HEUR:Trojan.MSIL.Tpyn.chu (Kaspersky), Trojan.GenericKD.4227471 (B) (Emsisoft), Trojan.GenericKD.4227471 (AdAware), Worm.Win32.AutoIt.FD, WormAutoItGen.YR (Lavasoft MAS)Behaviour: Trojan, Worm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 2cfccba0459777444edd6c634a82a4e7
SHA1: 2aa0ec905393fff15160de25f00d5bec14a3a316
SHA256: 32c320c68c86421d1bb6298c4fc9fe27911a3fa1e362d0550cdee4e9b97a5d5b
SSDeep: 24576:SzZa5CQ8k3D7KoLXRQGccCyRP 6jK3GIkfcupzk /YuQSXJ TGCY:OZa5CZk3DGAhQGccPRXjgGpotiJ TGC
Size: 1110016 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, NETexecutable, UPolyXv05_v6
Company: no certificate found
Created at: 2017-01-24 09:10:49
Analyzed on: Windows7 SP1 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
systeminfo.exe:3304
AL_Freeze.exe:4032
%original file name%.exe:3556
netsh.exe:3688
rundll32.exe:3704
vbc.exe:1884
The Trojan injects its code into the following process(es):
securityscan.exe:936
%original file name%.exe:2744
HE_freeze.exe:3632
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process AL_Freeze.exe:4032 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\Passwords.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\securityscan.exe (3073 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\wydumko (941 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\Info.txt (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQUMIDKJ\icanhazip_com[1].txt (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\autD355.tmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startupsecurityscan.lnk (950 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\Cookies.sqlite (3073 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\wydumko (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\autD355.tmp (0 bytes)
The process securityscan.exe:936 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut667F.tmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\thmkhlr (941 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\logs_30.01.2017.htm (999 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut667F.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\thmkhlr (0 bytes)
The process %original file name%.exe:3556 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\ProgramData\HE_freeze.exe (1069 bytes)
C:\ProgramData\AL_Freeze.exe (1020 bytes)
The process HE_freeze.exe:3632 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\pid.txt (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\pidloc.txt (28 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\holdermail.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\holderwb.txt (0 bytes)
The process rundll32.exe:3704 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PB4MUVM8\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L20F2E6W\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z4F6XH63\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y9HD519A\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini (67 bytes)
The process vbc.exe:1884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\holderwb.txt (2 bytes)
Registry activity
The process systeminfo.exe:3304 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E\@%SystemRoot%\system32]
"mlang.dll,-4386" = "English (United States)"
The process AL_Freeze.exe:4032 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Tracing\AL_Freeze_RASAPI32]
"FileTracingMask" = "4294901760"
[HKCU\Software\USER]
"Runonce" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\AL_Freeze_RASMANCS]
"EnableFileTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 38 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"TaskbarNoNotification" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\AL_Freeze_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\AL_Freeze_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Tracing\AL_Freeze_RASMANCS]
"FileTracingMask" = "4294901760"
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Tracing\AL_Freeze_RASAPI32]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\AL_Freeze_RASMANCS]
"EnableConsoleTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\AL_Freeze_RASAPI32]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\AL_Freeze_RASMANCS]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\AL_Freeze_RASAPI32]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"ConsentPromptBehaviorAdmin" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\AL_Freeze_RASAPI32]
"MaxFileSize" = "1048576"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"
The process securityscan.exe:936 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"securityscan" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\securityscan.exe"
The process %original file name%.exe:3556 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Update" = "c:\%original file name%.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update" = "c:\%original file name%.exe"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process %original file name%.exe:2744 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Tracing\2cfccba0459777444edd6c634a82a4e7_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Tracing\2cfccba0459777444edd6c634a82a4e7_RASMANCS]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\2cfccba0459777444edd6c634a82a4e7_RASAPI32]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\2cfccba0459777444edd6c634a82a4e7_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\2cfccba0459777444edd6c634a82a4e7_RASAPI32]
"FileTracingMask" = "4294901760"
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\2cfccba0459777444edd6c634a82a4e7_RASMANCS]
"FileDirectory" = "%windir%\tracing"
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\2cfccba0459777444edd6c634a82a4e7_RASAPI32]
"ConsoleTracingMask" = "4294901760"
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\2cfccba0459777444edd6c634a82a4e7_RASMANCS]
"MaxFileSize" = "1048576"
"EnableConsoleTracing" = "0"
The process HE_freeze.exe:3632 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Tracing\HE_freeze_RASMANCS]
"EnableFileTracing" = "0"
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\HE_freeze_RASMANCS]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\HE_freeze_RASAPI32]
"EnableConsoleTracing" = "0"
"ConsoleTracingMask" = "4294901760"
"MaxFileSize" = "1048576"
"EnableFileTracing" = "0"
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\HE_freeze_RASMANCS]
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\HE_freeze_RASAPI32]
"FileDirectory" = "%windir%\tracing"
The process netsh.exe:3688 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E\@%SystemRoot%\system32]
"dhcpqec.dll,-102" = "Microsoft Corporation"
"dhcpqec.dll,-103" = "1.0"
"dhcpqec.dll,-100" = "DHCP Quarantine Enforcement Client"
"dhcpqec.dll,-101" = "Provides DHCP based enforcement for NAP"
"eapqec.dll,-102" = "1.0"
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
"eapqec.dll,-101" = "Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies."
"napipsec.dll,-4" = "1.0"
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\2C\52C64B7E\@%SystemRoot%\system32]
"napipsec.dll,-1" = "IPsec Relying Party"
"eapqec.dll,-103" = "Microsoft Corporation"
"napipsec.dll,-3" = "Microsoft Corporation"
"napipsec.dll,-2" = "Provides IPsec based enforcement for Network Access Protection"
"tsgqec.dll,-102" = "1.0"
"tsgqec.dll,-103" = "Microsoft Corporation"
"tsgqec.dll,-100" = "RD Gateway Quarantine Enforcement Client"
"tsgqec.dll,-101" = "Provides RD Gateway enforcement for NAP"
Dropped PE files
MD5 | File path |
---|---|
3177de57bdad312bccdbdcb519d332fc | c:\ProgramData\AL_Freeze.exe |
e3f057214df404cc970323591d82ef69 | c:\ProgramData\HE_freeze.exe |
3177de57bdad312bccdbdcb519d332fc | c:\Users\All Users\AL_Freeze.exe |
e3f057214df404cc970323591d82ef69 | c:\Users\All Users\HE_freeze.exe |
3177de57bdad312bccdbdcb519d332fc | c:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\securityscan.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
systeminfo.exe:3304
AL_Freeze.exe:4032
%original file name%.exe:3556
netsh.exe:3688
rundll32.exe:3704
vbc.exe:1884 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\Passwords.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\securityscan.exe (3073 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\wydumko (941 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\Info.txt (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQUMIDKJ\icanhazip_com[1].txt (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\autD355.tmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startupsecurityscan.lnk (950 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\Cookies.sqlite (3073 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aut667F.tmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\thmkhlr (941 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\logs_30.01.2017.htm (999 bytes)
C:\ProgramData\HE_freeze.exe (1069 bytes)
C:\ProgramData\AL_Freeze.exe (1020 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\pid.txt (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\pidloc.txt (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PB4MUVM8\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L20F2E6W\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z4F6XH63\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y9HD519A\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\holderwb.txt (2 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"securityscan" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\securityscan.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Update" = "c:\%original file name%.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update" = "c:\%original file name%.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name:
Product Version: 0.0.0.0
Legal Copyright:
Legal Trademarks:
Original Filename: 3n1freezkdjishxmp.exe
Internal Name: 3n1freezkdjishxmp.exe
File Version: 0.0.0.0
File Description:
Comments:
Language: English (United States)
Company Name: Product Name: Product Version: 0.0.0.0Legal Copyright: Legal Trademarks: Original Filename: 3n1freezkdjishxmp.exeInternal Name: 3n1freezkdjishxmp.exeFile Version: 0.0.0.0File Description: Comments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 8192 | 1104612 | 1104896 | 5.49803 | e1f180670f7a473b741a6f636703c882 |
.rsrc | 1114112 | 4096 | 4096 | 0.502278 | 05066c5928dad995f62af353999cd76c |
.reloc | 1122304 | 12 | 512 | 0.070639 | b22f02d582457886ed8366d75fde65c1 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://0v3rfl0w.com/overflow.exe | 50.63.202.83 |
hxxp://icanhazip.com/ | |
hxxp://whatismyipaddress.com/ | 184.30.217.129 |
hxxp://checkip.dyndns.com/ | |
hxxp://checkip.dyndns.org/ | 216.146.43.70 |
asociacionvecinosmalilla.com | 92.43.17.143 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET / HTTP/1.1
Host: whatismyipaddress.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 59
Date: Mon, 30 Jan 2017 12:03:29 GMT
Connection: keep-alive
Access Denied (AK1). Contact support@whatismyipaddress.comHTTP/1.1 200 OK..Content-Type: text/html..Content-Length: 59..Date: Mon, 30 Jan 2017 12:03:29 GMT..Connection: keep-alive..Access Denied (AK1). Contact support@whatismyipaddress.com..
GET / HTTP/1.1
Host: checkip.dyndns.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Server: DynDNS-CheckIP/1.0
Connection: close
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 106
<html><head><title>Current IP Check</title></head><body>Current IP Address: 194.242.96.226</body></html>....
GET / HTTP/1.1
User-Agent: AutoIt
Host: icanhazip.com
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 30 Jan 2017 12:03:27 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 15
Connection: close
X-SECURITY: This site doesn't distribute malware. Get the facts. hXXps://is.gd/1LWdFz
X-RTFM: Learn about this site at hXXp://bit.ly/icanhazip-faq and don't abuse the service.
X-BECOME-A-RACKER: If you're reading this, apply here: hXXps://VVV.rackspace.com/talent/
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
194.242.96.226...
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
TrustedInstaller.exe_1840:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
msvcrt.dll
msvcrt.dll
ole32.dll
ole32.dll
j.Yf;
j.Yf;
Failed to execute shutdown processing.
Failed to execute shutdown processing.
FFailed a critical portion of startup processing.
FFailed a critical portion of startup processing.
Failed to initialize delayed portion.
Failed to initialize delayed portion.
TrustedInstaller terminated unexpectedly with pending operations the last time around; will skip core startup processing.
TrustedInstaller terminated unexpectedly with pending operations the last time around; will skip core startup processing.
Failed to execute service.
Failed to execute service.
Starting the Trusted Installer in standalone mode based on command-line switch: %S
Starting the Trusted Installer in standalone mode based on command-line switch: %S
Failed to expand path to servicing stack directory: %S
Failed to expand path to servicing stack directory: %S
Failed to open servicing stack version registry key.
Failed to open servicing stack version registry key.
TI found cbscore.dll at: %S
TI found cbscore.dll at: %S
Failed to initialize the DLL: %S
Failed to initialize the DLL: %S
Failed to locate 'SfpInitialize' method in DLL: %S
Failed to locate 'SfpInitialize' method in DLL: %S
Failed to load sfp DLL from path: %S
Failed to load sfp DLL from path: %S
Failed to supply callback for revoking shutdown processing; assuming it is not supported.
Failed to supply callback for revoking shutdown processing; assuming it is not supported.
Failed to initialize the Core DLL: %S
Failed to initialize the Core DLL: %S
Warning: Failed to locate 'CbsCoreFinalizeShutdownProcessing' method in Core DLL: %S
Warning: Failed to locate 'CbsCoreFinalizeShutdownProcessing' method in Core DLL: %S
Warning: Failed to locate 'CbsCorePrepareShutdownProcessing' method in Core DLL: %S
Warning: Failed to locate 'CbsCorePrepareShutdownProcessing' method in Core DLL: %S
Warning: Failed to locate 'CbsCoreIsExecutionEngineIdle' method in Core DLL: %S
Warning: Failed to locate 'CbsCoreIsExecutionEngineIdle' method in Core DLL: %S
CbsCoreIsExecutionEngineIdle
CbsCoreIsExecutionEngineIdle
Warning: Failed to locate 'CbsCoreUnregisterWinlogonNotification' method in Core DLL: %S
Warning: Failed to locate 'CbsCoreUnregisterWinlogonNotification' method in Core DLL: %S
Warning: Failed to locate 'CbsCoreSetState' method in Core DLL: %S
Warning: Failed to locate 'CbsCoreSetState' method in Core DLL: %S
Warning: Failed to locate 'CbsCoreServiceIdleProcessing' method in Core DLL: %S
Warning: Failed to locate 'CbsCoreServiceIdleProcessing' method in Core DLL: %S
Failed to locate 'CbsCoreFinalize' method in Core DLL: %S
Failed to locate 'CbsCoreFinalize' method in Core DLL: %S
Failed to locate 'CbsCoreShutdownProcessing' method in Core DLL: %S
Failed to locate 'CbsCoreShutdownProcessing' method in Core DLL: %S
Failed to locate 'CbsCoreEnsureNoStartupProcessing' method in Core DLL: %S
Failed to locate 'CbsCoreEnsureNoStartupProcessing' method in Core DLL: %S
Failed to locate 'CbsCoreStartupProcessing' method in Core DLL: %S
Failed to locate 'CbsCoreStartupProcessing' method in Core DLL: %S
Failed to locate 'CbsCoreInitializeDelayedPortion' method in Core DLL: %S
Failed to locate 'CbsCoreInitializeDelayedPortion' method in Core DLL: %S
CbsCoreInitializeDelayedPortion
CbsCoreInitializeDelayedPortion
Failed to locate 'CbsCoreInitialize' method in Core DLL: %S
Failed to locate 'CbsCoreInitialize' method in Core DLL: %S
Failed to load Core DLL from path: %S
Failed to load Core DLL from path: %S
Failed to initialize sxsstore.dll
Failed to initialize sxsstore.dll
Failed to load SxsStore.dll
Failed to load SxsStore.dll
Failed to append dll name: %S to path: %S.
Failed to append dll name: %S to path: %S.
Failed to backslash-terminate system directory: %S.
Failed to backslash-terminate system directory: %S.
May have successfully finished startup processing but another reboot and executing startup processing again is required to be sure.
May have successfully finished startup processing but another reboot and executing startup processing again is required to be sure.
Ignoring failure to set reboot callback; assuming reboot indication is not supported.
Ignoring failure to set reboot callback; assuming reboot indication is not supported.
Failed to allocate string to format: %S
Failed to allocate string to format: %S
failed to allocate string to format: %S
failed to allocate string to format: %S
Failed to get length of passed in string
Failed to get length of passed in string
Failed to get full path for string: %S
Failed to get full path for string: %S
Failed to expand environment variables in string: %S
Failed to expand environment variables in string: %S
Failed to allocate string to enum registry value: %S
Failed to allocate string to enum registry value: %S
Registry value for %S is not a dword type.
Registry value for %S is not a dword type.
%s [HRESULT = 0xx - %s]
%s [HRESULT = 0xx - %s]
Failed to open the registry root: n/a, key: %S.
Failed to open the registry root: n/a, key: %S.
Failed to query registry value: %S
Failed to query registry value: %S
Failed during startup processing, continuing with Trusted Installer execution
Failed during startup processing, continuing with Trusted Installer execution
Warning: Failed to execute service idle processing. Error code: 0X%x
Warning: Failed to execute service idle processing. Error code: 0X%x
SSSh \z
SSSh \z
Startup: Failed to wait on startup thread. Wait result: 0x%x
Startup: Failed to wait on startup thread. Wait result: 0x%x
Failed to wait on startup thread. Wait result: 0x%x
Failed to wait on startup thread. Wait result: 0x%x
Failed to wait on idle processing thread. Wait result: 0x%x
Failed to wait on idle processing thread. Wait result: 0x%x
Warning: Failed while executing service idle processing.
Warning: Failed while executing service idle processing.
Failed while executing shutdown processing.
Failed while executing shutdown processing.
Failed to open RebootPending key.
Failed to open RebootPending key.
Reboot mark refs incremented to: %u
Reboot mark refs incremented to: %u
RebootPending key exists unexpectedly.
RebootPending key exists unexpectedly.
Failed to create RebootPending key.
Failed to create RebootPending key.
Reboot mark refs: %u
Reboot mark refs: %u
Failed to delete RebootPending key.
Failed to delete RebootPending key.
Failed to open TrustedInstaller service to change config, hopefully the auto-start registry key is already set.
Failed to open TrustedInstaller service to change config, hopefully the auto-start registry key is already set.
Failed to change the Trusted Installer to an auto start service, hopefully the auto-start registry key is already set.
Failed to change the Trusted Installer to an auto start service, hopefully the auto-start registry key is already set.
Failed to locate setup log directory while executing during setup. Probably not really running under setup.
Failed to locate setup log directory while executing during setup. Probably not really running under setup.
d:\w7rtm\base\cbs\util\cbsutil.cpp
d:\w7rtm\base\cbs\util\cbsutil.cpp
Failed to allocate delete search string for backup logs directory path: %S
Failed to allocate delete search string for backup logs directory path: %S
Failed to wait on makecab.exe process.
Failed to wait on makecab.exe process.
Failed to delete backup log after archiving: %S.
Failed to delete backup log after archiving: %S.
Failed to transfer cab timestamp: %S.
Failed to transfer cab timestamp: %S.
Failed to open handle for cab timestamp transfer: %S.
Failed to open handle for cab timestamp transfer: %S.
Archived backup log: %S.
Archived backup log: %S.
Failed to allocate full path to makecab.exe.
Failed to allocate full path to makecab.exe.
Failed to ensure makecab.exe path ended with a backslash: %S.
Failed to ensure makecab.exe path ended with a backslash: %S.
Failed to allocate makecab.exe path from windows directory: %S.
Failed to allocate makecab.exe path from windows directory: %S.
Failed to get windows directory for makecab.exe path.
Failed to get windows directory for makecab.exe path.
Failed to get proc address for ConstructPartialMsgVA.
Failed to get proc address for ConstructPartialMsgVA.
ConstructPartialMsgVA
ConstructPartialMsgVA
Could not allocate a backup name for the log file: %S, we'll just continue with our current log file.
Could not allocate a backup name for the log file: %S, we'll just continue with our current log file.
Failed to initialize logging with dll: %S, log directory: %S
Failed to initialize logging with dll: %S, log directory: %S
Failed to move log: %S to backup log: %S, continuing anyway.
Failed to move log: %S to backup log: %S, continuing anyway.
Failed to add log name log directory: %S
Failed to add log name log directory: %S
Failed to store log path argument: %S
Failed to store log path argument: %S
Failed to ensure that logging directory exists: %S
Failed to ensure that logging directory exists: %S
Failed to add 'servicing' name on to log directory: %S
Failed to add 'servicing' name on to log directory: %S
Failed to ensure log directory ended with a backslash: %S
Failed to ensure log directory ended with a backslash: %S
Failed to allocate log directory from windows directory: %S
Failed to allocate log directory from windows directory: %S
Failed to get windows directory for log file.
Failed to get windows directory for log file.
Failed to initialize logging with DLL: %S, log file: %S
Failed to initialize logging with DLL: %S, log file: %S
Failed to allocate log file name: %S
Failed to allocate log file name: %S
Failed to get proc address for WdsGenericSetupLogInit.
Failed to get proc address for WdsGenericSetupLogInit.
WdsGenericSetupLogInit
WdsGenericSetupLogInit
Failed to get proc address for WdsSetupLogInit.
Failed to get proc address for WdsSetupLogInit.
WdsSetupLogInit
WdsSetupLogInit
Failed to load WDSCORE DLL: %S
Failed to load WDSCORE DLL: %S
Could not load WDSCORE DLL from path: %S. Continuing without text file logging.
Could not load WDSCORE DLL from path: %S. Continuing without text file logging.
Failed to ensure Wds path ended with a backslash: %S
Failed to ensure Wds path ended with a backslash: %S
Failed to allocate Wds path from windows directory: %S
Failed to allocate Wds path from windows directory: %S
Failed to get windows directory for WDSCORE DLL path.
Failed to get windows directory for WDSCORE DLL path.
Failed to get attributes for file: %S
Failed to get attributes for file: %S
Failed to create path: %S
Failed to create path: %S
Failed to copy parent of path: %S
Failed to copy parent of path: %S
Cannot find parent for path: %S.
Cannot find parent for path: %S.
Failed to allocate string to read registry value: %S
Failed to allocate string to read registry value: %S
Failed to query value to get type and size of registry root: n/a, value: %S
Failed to query value to get type and size of registry root: n/a, value: %S
Failed initial query of value to get type, size, and value of registry value: %S
Failed initial query of value to get type, size, and value of registry value: %S
Failed to look up privilege name: %S
Failed to look up privilege name: %S
CERT_E_INVALID_NAME
CERT_E_INVALID_NAME
CERT_E_INVALID_POLICY
CERT_E_INVALID_POLICY
CERT_E_UNTRUSTEDCA
CERT_E_UNTRUSTEDCA
CERT_E_WRONG_USAGE
CERT_E_WRONG_USAGE
CERT_E_CN_NO_MATCH
CERT_E_CN_NO_MATCH
CERT_E_REVOCATION_FAILURE
CERT_E_REVOCATION_FAILURE
CERT_E_UNTRUSTEDTESTROOT
CERT_E_UNTRUSTEDTESTROOT
CERT_E_REVOKED
CERT_E_REVOKED
CERT_E_CHAINING
CERT_E_CHAINING
CERT_E_UNTRUSTEDROOT
CERT_E_UNTRUSTEDROOT
CERT_E_PATHLENCONST
CERT_E_PATHLENCONST
CERT_E_CRITICAL
CERT_E_CRITICAL
CERT_E_PURPOSE
CERT_E_PURPOSE
CERT_E_ISSUERCHAINING
CERT_E_ISSUERCHAINING
CERT_E_MALFORMED
CERT_E_MALFORMED
CERT_E_ROLE
CERT_E_ROLE
CERT_E_EXPIRED
CERT_E_EXPIRED
CERT_E_VALIDITYPERIODNESTING
CERT_E_VALIDITYPERIODNESTING
CRYPT_E_MISSING_PUBKEY_PARA
CRYPT_E_MISSING_PUBKEY_PARA
CRYPT_E_BAD_MSG
CRYPT_E_BAD_MSG
CRYPT_E_NO_DECRYPT_CERT
CRYPT_E_NO_DECRYPT_CERT
CRYPT_E_NO_KEY_PROPERTY
CRYPT_E_NO_KEY_PROPERTY
CRYPT_E_UNEXPECTED_MSG_TYPE
CRYPT_E_UNEXPECTED_MSG_TYPE
CRYPT_E_STREAM_MSG_NOT_READY
CRYPT_E_STREAM_MSG_NOT_READY
CRYPT_E_INVALID_MSG_TYPE
CRYPT_E_INVALID_MSG_TYPE
CRYPT_E_MSG_ERROR
CRYPT_E_MSG_ERROR
CBS_E_SQM_REPORT_IGNORED_AI_FAILURES_ON_TRANSACTION_RESOLVE
CBS_E_SQM_REPORT_IGNORED_AI_FAILURES_ON_TRANSACTION_RESOLVE
CBS_E_INVALID_DRIVER_OPERATION_KEY
CBS_E_INVALID_DRIVER_OPERATION_KEY
SPAPI_E_REMOTE_REQUEST_UNSUPPORTED
SPAPI_E_REMOTE_REQUEST_UNSUPPORTED
SPAPI_E_NON_WINDOWS_DRIVER
SPAPI_E_NON_WINDOWS_DRIVER
SPAPI_E_NON_WINDOWS_NT_DRIVER
SPAPI_E_NON_WINDOWS_NT_DRIVER
SPAPI_E_KEY_DOES_NOT_EXIST
SPAPI_E_KEY_DOES_NOT_EXIST
!"#$%&'()* ,-./0
!"#$%&'()* ,-./0
ERROR_MCA_UNSUPPORTED_COLOR_TEMPERATURE
ERROR_MCA_UNSUPPORTED_COLOR_TEMPERATURE
ERROR_MCA_UNSUPPORTED_MCCS_VERSION
ERROR_MCA_UNSUPPORTED_MCCS_VERSION
ERROR_EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL
ERROR_EVT_INVALID_OPERATION_OVER_ENABLED_DIRECT_CHANNEL
ERROR_EVT_FILTER_UNSUPPORTEDOP
ERROR_EVT_FILTER_UNSUPPORTEDOP
ERROR_SXS_INCORRECT_PUBLIC_KEY_TOKEN
ERROR_SXS_INCORRECT_PUBLIC_KEY_TOKEN
ERROR_SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT
ERROR_SXS_PROTECTION_PUBLIC_KEY_TOO_SHORT
ERROR_SXS_KEY_NOT_FOUND
ERROR_SXS_KEY_NOT_FOUND
ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH
ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH
ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN
ERROR_IPSEC_IKE_INVALID_CERT_KEYLEN
ERROR_IPSEC_IKE_UNSUPPORTED_ID
ERROR_IPSEC_IKE_UNSUPPORTED_ID
ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED
ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED
ERROR_IPSEC_IKE_NO_PEER_CERT
ERROR_IPSEC_IKE_NO_PEER_CERT
ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ
ERROR_IPSEC_IKE_PROCESS_ERR_CERT_REQ
ERROR_IPSEC_IKE_PROCESS_ERR_CERT
ERROR_IPSEC_IKE_PROCESS_ERR_CERT
ERROR_IPSEC_IKE_NO_PUBLIC_KEY
ERROR_IPSEC_IKE_NO_PUBLIC_KEY
ERROR_IPSEC_IKE_SIMULTANEOUS_REKEY
ERROR_IPSEC_IKE_SIMULTANEOUS_REKEY
ERROR_IPSEC_IKE_NO_PRIVATE_KEY
ERROR_IPSEC_IKE_NO_PRIVATE_KEY
ERROR_IPSEC_IKE_INVALID_CERT_TYPE
ERROR_IPSEC_IKE_INVALID_CERT_TYPE
ERROR_IPSEC_IKE_INVALID_KEY_USAGE
ERROR_IPSEC_IKE_INVALID_KEY_USAGE
ERROR_IPSEC_IKE_NO_CERT
ERROR_IPSEC_IKE_NO_CERT
ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION
ERROR_IPSEC_TRANSPORT_FILTER_PENDING_DELETION
ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND
ERROR_IPSEC_TRANSPORT_FILTER_NOT_FOUND
ERROR_IPSEC_TRANSPORT_FILTER_EXISTS
ERROR_IPSEC_TRANSPORT_FILTER_EXISTS
ERROR_NOT_SUPPORTED_ON_STANDARD_SERVER
ERROR_NOT_SUPPORTED_ON_STANDARD_SERVER
ERROR_DS_NOT_SUPPORTED_SORT_ORDER
ERROR_DS_NOT_SUPPORTED_SORT_ORDER
ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY
ERROR_DS_SAM_NEED_BOOTKEY_FLOPPY
ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD
ERROR_DS_SAM_NEED_BOOTKEY_PASSWORD
ERROR_DS_KEY_NOT_UNIQUE
ERROR_DS_KEY_NOT_UNIQUE
ERROR_DS_ILLEGAL_XDOM_MOVE_OPERATION
ERROR_DS_ILLEGAL_XDOM_MOVE_OPERATION
ERROR_DS_PDC_OPERATION_IN_PROGRESS
ERROR_DS_PDC_OPERATION_IN_PROGRESS
ERROR_DS_DRA_NOT_SUPPORTED
ERROR_DS_DRA_NOT_SUPPORTED
ERROR_DS_UNKNOWN_OPERATION
ERROR_DS_UNKNOWN_OPERATION
ERROR_DS_ILLEGAL_MOD_OPERATION
ERROR_DS_ILLEGAL_MOD_OPERATION
ERROR_DS_NOT_SUPPORTED
ERROR_DS_NOT_SUPPORTED
ERROR_DS_AUTH_METHOD_NOT_SUPPORTED
ERROR_DS_AUTH_METHOD_NOT_SUPPORTED
ERROR_DS_OPERATIONS_ERROR
ERROR_DS_OPERATIONS_ERROR
ERROR_OPERATION_NOT_SUPPORTED_IN_TRANSACTION
ERROR_OPERATION_NOT_SUPPORTED_IN_TRANSACTION
ERROR_CANNOT_EXECUTE_FILE_IN_TRANSACTION
ERROR_CANNOT_EXECUTE_FILE_IN_TRANSACTION
ERROR_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE
ERROR_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE
ERROR_TRANSACTIONS_UNSUPPORTED_REMOTE
ERROR_TRANSACTIONS_UNSUPPORTED_REMOTE
ERROR_IMPLICIT_TRANSACTION_NOT_SUPPORTED
ERROR_IMPLICIT_TRANSACTION_NOT_SUPPORTED
ERROR_TRANSACTION_NOT_JOINED
ERROR_TRANSACTION_NOT_JOINED
ERROR_LOG_MULTIPLEXED
ERROR_LOG_MULTIPLEXED
ERROR_CS_ENCRYPTION_UNSUPPORTED_SERVER
ERROR_CS_ENCRYPTION_UNSUPPORTED_SERVER
ERROR_EFS_VERSION_NOT_SUPPORT
ERROR_EFS_VERSION_NOT_SUPPORT
ERROR_VOLUME_NOT_SUPPORT_EFS
ERROR_VOLUME_NOT_SUPPORT_EFS
ERROR_NOT_EXPORT_FORMAT
ERROR_NOT_EXPORT_FORMAT
ERROR_NO_USER_KEYS
ERROR_NO_USER_KEYS
ERROR_CLUSTER_RESTYPE_NOT_SUPPORTED
ERROR_CLUSTER_RESTYPE_NOT_SUPPORTED
ERROR_CLUSTER_JOIN_ABORTED
ERROR_CLUSTER_JOIN_ABORTED
ERROR_INVALID_OPERATION_ON_QUORUM
ERROR_INVALID_OPERATION_ON_QUORUM
ERROR_CLUSTER_JOIN_NOT_IN_PROGRESS
ERROR_CLUSTER_JOIN_NOT_IN_PROGRESS
ERROR_CLUSTER_JOIN_IN_PROGRESS
ERROR_CLUSTER_JOIN_IN_PROGRESS
ERROR_IEPORT_FULL
ERROR_IEPORT_FULL
ERROR_NO_SUPPORTING_DRIVES
ERROR_NO_SUPPORTING_DRIVES
ERROR_CONTROLLING_IEPORT
ERROR_CONTROLLING_IEPORT
ERROR_TRANSPORT_FULL
ERROR_TRANSPORT_FULL
ERROR_UNABLE_TO_INVENTORY_TRANSPORT
ERROR_UNABLE_TO_INVENTORY_TRANSPORT
ERROR_INVALID_OPERATION
ERROR_INVALID_OPERATION
RPC_S_INTERFACE_NOT_EXPORTED
RPC_S_INTERFACE_NOT_EXPORTED
RPC_S_NOT_ALL_OBJS_EXPORTED
RPC_S_NOT_ALL_OBJS_EXPORTED
RPC_X_PIPE_EMPTY
RPC_X_PIPE_EMPTY
RPC_X_PIPE_DISCIPLINE_ERROR
RPC_X_PIPE_DISCIPLINE_ERROR
RPC_X_PIPE_CLOSED
RPC_X_PIPE_CLOSED
RPC_X_WRONG_PIPE_VERSION
RPC_X_WRONG_PIPE_VERSION
RPC_X_WRONG_PIPE_ORDER
RPC_X_WRONG_PIPE_ORDER
RPC_X_INVALID_PIPE_OBJECT
RPC_X_INVALID_PIPE_OBJECT
RPC_S_UNSUPPORTED_AUTHN_LEVEL
RPC_S_UNSUPPORTED_AUTHN_LEVEL
RPC_S_CANNOT_SUPPORT
RPC_S_CANNOT_SUPPORT
RPC_S_NOT_ALL_OBJS_UNEXPORTED
RPC_S_NOT_ALL_OBJS_UNEXPORTED
RPC_S_NOTHING_TO_EXPORT
RPC_S_NOTHING_TO_EXPORT
RPC_S_UNSUPPORTED_NAME_SYNTAX
RPC_S_UNSUPPORTED_NAME_SYNTAX
RPC_S_UNSUPPORTED_TYPE
RPC_S_UNSUPPORTED_TYPE
RPC_S_UNSUPPORTED_TRANS_SYN
RPC_S_UNSUPPORTED_TRANS_SYN
RPC_S_PROTSEQ_NOT_SUPPORTED
RPC_S_PROTSEQ_NOT_SUPPORTED
ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT
ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT
ERROR_CONNECTED_OTHER_PASSWORD
ERROR_CONNECTED_OTHER_PASSWORD
ERROR_CLIPPING_NOT_SUPPORTED
ERROR_CLIPPING_NOT_SUPPORTED
ERROR_TRANSFORM_NOT_SUPPORTED
ERROR_TRANSFORM_NOT_SUPPORTED
ERROR_METAFILE_NOT_SUPPORTED
ERROR_METAFILE_NOT_SUPPORTED
ERROR_PASSWORD_MUST_CHANGE
ERROR_PASSWORD_MUST_CHANGE
ERROR_UNKNOWN_PORT
ERROR_UNKNOWN_PORT
ERROR_PATCH_REMOVAL_UNSUPPORTED
ERROR_PATCH_REMOVAL_UNSUPPORTED
ERROR_PATCH_PACKAGE_UNSUPPORTED
ERROR_PATCH_PACKAGE_UNSUPPORTED
ERROR_INSTALL_PLATFORM_UNSUPPORTED
ERROR_INSTALL_PLATFORM_UNSUPPORTED
ERROR_UNSUPPORTED_TYPE
ERROR_UNSUPPORTED_TYPE
ERROR_INSTALL_LANGUAGE_UNSUPPORTED
ERROR_INSTALL_LANGUAGE_UNSUPPORTED
ERROR_SYMLINK_NOT_SUPPORTED
ERROR_SYMLINK_NOT_SUPPORTED
ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION
ERROR_REQUIRES_INTERACTIVE_WINDOWSTATION
ERROR_INVALID_KEYBOARD_HANDLE
ERROR_INVALID_KEYBOARD_HANDLE
ERROR_INVALID_MSGBOX_STYLE
ERROR_INVALID_MSGBOX_STYLE
ERROR_HOTKEY_NOT_REGISTERED
ERROR_HOTKEY_NOT_REGISTERED
ERROR_CLASS_HAS_WINDOWS
ERROR_CLASS_HAS_WINDOWS
ERROR_HOTKEY_ALREADY_REGISTERED
ERROR_HOTKEY_ALREADY_REGISTERED
ERROR_NO_USER_SESSION_KEY
ERROR_NO_USER_SESSION_KEY
ERROR_PASSWORD_EXPIRED
ERROR_PASSWORD_EXPIRED
ERROR_PASSWORD_RESTRICTION
ERROR_PASSWORD_RESTRICTION
ERROR_ILL_FORMED_PASSWORD
ERROR_ILL_FORMED_PASSWORD
ERROR_WRONG_PASSWORD
ERROR_WRONG_PASSWORD
ERROR_NULL_LM_PASSWORD
ERROR_NULL_LM_PASSWORD
ERROR_LOCAL_USER_SESSION_KEY
ERROR_LOCAL_USER_SESSION_KEY
ERROR_ACCESS_DISABLED_WEBBLADE_TAMPER
ERROR_ACCESS_DISABLED_WEBBLADE_TAMPER
ERROR_ACCESS_DISABLED_WEBBLADE
ERROR_ACCESS_DISABLED_WEBBLADE
ERROR_INVALID_IMPORT_OF_NON_DLL
ERROR_INVALID_IMPORT_OF_NON_DLL
ERROR_NOT_SUPPORTED_ON_SBS
ERROR_NOT_SUPPORTED_ON_SBS
ERROR_LOGIN_WKSTA_RESTRICTION
ERROR_LOGIN_WKSTA_RESTRICTION
ERROR_LOGIN_TIME_RESTRICTION
ERROR_LOGIN_TIME_RESTRICTION
ERROR_PORT_UNREACHABLE
ERROR_PORT_UNREACHABLE
ERROR_INVALID_PASSWORDNAME
ERROR_INVALID_PASSWORDNAME
ERROR_DISK_OPERATION_FAILED
ERROR_DISK_OPERATION_FAILED
ERROR_SERVICE_NOT_IN_EXE
ERROR_SERVICE_NOT_IN_EXE
ERROR_KEY_HAS_CHILDREN
ERROR_KEY_HAS_CHILDREN
ERROR_KEY_DELETED
ERROR_KEY_DELETED
ERROR_BADKEY
ERROR_BADKEY
ERROR_OPERATION_ABORTED
ERROR_OPERATION_ABORTED
ERROR_PRIMARY_TRANSPORT_CONNECT_FAILED
ERROR_PRIMARY_TRANSPORT_CONNECT_FAILED
ERROR_CARDBUS_NOT_SUPPORTED
ERROR_CARDBUS_NOT_SUPPORTED
ERROR_IMAGE_MACHINE_TYPE_MISMATCH_EXE
ERROR_IMAGE_MACHINE_TYPE_MISMATCH_EXE
ERROR_PORT_NOT_SET
ERROR_PORT_NOT_SET
ERROR_UNSUPPORTED_COMPRESSION
ERROR_UNSUPPORTED_COMPRESSION
ERROR_PORT_MESSAGE_TOO_LONG
ERROR_PORT_MESSAGE_TOO_LONG
ERROR_INVALID_PORT_ATTRIBUTES
ERROR_INVALID_PORT_ATTRIBUTES
ERROR_PIPE_LISTENING
ERROR_PIPE_LISTENING
ERROR_PIPE_CONNECTED
ERROR_PIPE_CONNECTED
ERROR_EAS_NOT_SUPPORTED
ERROR_EAS_NOT_SUPPORTED
ERROR_PIPE_NOT_CONNECTED
ERROR_PIPE_NOT_CONNECTED
ERROR_PIPE_BUSY
ERROR_PIPE_BUSY
ERROR_BAD_PIPE
ERROR_BAD_PIPE
ERROR_PIPE_LOCAL
ERROR_PIPE_LOCAL
ERROR_EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY
ERROR_EXE_CANNOT_MODIFY_STRONG_SIGNED_BINARY
ERROR_EXE_CANNOT_MODIFY_SIGNED_BINARY
ERROR_EXE_CANNOT_MODIFY_SIGNED_BINARY
ERROR_EXE_MACHINE_TYPE_MISMATCH
ERROR_EXE_MACHINE_TYPE_MISMATCH
ERROR_BAD_EXE_FORMAT
ERROR_BAD_EXE_FORMAT
ERROR_EXE_MARKED_INVALID
ERROR_EXE_MARKED_INVALID
ERROR_INVALID_EXE_SIGNATURE
ERROR_INVALID_EXE_SIGNATURE
ERROR_ATOMIC_LOCKS_NOT_SUPPORTED
ERROR_ATOMIC_LOCKS_NOT_SUPPORTED
ERROR_IS_JOIN_PATH
ERROR_IS_JOIN_PATH
ERROR_SUBST_TO_JOIN
ERROR_SUBST_TO_JOIN
ERROR_JOIN_TO_SUBST
ERROR_JOIN_TO_SUBST
ERROR_JOIN_TO_JOIN
ERROR_JOIN_TO_JOIN
ERROR_NOT_JOINED
ERROR_NOT_JOINED
ERROR_IS_JOINED
ERROR_IS_JOINED
ERROR_IS_JOIN_TARGET
ERROR_IS_JOIN_TARGET
ERROR_BROKEN_PIPE
ERROR_BROKEN_PIPE
ERROR_INVALID_PASSWORD
ERROR_INVALID_PASSWORD
ERROR_TOO_MANY_CMDS
ERROR_TOO_MANY_CMDS
ERROR_NOT_SUPPORTED
ERROR_NOT_SUPPORTED
SL_E_VL_KEY_MANAGEMENT_SERVICE_VM_NOT_SUPPORTED
SL_E_VL_KEY_MANAGEMENT_SERVICE_VM_NOT_SUPPORTED
SL_E_OPERATION_NOT_ALLOWED
SL_E_OPERATION_NOT_ALLOWED
SL_E_SLP_OEM_CERT_MISSING
SL_E_SLP_OEM_CERT_MISSING
SL_E_PKEY_INVALID_UPGRADE
SL_E_PKEY_INVALID_UPGRADE
SL_E_BLOCKED_PRODUCT_KEY
SL_E_BLOCKED_PRODUCT_KEY
SL_E_INVALID_PRODUCT_KEY
SL_E_INVALID_PRODUCT_KEY
SL_E_VL_KEY_MANAGEMENT_SERVICE_ID_MISMATCH
SL_E_VL_KEY_MANAGEMENT_SERVICE_ID_MISMATCH
SL_E_VL_KEY_MANAGEMENT_SERVICE_NOT_ACTIVATED
SL_E_VL_KEY_MANAGEMENT_SERVICE_NOT_ACTIVATED
SL_E_VL_NOT_WINDOWS_SLP
SL_E_VL_NOT_WINDOWS_SLP
SL_E_PRODUCT_KEY_INSTALLATION_NOT_ALLOWED
SL_E_PRODUCT_KEY_INSTALLATION_NOT_ALLOWED
SL_E_CIDIID_VERSION_NOT_SUPPORTED
SL_E_CIDIID_VERSION_NOT_SUPPORTED
SL_E_PROXY_KEY_NOT_FOUND
SL_E_PROXY_KEY_NOT_FOUND
SL_E_WINDOWS_INVALID_LICENSE_STATE
SL_E_WINDOWS_INVALID_LICENSE_STATE
SL_E_LICENSE_SERVER_URL_NOT_FOUND
SL_E_LICENSE_SERVER_URL_NOT_FOUND
SL_E_NOT_SUPPORTED
SL_E_NOT_SUPPORTED
SL_E_PKEY_NOT_INSTALLED
SL_E_PKEY_NOT_INSTALLED
SL_E_INVALID_PKEY
SL_E_INVALID_PKEY
SL_E_MISMATCHED_PKEY_RANGE
SL_E_MISMATCHED_PKEY_RANGE
SL_E_PKEY_INVALID_KEYCHANGE2
SL_E_PKEY_INVALID_KEYCHANGE2
SL_E_PKEY_INVALID_KEYCHANGE3
SL_E_PKEY_INVALID_KEYCHANGE3
SL_E_PKEY_INVALID_KEYCHANGE4
SL_E_PKEY_INVALID_KEYCHANGE4
SL_E_PKEY_INVALID_KEYCHANGE1
SL_E_PKEY_INVALID_KEYCHANGE1
SL_E_PKEY_INTERNAL_ERROR
SL_E_PKEY_INTERNAL_ERROR
SL_E_PKEY_INVALID_ALGORITHM
SL_E_PKEY_INVALID_ALGORITHM
SL_E_PKEY_INVALID_UNIQUEID
SL_E_PKEY_INVALID_UNIQUEID
SL_E_PKEY_INVALID_CONFIG
SL_E_PKEY_INVALID_CