01140000_00001000:

kernel32.dll

lsm.exe_476_rwx_01160000_00001000:

kernel32.dll

lsm.exe_476_rwx_011C0000_00001000:

kernel32.dll

lsm.exe_476_rwx_01200000_00001000:

kernel32.dll

lsm.exe_476_rwx_01240000_00001000:

kernel32.dll

lsm.exe_476_rwx_01280000_00001000:

kernel32.dll

lsm.exe_476_rwx_012C0000_00001000:

kernel32.dll

lsm.exe_476_rwx_01300000_00001000:

kernel32.dll

lsm.exe_476_rwx_01340000_00001000:

kernel32.dll

lsm.exe_476_rwx_01370000_00001000:

ntdll.dll

lsm.exe_476_rwx_013B0000_00001000:

ntdll.dll

lsm.exe_476_rwx_317E0000_00009000:

.idata

.reloc

P.rsrc

%x`~1

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

Dwm.exe_528_rwx_01040000_00001000:

kernel32.dll

Dwm.exe_528_rwx_010D0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01110000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01620000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01660000_00001000:

kernel32.dll

Dwm.exe_528_rwx_016A0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_016E0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01720000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01760000_00001000:

kernel32.dll

Dwm.exe_528_rwx_017E0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01820000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01860000_00001000:

kernel32.dll

Dwm.exe_528_rwx_018A0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_018E0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01920000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01960000_00001000:

kernel32.dll

Dwm.exe_528_rwx_019A0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_019E0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01A10000_00001000:

GetProcessHeap

Dwm.exe_528_rwx_01A20000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01A50000_00001000:

oleaut32.dll

Dwm.exe_528_rwx_01AD0000_00001000:

oleaut32.dll

Dwm.exe_528_rwx_01B10000_00001000:

oleaut32.dll

Dwm.exe_528_rwx_01B40000_00001000:

advapi32.dll

Dwm.exe_528_rwx_01B80000_00001000:

advapi32.dll

Dwm.exe_528_rwx_01BB0000_00001000:

RegOpenKeyExA

Dwm.exe_528_rwx_01BC0000_00001000:

advapi32.dll

Dwm.exe_528_rwx_01BF0000_00001000:

RegCloseKey

Dwm.exe_528_rwx_01C00000_00001000:

advapi32.dll

Dwm.exe_528_rwx_01C30000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01CB0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01CF0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01D30000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01D70000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01DB0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01DF0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01E70000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01EB0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01EF0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01F30000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01F70000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01FB0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_01FF0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_02030000_00001000:

kernel32.dll

Dwm.exe_528_rwx_02070000_00001000:

kernel32.dll

Dwm.exe_528_rwx_020B0000_00001000:

kernel32.dll

Dwm.exe_528_rwx_020E0000_00001000:

ntdll.dll

Dwm.exe_528_rwx_02120000_00001000:

ntdll.dll

Dwm.exe_528_rwx_318C0000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

svchost.exe_580_rwx_00160000_00001000:

kernel32.dll

svchost.exe_580_rwx_00950000_00001000:

kernel32.dll

svchost.exe_580_rwx_00970000_00001000:

kernel32.dll

svchost.exe_580_rwx_009D0000_00001000:

kernel32.dll

svchost.exe_580_rwx_00B90000_00001000:

kernel32.dll

svchost.exe_580_rwx_00C90000_00001000:

kernel32.dll

svchost.exe_580_rwx_00D40000_00001000:

kernel32.dll

svchost.exe_580_rwx_00ED0000_00001000:

kernel32.dll

svchost.exe_580_rwx_00F10000_00001000:

kernel32.dll

svchost.exe_580_rwx_00F90000_00001000:

kernel32.dll

svchost.exe_580_rwx_010D0000_00001000:

kernel32.dll

svchost.exe_580_rwx_01100000_00001000:

kernel32.dll

svchost.exe_580_rwx_01190000_00001000:

kernel32.dll

svchost.exe_580_rwx_011D0000_00001000:

kernel32.dll

svchost.exe_580_rwx_01210000_00001000:

kernel32.dll

svchost.exe_580_rwx_01290000_00001000:

kernel32.dll

svchost.exe_580_rwx_012D0000_00001000:

kernel32.dll

svchost.exe_580_rwx_012F0000_00001000:

kernel32.dll

svchost.exe_580_rwx_01340000_00001000:

GetProcessHeap

svchost.exe_580_rwx_01350000_00001000:

kernel32.dll

svchost.exe_580_rwx_01380000_00001000:

oleaut32.dll

svchost.exe_580_rwx_013C0000_00001000:

oleaut32.dll

svchost.exe_580_rwx_01400000_00001000:

oleaut32.dll

svchost.exe_580_rwx_01430000_00001000:

advapi32.dll

svchost.exe_580_rwx_01450000_00001000:

advapi32.dll

svchost.exe_580_rwx_014A0000_00001000:

RegOpenKeyExA

svchost.exe_580_rwx_014B0000_00001000:

advapi32.dll

svchost.exe_580_rwx_014E0000_00001000:

RegCloseKey

svchost.exe_580_rwx_014F0000_00001000:

advapi32.dll

svchost.exe_580_rwx_01520000_00001000:

kernel32.dll

svchost.exe_580_rwx_01560000_00001000:

kernel32.dll

svchost.exe_580_rwx_015A0000_00001000:

kernel32.dll

svchost.exe_580_rwx_015E0000_00001000:

kernel32.dll

svchost.exe_580_rwx_01620000_00001000:

kernel32.dll

svchost.exe_580_rwx_01660000_00001000:

kernel32.dll

svchost.exe_580_rwx_016A0000_00001000:

kernel32.dll

svchost.exe_580_rwx_016E0000_00001000:

kernel32.dll

svchost.exe_580_rwx_01720000_00001000:

kernel32.dll

svchost.exe_580_rwx_01760000_00001000:

kernel32.dll

svchost.exe_580_rwx_017A0000_00001000:

kernel32.dll

svchost.exe_580_rwx_017E0000_00001000:

kernel32.dll

svchost.exe_580_rwx_01820000_00001000:

kernel32.dll

svchost.exe_580_rwx_01860000_00001000:

kernel32.dll

svchost.exe_580_rwx_018A0000_00001000:

kernel32.dll

svchost.exe_580_rwx_018E0000_00001000:

kernel32.dll

svchost.exe_580_rwx_01920000_00001000:

kernel32.dll

svchost.exe_580_rwx_01950000_00001000:

ntdll.dll

svchost.exe_580_rwx_01990000_00001000:

ntdll.dll

svchost.exe_580_rwx_317F0000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

svchost.exe_648_rwx_00380000_00001000:

kernel32.dll

svchost.exe_648_rwx_003C0000_00001000:

kernel32.dll

svchost.exe_648_rwx_00400000_00001000:

kernel32.dll

svchost.exe_648_rwx_00710000_00001000:

kernel32.dll

svchost.exe_648_rwx_007D0000_00001000:

kernel32.dll

svchost.exe_648_rwx_00810000_00001000:

kernel32.dll

svchost.exe_648_rwx_00A70000_00001000:

kernel32.dll

svchost.exe_648_rwx_00AB0000_00001000:

kernel32.dll

svchost.exe_648_rwx_00B30000_00001000:

kernel32.dll

svchost.exe_648_rwx_00BB0000_00001000:

kernel32.dll

svchost.exe_648_rwx_00BF0000_00001000:

kernel32.dll

svchost.exe_648_rwx_00D70000_00001000:

kernel32.dll

svchost.exe_648_rwx_00DB0000_00001000:

kernel32.dll

svchost.exe_648_rwx_00E30000_00001000:

kernel32.dll

svchost.exe_648_rwx_00E70000_00001000:

kernel32.dll

svchost.exe_648_rwx_00EB0000_00001000:

kernel32.dll

svchost.exe_648_rwx_00EF0000_00001000:

kernel32.dll

svchost.exe_648_rwx_00F30000_00001000:

kernel32.dll

svchost.exe_648_rwx_00F60000_00001000:

GetProcessHeap

svchost.exe_648_rwx_00F70000_00001000:

kernel32.dll

svchost.exe_648_rwx_00FA0000_00001000:

oleaut32.dll

svchost.exe_648_rwx_00FE0000_00001000:

oleaut32.dll

svchost.exe_648_rwx_01020000_00001000:

oleaut32.dll

svchost.exe_648_rwx_01050000_00001000:

advapi32.dll

svchost.exe_648_rwx_01090000_00001000:

advapi32.dll

svchost.exe_648_rwx_010C0000_00001000:

RegOpenKeyExA

svchost.exe_648_rwx_010D0000_00001000:

advapi32.dll

svchost.exe_648_rwx_01100000_00001000:

RegCloseKey

svchost.exe_648_rwx_01110000_00001000:

advapi32.dll

svchost.exe_648_rwx_01140000_00001000:

kernel32.dll

svchost.exe_648_rwx_01170000_00001000:

kernel32.dll

svchost.exe_648_rwx_011C0000_00001000:

kernel32.dll

svchost.exe_648_rwx_01200000_00001000:

kernel32.dll

svchost.exe_648_rwx_01240000_00001000:

kernel32.dll

svchost.exe_648_rwx_01280000_00001000:

kernel32.dll

svchost.exe_648_rwx_012C0000_00001000:

kernel32.dll

svchost.exe_648_rwx_01300000_00001000:

kernel32.dll

svchost.exe_648_rwx_01340000_00001000:

kernel32.dll

svchost.exe_648_rwx_01380000_00001000:

kernel32.dll

svchost.exe_648_rwx_013C0000_00001000:

kernel32.dll

svchost.exe_648_rwx_01400000_00001000:

kernel32.dll

svchost.exe_648_rwx_01440000_00001000:

kernel32.dll

svchost.exe_648_rwx_01480000_00001000:

kernel32.dll

svchost.exe_648_rwx_014D0000_00001000:

kernel32.dll

svchost.exe_648_rwx_01500000_00001000:

kernel32.dll

svchost.exe_648_rwx_01540000_00001000:

kernel32.dll

svchost.exe_648_rwx_01570000_00001000:

ntdll.dll

svchost.exe_648_rwx_01590000_00001000:

ntdll.dll

svchost.exe_648_rwx_31800000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

svchost.exe_700_rwx_00730000_00001000:

kernel32.dll

svchost.exe_700_rwx_00B00000_00001000:

kernel32.dll

svchost.exe_700_rwx_00C50000_00001000:

kernel32.dll

svchost.exe_700_rwx_00CD0000_00001000:

kernel32.dll

svchost.exe_700_rwx_00D90000_00001000:

kernel32.dll

svchost.exe_700_rwx_00FE0000_00001000:

kernel32.dll

svchost.exe_700_rwx_01020000_00001000:

kernel32.dll

svchost.exe_700_rwx_01060000_00001000:

kernel32.dll

svchost.exe_700_rwx_011E0000_00001000:

kernel32.dll

svchost.exe_700_rwx_01220000_00001000:

kernel32.dll

svchost.exe_700_rwx_01730000_00001000:

kernel32.dll

svchost.exe_700_rwx_01EC0000_00001000:

kernel32.dll

svchost.exe_700_rwx_01F40000_00001000:

kernel32.dll

svchost.exe_700_rwx_01FD0000_00001000:

kernel32.dll

svchost.exe_700_rwx_02010000_00001000:

kernel32.dll

svchost.exe_700_rwx_02070000_00001000:

kernel32.dll

svchost.exe_700_rwx_02110000_00001000:

kernel32.dll

svchost.exe_700_rwx_02150000_00001000:

kernel32.dll

svchost.exe_700_rwx_02180000_00001000:

GetProcessHeap

svchost.exe_700_rwx_02190000_00001000:

kernel32.dll

svchost.exe_700_rwx_021C0000_00001000:

oleaut32.dll

svchost.exe_700_rwx_02200000_00001000:

oleaut32.dll

svchost.exe_700_rwx_02240000_00001000:

oleaut32.dll

svchost.exe_700_rwx_02270000_00001000:

advapi32.dll

svchost.exe_700_rwx_022B0000_00001000:

advapi32.dll

svchost.exe_700_rwx_02320000_00001000:

RegOpenKeyExA

svchost.exe_700_rwx_02330000_00001000:

advapi32.dll

svchost.exe_700_rwx_02360000_00001000:

RegCloseKey

svchost.exe_700_rwx_02370000_00001000:

advapi32.dll

svchost.exe_700_rwx_023A0000_00001000:

kernel32.dll

svchost.exe_700_rwx_023E0000_00001000:

kernel32.dll

svchost.exe_700_rwx_02420000_00001000:

kernel32.dll

svchost.exe_700_rwx_02460000_00001000:

kernel32.dll

svchost.exe_700_rwx_024A0000_00001000:

kernel32.dll

svchost.exe_700_rwx_024E0000_00001000:

kernel32.dll

svchost.exe_700_rwx_02520000_00001000:

kernel32.dll

svchost.exe_700_rwx_02560000_00001000:

kernel32.dll

svchost.exe_700_rwx_025A0000_00001000:

kernel32.dll

svchost.exe_700_rwx_025E0000_00001000:

kernel32.dll

svchost.exe_700_rwx_02620000_00001000:

kernel32.dll

svchost.exe_700_rwx_02660000_00001000:

kernel32.dll

svchost.exe_700_rwx_026A0000_00001000:

kernel32.dll

svchost.exe_700_rwx_026E0000_00001000:

kernel32.dll

svchost.exe_700_rwx_02720000_00001000:

kernel32.dll

svchost.exe_700_rwx_02750000_00001000:

kernel32.dll

svchost.exe_700_rwx_027A0000_00001000:

kernel32.dll

svchost.exe_700_rwx_027D0000_00001000:

ntdll.dll

svchost.exe_700_rwx_02810000_00001000:

ntdll.dll

svchost.exe_700_rwx_31810000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

svchost.exe_820_rwx_005E0000_00001000:

kernel32.dll

svchost.exe_820_rwx_00660000_00001000:

kernel32.dll

svchost.exe_820_rwx_00720000_00001000:

kernel32.dll

svchost.exe_820_rwx_00770000_00001000:

kernel32.dll

svchost.exe_820_rwx_00AC0000_00001000:

kernel32.dll

svchost.exe_820_rwx_00B40000_00001000:

kernel32.dll

svchost.exe_820_rwx_00B80000_00001000:

kernel32.dll

svchost.exe_820_rwx_00BC0000_00001000:

kernel32.dll

svchost.exe_820_rwx_00C00000_00001000:

kernel32.dll

svchost.exe_820_rwx_00D80000_00001000:

kernel32.dll

svchost.exe_820_rwx_00E40000_00001000:

kernel32.dll

svchost.exe_820_rwx_00EC0000_00001000:

kernel32.dll

svchost.exe_820_rwx_00F00000_00001000:

kernel32.dll

svchost.exe_820_rwx_00F80000_00001000:

kernel32.dll

svchost.exe_820_rwx_01000000_00001000:

kernel32.dll

svchost.exe_820_rwx_01050000_00001000:

kernel32.dll

svchost.exe_820_rwx_01110000_00001000:

kernel32.dll

svchost.exe_820_rwx_01150000_00001000:

kernel32.dll

svchost.exe_820_rwx_011C0000_00001000:

GetProcessHeap

svchost.exe_820_rwx_011D0000_00001000:

kernel32.dll

svchost.exe_820_rwx_01250000_00001000:

oleaut32.dll

svchost.exe_820_rwx_01310000_00001000:

oleaut32.dll

svchost.exe_820_rwx_01350000_00001000:

oleaut32.dll

svchost.exe_820_rwx_01390000_00001000:

advapi32.dll

svchost.exe_820_rwx_014E0000_00001000:

advapi32.dll

svchost.exe_820_rwx_01510000_00001000:

RegOpenKeyExA

svchost.exe_820_rwx_01670000_00001000:

advapi32.dll

svchost.exe_820_rwx_016A0000_00001000:

RegCloseKey

svchost.exe_820_rwx_016B0000_00001000:

advapi32.dll

svchost.exe_820_rwx_01800000_00001000:

kernel32.dll

svchost.exe_820_rwx_01840000_00001000:

kernel32.dll

svchost.exe_820_rwx_01880000_00001000:

kernel32.dll

svchost.exe_820_rwx_01CE0000_00001000:

kernel32.dll

svchost.exe_820_rwx_01E20000_00001000:

kernel32.dll

svchost.exe_820_rwx_01E60000_00001000:

kernel32.dll

svchost.exe_820_rwx_01EA0000_00001000:

kernel32.dll

svchost.exe_820_rwx_01EE0000_00001000:

kernel32.dll

svchost.exe_820_rwx_01F20000_00001000:

kernel32.dll

svchost.exe_820_rwx_01F60000_00001000:

kernel32.dll

svchost.exe_820_rwx_01FA0000_00001000:

kernel32.dll

svchost.exe_820_rwx_01FE0000_00001000:

kernel32.dll

svchost.exe_820_rwx_02020000_00001000:

kernel32.dll

svchost.exe_820_rwx_02060000_00001000:

kernel32.dll

svchost.exe_820_rwx_020A0000_00001000:

kernel32.dll

svchost.exe_820_rwx_020E0000_00001000:

kernel32.dll

svchost.exe_820_rwx_02120000_00001000:

kernel32.dll

svchost.exe_820_rwx_02150000_00001000:

ntdll.dll

svchost.exe_820_rwx_02190000_00001000:

ntdll.dll

svchost.exe_820_rwx_31820000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

svchost.exe_860_rwx_00630000_00001000:

kernel32.dll

svchost.exe_860_rwx_00BF0000_00001000:

kernel32.dll

svchost.exe_860_rwx_00DE0000_00001000:

kernel32.dll

svchost.exe_860_rwx_00EE0000_00001000:

kernel32.dll

svchost.exe_860_rwx_00FA0000_00001000:

kernel32.dll

svchost.exe_860_rwx_01060000_00001000:

kernel32.dll

svchost.exe_860_rwx_011A0000_00001000:

kernel32.dll

svchost.exe_860_rwx_011E0000_00001000:

kernel32.dll

svchost.exe_860_rwx_012A0000_00001000:

kernel32.dll

svchost.exe_860_rwx_013E0000_00001000:

kernel32.dll

svchost.exe_860_rwx_01460000_00001000:

kernel32.dll

svchost.exe_860_rwx_016A0000_00001000:

kernel32.dll

svchost.exe_860_rwx_01930000_00001000:

kernel32.dll

svchost.exe_860_rwx_019F0000_00001000:

kernel32.dll

svchost.exe_860_rwx_01AB0000_00001000:

kernel32.dll

svchost.exe_860_rwx_01BF0000_00001000:

kernel32.dll

svchost.exe_860_rwx_01C70000_00001000:

kernel32.dll

svchost.exe_860_rwx_01D70000_00001000:

kernel32.dll

svchost.exe_860_rwx_01DE0000_00001000:

GetProcessHeap

svchost.exe_860_rwx_01DF0000_00001000:

kernel32.dll

svchost.exe_860_rwx_01E20000_00001000:

oleaut32.dll

svchost.exe_860_rwx_01EA0000_00001000:

oleaut32.dll

svchost.exe_860_rwx_01F60000_00001000:

oleaut32.dll

svchost.exe_860_rwx_01F90000_00001000:

advapi32.dll

svchost.exe_860_rwx_020D0000_00001000:

advapi32.dll

svchost.exe_860_rwx_02100000_00001000:

RegOpenKeyExA

svchost.exe_860_rwx_02110000_00001000:

advapi32.dll

svchost.exe_860_rwx_02340000_00001000:

RegCloseKey

svchost.exe_860_rwx_02490000_00001000:

advapi32.dll

svchost.exe_860_rwx_02500000_00001000:

kernel32.dll

svchost.exe_860_rwx_027C0000_00001000:

kernel32.dll

svchost.exe_860_rwx_02900000_00001000:

kernel32.dll

svchost.exe_860_rwx_02990000_00001000:

kernel32.dll

svchost.exe_860_rwx_03150000_00001000:

kernel32.dll

svchost.exe_860_rwx_035A0000_00001000:

kernel32.dll

svchost.exe_860_rwx_035D0000_00001000:

kernel32.dll

svchost.exe_860_rwx_03620000_00001000:

kernel32.dll

svchost.exe_860_rwx_03660000_00001000:

kernel32.dll

svchost.exe_860_rwx_036A0000_00001000:

kernel32.dll

svchost.exe_860_rwx_036E0000_00001000:

kernel32.dll

svchost.exe_860_rwx_03720000_00001000:

kernel32.dll

svchost.exe_860_rwx_03760000_00001000:

kernel32.dll

svchost.exe_860_rwx_037A0000_00001000:

kernel32.dll

svchost.exe_860_rwx_037F0000_00001000:

kernel32.dll

svchost.exe_860_rwx_03820000_00001000:

kernel32.dll

svchost.exe_860_rwx_03860000_00001000:

kernel32.dll

svchost.exe_860_rwx_03890000_00001000:

ntdll.dll

svchost.exe_860_rwx_038D0000_00001000:

ntdll.dll

svchost.exe_860_rwx_31830000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

svchost.exe_1032_rwx_00510000_00001000:

kernel32.dll

svchost.exe_1032_rwx_005D0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_00690000_00001000:

kernel32.dll

svchost.exe_1032_rwx_006D0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_00710000_00001000:

kernel32.dll

svchost.exe_1032_rwx_00750000_00001000:

kernel32.dll

svchost.exe_1032_rwx_00A60000_00001000:

kernel32.dll

svchost.exe_1032_rwx_00AA0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_00AE0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_00BF0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_00CB0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_00CF0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_00F80000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01000000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01080000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01200000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01240000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01280000_00001000:

kernel32.dll

svchost.exe_1032_rwx_012B0000_00001000:

GetProcessHeap

svchost.exe_1032_rwx_012C0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01300000_00001000:

oleaut32.dll

svchost.exe_1032_rwx_01340000_00001000:

oleaut32.dll

svchost.exe_1032_rwx_01380000_00001000:

oleaut32.dll

svchost.exe_1032_rwx_013F0000_00001000:

advapi32.dll

svchost.exe_1032_rwx_01430000_00001000:

advapi32.dll

svchost.exe_1032_rwx_01460000_00001000:

RegOpenKeyExA

svchost.exe_1032_rwx_01470000_00001000:

advapi32.dll

svchost.exe_1032_rwx_01490000_00001000:

RegCloseKey

svchost.exe_1032_rwx_014A0000_00001000:

advapi32.dll

svchost.exe_1032_rwx_014E0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01520000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01560000_00001000:

kernel32.dll

svchost.exe_1032_rwx_015E0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01620000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01660000_00001000:

kernel32.dll

svchost.exe_1032_rwx_016A0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_016E0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01720000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01760000_00001000:

kernel32.dll

svchost.exe_1032_rwx_017A0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_017E0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01800000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01860000_00001000:

kernel32.dll

svchost.exe_1032_rwx_018A0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_018E0000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01920000_00001000:

kernel32.dll

svchost.exe_1032_rwx_01950000_00001000:

ntdll.dll

svchost.exe_1032_rwx_01990000_00001000:

ntdll.dll

svchost.exe_1032_rwx_31840000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

svchost.exe_1132_rwx_00F50000_00001000:

kernel32.dll

svchost.exe_1132_rwx_010E0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_01140000_00001000:

kernel32.dll

svchost.exe_1132_rwx_01260000_00001000:

kernel32.dll

svchost.exe_1132_rwx_013F0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_01530000_00001000:

kernel32.dll

svchost.exe_1132_rwx_01570000_00001000:

kernel32.dll

svchost.exe_1132_rwx_015F0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02830000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02930000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02970000_00001000:

kernel32.dll

svchost.exe_1132_rwx_029B0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_029F0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02B70000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02BB0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02BF0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02C30000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02C70000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02CA0000_00001000:

GetProcessHeap

svchost.exe_1132_rwx_02CB0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02CE0000_00001000:

oleaut32.dll

svchost.exe_1132_rwx_02D20000_00001000:

oleaut32.dll

svchost.exe_1132_rwx_02D60000_00001000:

oleaut32.dll

svchost.exe_1132_rwx_02D90000_00001000:

advapi32.dll

svchost.exe_1132_rwx_02DD0000_00001000:

advapi32.dll

svchost.exe_1132_rwx_02E00000_00001000:

RegOpenKeyExA

svchost.exe_1132_rwx_02E10000_00001000:

advapi32.dll

svchost.exe_1132_rwx_02E40000_00001000:

RegCloseKey

svchost.exe_1132_rwx_02E50000_00001000:

advapi32.dll

svchost.exe_1132_rwx_02E80000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02EC0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02F00000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02F20000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02F80000_00001000:

kernel32.dll

svchost.exe_1132_rwx_02FC0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_03000000_00001000:

kernel32.dll

svchost.exe_1132_rwx_03040000_00001000:

kernel32.dll

svchost.exe_1132_rwx_03080000_00001000:

kernel32.dll

svchost.exe_1132_rwx_030C0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_03100000_00001000:

kernel32.dll

svchost.exe_1132_rwx_03140000_00001000:

kernel32.dll

svchost.exe_1132_rwx_03180000_00001000:

kernel32.dll

svchost.exe_1132_rwx_031C0000_00001000:

kernel32.dll

svchost.exe_1132_rwx_03200000_00001000:

kernel32.dll

svchost.exe_1132_rwx_03240000_00001000:

kernel32.dll

svchost.exe_1132_rwx_03280000_00001000:

kernel32.dll

svchost.exe_1132_rwx_032B0000_00001000:

ntdll.dll

svchost.exe_1132_rwx_032F0000_00001000:

ntdll.dll

svchost.exe_1132_rwx_31850000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

spoolsv.exe_1244_rwx_00460000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_006C0000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_00D20000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_01A70000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_01C30000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_01CB0000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_01D50000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_01E80000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02440000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02520000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_025A0000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_025E0000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02610000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02660000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_026F0000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02730000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_027B0000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02830000_00001000:

GetProcessHeap

spoolsv.exe_1244_rwx_02840000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02870000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_028A0000_00001000:

oleaut32.dll

spoolsv.exe_1244_rwx_028E0000_00001000:

oleaut32.dll

spoolsv.exe_1244_rwx_02920000_00001000:

oleaut32.dll

spoolsv.exe_1244_rwx_02950000_00001000:

advapi32.dll

spoolsv.exe_1244_rwx_02990000_00001000:

advapi32.dll

spoolsv.exe_1244_rwx_029A0000_00001000:

RegOpenKeyExA

spoolsv.exe_1244_rwx_029B0000_00001000:

advapi32.dll

spoolsv.exe_1244_rwx_02A00000_00001000:

RegCloseKey

spoolsv.exe_1244_rwx_02A10000_00001000:

advapi32.dll

spoolsv.exe_1244_rwx_02A40000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02A80000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02AC0000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02B00000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02B40000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02B80000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02BC0000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02C00000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02C40000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02C80000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02CC0000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02CF0000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02D40000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02D80000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02DC0000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02E10000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02E40000_00001000:

kernel32.dll

spoolsv.exe_1244_rwx_02E70000_00001000:

ntdll.dll

spoolsv.exe_1244_rwx_02EA0000_00001000:

ntdll.dll

spoolsv.exe_1244_rwx_31860000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

svchost.exe_1280_rwx_00550000_00001000:

kernel32.dll

svchost.exe_1280_rwx_00610000_00001000:

kernel32.dll

svchost.exe_1280_rwx_00690000_00001000:

kernel32.dll

svchost.exe_1280_rwx_006D0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_009E0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_00AF0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_00CB0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_00D30000_00001000:

kernel32.dll

svchost.exe_1280_rwx_00DB0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_00F30000_00001000:

kernel32.dll

svchost.exe_1280_rwx_00FF0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_011B0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01240000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01280000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01300000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01340000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01380000_00001000:

kernel32.dll

svchost.exe_1280_rwx_013C0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_013F0000_00001000:

GetProcessHeap

svchost.exe_1280_rwx_01400000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01470000_00001000:

oleaut32.dll

svchost.exe_1280_rwx_014B0000_00001000:

oleaut32.dll

svchost.exe_1280_rwx_014F0000_00001000:

oleaut32.dll

svchost.exe_1280_rwx_01520000_00001000:

advapi32.dll

svchost.exe_1280_rwx_01560000_00001000:

RegOpenKeyExA

svchost.exe_1280_rwx_01570000_00001000:

advapi32.dll

svchost.exe_1280_rwx_015A0000_00001000:

advapi32.dll

svchost.exe_1280_rwx_015D0000_00001000:

RegCloseKey

svchost.exe_1280_rwx_015E0000_00001000:

advapi32.dll

svchost.exe_1280_rwx_01650000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01690000_00001000:

kernel32.dll

svchost.exe_1280_rwx_016D0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01710000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01C80000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01CC0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01D00000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01D40000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01D80000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01DD0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01E00000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01E40000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01E80000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01EC0000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01F00000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01F40000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01F80000_00001000:

kernel32.dll

svchost.exe_1280_rwx_01FB0000_00001000:

ntdll.dll

svchost.exe_1280_rwx_025F0000_00001000:

ntdll.dll

svchost.exe_1280_rwx_31870000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

TPAutoConnSvc.exe_1624_rwx_00810000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_00850000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_00B70000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_00FC0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01000000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01040000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01080000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_011D0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01210000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01250000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01790000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_017D0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01810000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01850000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_018A0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_018E0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01920000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01950000_00001000:

GetProcessHeap

TPAutoConnSvc.exe_1624_rwx_01960000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_019A0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_019E0000_00001000:

oleaut32.dll

TPAutoConnSvc.exe_1624_rwx_01A20000_00001000:

oleaut32.dll

TPAutoConnSvc.exe_1624_rwx_01A50000_00001000:

advapi32.dll

TPAutoConnSvc.exe_1624_rwx_01A90000_00001000:

advapi32.dll

TPAutoConnSvc.exe_1624_rwx_01AC0000_00001000:

RegOpenKeyExA

TPAutoConnSvc.exe_1624_rwx_01AD0000_00001000:

oleaut32.dll

TPAutoConnSvc.exe_1624_rwx_01B00000_00001000:

RegCloseKey

TPAutoConnSvc.exe_1624_rwx_01B10000_00001000:

advapi32.dll

TPAutoConnSvc.exe_1624_rwx_01B40000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01B80000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01BC0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01C00000_00001000:

advapi32.dll

TPAutoConnSvc.exe_1624_rwx_01C40000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01C80000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01CC0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01D00000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01D30000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01D70000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01DB0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01DF0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01E30000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01E70000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01EB0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01EF0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01F30000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_01F60000_00001000:

ntdll.dll

TPAutoConnSvc.exe_1624_rwx_01FB0000_00001000:

kernel32.dll

TPAutoConnSvc.exe_1624_rwx_020E0000_00001000:

ntdll.dll

TPAutoConnSvc.exe_1624_rwx_31890000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

svchost.exe_1736_rwx_001D0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_002A0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00420000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00460000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00770000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00840000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00870000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00BD0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00C10000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00C50000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00C90000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00CD0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00D10000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00D50000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00D90000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00DD0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00E10000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00E40000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00E80000_00001000:

GetProcessHeap

svchost.exe_1736_rwx_00E90000_00001000:

kernel32.dll

svchost.exe_1736_rwx_00EC0000_00001000:

oleaut32.dll

svchost.exe_1736_rwx_00F00000_00001000:

oleaut32.dll

svchost.exe_1736_rwx_00F40000_00001000:

oleaut32.dll

svchost.exe_1736_rwx_00F70000_00001000:

advapi32.dll

svchost.exe_1736_rwx_00FB0000_00001000:

advapi32.dll

svchost.exe_1736_rwx_00FE0000_00001000:

RegOpenKeyExA

svchost.exe_1736_rwx_00FF0000_00001000:

advapi32.dll

svchost.exe_1736_rwx_01020000_00001000:

RegCloseKey

svchost.exe_1736_rwx_01030000_00001000:

advapi32.dll

svchost.exe_1736_rwx_01060000_00001000:

kernel32.dll

svchost.exe_1736_rwx_010A0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_010C0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_01120000_00001000:

kernel32.dll

svchost.exe_1736_rwx_01160000_00001000:

kernel32.dll

svchost.exe_1736_rwx_011A0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_011E0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_01220000_00001000:

kernel32.dll

svchost.exe_1736_rwx_01260000_00001000:

kernel32.dll

svchost.exe_1736_rwx_012A0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_012E0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_01320000_00001000:

kernel32.dll

svchost.exe_1736_rwx_01360000_00001000:

kernel32.dll

svchost.exe_1736_rwx_013A0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_013E0000_00001000:

kernel32.dll

svchost.exe_1736_rwx_01420000_00001000:

kernel32.dll

svchost.exe_1736_rwx_01460000_00001000:

kernel32.dll

svchost.exe_1736_rwx_01490000_00001000:

ntdll.dll

svchost.exe_1736_rwx_014C0000_00001000:

ntdll.dll

svchost.exe_1736_rwx_318A0000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

TPAutoConnect.exe_2068_rwx_00260000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_00446000_00001000:

CCmdTarget

t%*.*f

TPAutoConnect.exe_2068_rwx_00580000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_012E0000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_01320000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_01360000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_013A0000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_013F0000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_01430000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_01B50000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_01B90000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_01BD0000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_01C10000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_01C60000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_01DE0000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_01F30000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_021B0000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_021F0000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02230000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02260000_00001000:

GetProcessHeap

TPAutoConnect.exe_2068_rwx_02270000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_022A0000_00001000:

oleaut32.dll

TPAutoConnect.exe_2068_rwx_023E0000_00001000:

oleaut32.dll

TPAutoConnect.exe_2068_rwx_02420000_00001000:

oleaut32.dll

TPAutoConnect.exe_2068_rwx_02450000_00001000:

advapi32.dll

TPAutoConnect.exe_2068_rwx_02590000_00001000:

advapi32.dll

TPAutoConnect.exe_2068_rwx_025C0000_00001000:

RegOpenKeyExA

TPAutoConnect.exe_2068_rwx_025D0000_00001000:

advapi32.dll

TPAutoConnect.exe_2068_rwx_02600000_00001000:

RegCloseKey

TPAutoConnect.exe_2068_rwx_02610000_00001000:

advapi32.dll

TPAutoConnect.exe_2068_rwx_02640000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02780000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_027C0000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02800000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02840000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02880000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_028C0000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02900000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02940000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02980000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_029C0000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02A00000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02A40000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02A80000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02AC0000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02B00000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02B40000_00001000:

kernel32.dll

TPAutoConnect.exe_2068_rwx_02B70000_00001000:

ntdll.dll

TPAutoConnect.exe_2068_rwx_02CB0000_00001000:

ntdll.dll

TPAutoConnect.exe_2068_rwx_31900000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

TPAutoConnect.exe_2068_rwx_4104B000_00001000:

inflate 1.1.3 Copyright 1995-1998 Mark Adler

Standard TCP/IP Port

AddPort

DeletePort

%*.*f

conhost.exe_2076_rwx_000D0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_00110000_00001000:

kernel32.dll

conhost.exe_2076_rwx_00220000_00001000:

kernel32.dll

conhost.exe_2076_rwx_00260000_00001000:

kernel32.dll

conhost.exe_2076_rwx_002B0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_00500000_00001000:

kernel32.dll

conhost.exe_2076_rwx_00580000_00001000:

kernel32.dll

conhost.exe_2076_rwx_005C0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_00600000_00001000:

kernel32.dll

conhost.exe_2076_rwx_00950000_00001000:

kernel32.dll

conhost.exe_2076_rwx_00990000_00001000:

kernel32.dll

conhost.exe_2076_rwx_009D0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_00A10000_00001000:

kernel32.dll

conhost.exe_2076_rwx_00A50000_00001000:

kernel32.dll

conhost.exe_2076_rwx_00AD0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01760000_00001000:

kernel32.dll

conhost.exe_2076_rwx_017A0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_017E0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01810000_00001000:

GetProcessHeap

conhost.exe_2076_rwx_01820000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01850000_00001000:

oleaut32.dll

conhost.exe_2076_rwx_01890000_00001000:

oleaut32.dll

conhost.exe_2076_rwx_01910000_00001000:

oleaut32.dll

conhost.exe_2076_rwx_01940000_00001000:

advapi32.dll

conhost.exe_2076_rwx_01980000_00001000:

advapi32.dll

conhost.exe_2076_rwx_019B0000_00001000:

RegOpenKeyExA

conhost.exe_2076_rwx_019C0000_00001000:

advapi32.dll

conhost.exe_2076_rwx_019F0000_00001000:

RegCloseKey

conhost.exe_2076_rwx_01A00000_00001000:

advapi32.dll

conhost.exe_2076_rwx_01A30000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01AB0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01AF0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01B30000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01BB0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01BF0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01C30000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01C70000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01CB0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01CF0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01D30000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01D70000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01DB0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01DF0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01E30000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01E70000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01EB0000_00001000:

kernel32.dll

conhost.exe_2076_rwx_01EE0000_00001000:

ntdll.dll

conhost.exe_2076_rwx_01F20000_00001000:

ntdll.dll

conhost.exe_2076_rwx_31910000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

SearchIndexer.exe_2136_rwx_033A0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_033F0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03470000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_034F0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03570000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_035B0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_035F0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03A40000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03AC0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03B00000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03B40000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03B80000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03BC0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03C00000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03C50000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03C80000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03CC0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03D00000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03D30000_00001000:

GetProcessHeap

SearchIndexer.exe_2136_rwx_03D40000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03D70000_00001000:

oleaut32.dll

SearchIndexer.exe_2136_rwx_03DB0000_00001000:

oleaut32.dll

SearchIndexer.exe_2136_rwx_03DF0000_00001000:

oleaut32.dll

SearchIndexer.exe_2136_rwx_03E20000_00001000:

advapi32.dll

SearchIndexer.exe_2136_rwx_03E50000_00001000:

RegOpenKeyExA

SearchIndexer.exe_2136_rwx_03E60000_00001000:

advapi32.dll

SearchIndexer.exe_2136_rwx_03EA0000_00001000:

advapi32.dll

SearchIndexer.exe_2136_rwx_03ED0000_00001000:

RegCloseKey

SearchIndexer.exe_2136_rwx_03EE0000_00001000:

advapi32.dll

SearchIndexer.exe_2136_rwx_03F10000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03F50000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03F90000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_03FD0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_04010000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_04050000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_04090000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_040D0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_04110000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_04150000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_04190000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_041D0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_04220000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_04250000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_04290000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_042D0000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_04310000_00001000:

kernel32.dll

SearchIndexer.exe_2136_rwx_04340000_00001000:

ntdll.dll

SearchIndexer.exe_2136_rwx_04380000_00001000:

ntdll.dll

SearchIndexer.exe_2136_rwx_31920000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

wmiprvse.exe_2360_rwx_00650000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_006D0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_00A30000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_00C10000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_00D10000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_00D50000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_00DD0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_00E10000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_00E50000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_00E90000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_00EC0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_00F10000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01750000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01790000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_017D0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01810000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01850000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01890000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_018C0000_00001000:

GetProcessHeap

wmiprvse.exe_2360_rwx_018D0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01900000_00001000:

oleaut32.dll

wmiprvse.exe_2360_rwx_01940000_00001000:

oleaut32.dll

wmiprvse.exe_2360_rwx_01980000_00001000:

oleaut32.dll

wmiprvse.exe_2360_rwx_019B0000_00001000:

advapi32.dll

wmiprvse.exe_2360_rwx_019F0000_00001000:

advapi32.dll

wmiprvse.exe_2360_rwx_01A20000_00001000:

RegOpenKeyExA

wmiprvse.exe_2360_rwx_01A30000_00001000:

advapi32.dll

wmiprvse.exe_2360_rwx_01A60000_00001000:

RegCloseKey

wmiprvse.exe_2360_rwx_01A70000_00001000:

advapi32.dll

wmiprvse.exe_2360_rwx_01AA0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01AE0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01B20000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01B50000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01BA0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01BE0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01C20000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01C60000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01CA0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01CE0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01D20000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01D60000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01DA0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01DE0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01E20000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01E70000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01EA0000_00001000:

kernel32.dll

wmiprvse.exe_2360_rwx_01ED0000_00001000:

ntdll.dll

wmiprvse.exe_2360_rwx_01F10000_00001000:

ntdll.dll

wmiprvse.exe_2360_rwx_319D0000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

svchost.exe_2884_rwx_00210000_00001000:

kernel32.dll

svchost.exe_2884_rwx_006C0000_00001000:

kernel32.dll

svchost.exe_2884_rwx_00700000_00001000:

kernel32.dll

svchost.exe_2884_rwx_00740000_00001000:

kernel32.dll

svchost.exe_2884_rwx_007C0000_00001000:

kernel32.dll

svchost.exe_2884_rwx_00800000_00001000:

kernel32.dll

svchost.exe_2884_rwx_013C0000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01440000_00001000:

kernel32.dll

svchost.exe_2884_rwx_014C0000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01500000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01550000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01580000_00001000:

kernel32.dll

svchost.exe_2884_rwx_015C0000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01600000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01640000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01700000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01740000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01770000_00001000:

GetProcessHeap

svchost.exe_2884_rwx_01780000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01800000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01C70000_00001000:

oleaut32.dll

svchost.exe_2884_rwx_01CB0000_00001000:

oleaut32.dll

svchost.exe_2884_rwx_01CF0000_00001000:

oleaut32.dll

svchost.exe_2884_rwx_01D20000_00001000:

advapi32.dll

svchost.exe_2884_rwx_01D60000_00001000:

advapi32.dll

svchost.exe_2884_rwx_01D90000_00001000:

RegOpenKeyExA

svchost.exe_2884_rwx_01DA0000_00001000:

advapi32.dll

svchost.exe_2884_rwx_01DD0000_00001000:

RegCloseKey

svchost.exe_2884_rwx_01DE0000_00001000:

advapi32.dll

svchost.exe_2884_rwx_01E10000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01E50000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01E90000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01EB0000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01F10000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01F50000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01F90000_00001000:

kernel32.dll

svchost.exe_2884_rwx_01FD0000_00001000:

kernel32.dll

svchost.exe_2884_rwx_02010000_00001000:

kernel32.dll

svchost.exe_2884_rwx_02050000_00001000:

kernel32.dll

svchost.exe_2884_rwx_02090000_00001000:

kernel32.dll

svchost.exe_2884_rwx_020D0000_00001000:

kernel32.dll

svchost.exe_2884_rwx_02110000_00001000:

kernel32.dll

svchost.exe_2884_rwx_02150000_00001000:

kernel32.dll

svchost.exe_2884_rwx_02190000_00001000:

kernel32.dll

svchost.exe_2884_rwx_021D0000_00001000:

kernel32.dll

svchost.exe_2884_rwx_02210000_00001000:

kernel32.dll

svchost.exe_2884_rwx_02240000_00001000:

ntdll.dll

svchost.exe_2884_rwx_02280000_00001000:

ntdll.dll

svchost.exe_2884_rwx_31930000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

conhost.exe_3448_rwx_001C0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_00410000_00001000:

kernel32.dll

conhost.exe_3448_rwx_00490000_00001000:

kernel32.dll

conhost.exe_3448_rwx_00510000_00001000:

kernel32.dll

conhost.exe_3448_rwx_00560000_00001000:

kernel32.dll

conhost.exe_3448_rwx_005A0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_009B0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_009F0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_00A30000_00001000:

kernel32.dll

conhost.exe_3448_rwx_00A70000_00001000:

kernel32.dll

conhost.exe_3448_rwx_00AB0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02070000_00001000:

kernel32.dll

conhost.exe_3448_rwx_020B0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_020F0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02130000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02170000_00001000:

kernel32.dll

conhost.exe_3448_rwx_021B0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_021F0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02220000_00001000:

GetProcessHeap

conhost.exe_3448_rwx_02230000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02260000_00001000:

oleaut32.dll

conhost.exe_3448_rwx_022A0000_00001000:

oleaut32.dll

conhost.exe_3448_rwx_022E0000_00001000:

oleaut32.dll

conhost.exe_3448_rwx_02310000_00001000:

advapi32.dll

conhost.exe_3448_rwx_02350000_00001000:

advapi32.dll

conhost.exe_3448_rwx_02380000_00001000:

RegOpenKeyExA

conhost.exe_3448_rwx_02390000_00001000:

advapi32.dll

conhost.exe_3448_rwx_023C0000_00001000:

RegCloseKey

conhost.exe_3448_rwx_023D0000_00001000:

advapi32.dll

conhost.exe_3448_rwx_02440000_00001000:

kernel32.dll

conhost.exe_3448_rwx_024C0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02500000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02540000_00001000:

kernel32.dll

conhost.exe_3448_rwx_025C0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02600000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02640000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02680000_00001000:

kernel32.dll

conhost.exe_3448_rwx_026C0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02700000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02740000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02780000_00001000:

kernel32.dll

conhost.exe_3448_rwx_027C0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02800000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02840000_00001000:

kernel32.dll

conhost.exe_3448_rwx_02880000_00001000:

kernel32.dll

conhost.exe_3448_rwx_028C0000_00001000:

kernel32.dll

conhost.exe_3448_rwx_028F0000_00001000:

ntdll.dll

conhost.exe_3448_rwx_02930000_00001000:

ntdll.dll

conhost.exe_3448_rwx_31960000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

taskhost.exe_3500_rwx_006A0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_009A0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_00A20000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_012D0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_013E0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_014A0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01930000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_019F0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01A70000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01AB0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01B70000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01C70000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01CF0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01D30000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01D70000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01E30000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01EF0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01F30000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01F60000_00001000:

GetProcessHeap

taskhost.exe_3500_rwx_01F70000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_01FE0000_00001000:

oleaut32.dll

taskhost.exe_3500_rwx_02060000_00001000:

oleaut32.dll

taskhost.exe_3500_rwx_020E0000_00001000:

oleaut32.dll

taskhost.exe_3500_rwx_021D0000_00001000:

advapi32.dll

taskhost.exe_3500_rwx_02210000_00001000:

advapi32.dll

taskhost.exe_3500_rwx_02240000_00001000:

RegOpenKeyExA

taskhost.exe_3500_rwx_02250000_00001000:

advapi32.dll

taskhost.exe_3500_rwx_02280000_00001000:

RegCloseKey

taskhost.exe_3500_rwx_02290000_00001000:

advapi32.dll

taskhost.exe_3500_rwx_02300000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02380000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02480000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_024C0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_025C0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_026C0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02740000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_027C0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02800000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02880000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_028C0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02900000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02980000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02A00000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02A80000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02AC0000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02B80000_00001000:

kernel32.dll

taskhost.exe_3500_rwx_02BB0000_00001000:

ntdll.dll

taskhost.exe_3500_rwx_02C70000_00001000:

ntdll.dll

taskhost.exe_3500_rwx_31940000_00009000:

.idata

.reloc

P.rsrc

Portions Copyright (c) 1999,2003 Avenger by NhT

kernel32.dll

Ntdll.dll

NtEnumerateValueKey

NtEnumerateKey

advapi32.dll

GetProcessHeap

oleaut32.dll

RegOpenKeyExA

RegCloseKey

ntdll.dll

KWindows

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

msconfig.exe:1024
msconfig.exe:5616
msconfig.exe:3032
%original file name%.exe:1976
chrome.exe:3196
svhost.exe:5584
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe (4185 bytes)
C:\Windows\System32\drivers\etc\hosts (421 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\XX--XX--XX.txt (619 bytes)
C:\Windows\SystemWindows\svhost.exe (4185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\msconfig.exe (4799 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\logs.dat (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\UuU.uUu (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\XxX.xXx (6184 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"system32" = "C:\Windows\SystemWindows\svhost.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"system32" = "C:\Windows\SystemWindows\svhost.exe"
Restore the original content of the HOSTS file (%System%\drivers\etc\hosts):
127.0.0.1 localhost
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Gen.Variant.Kazy.51389_a0adfabc59

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Gen.Variant.Kazy.51389_a0adfabc59

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet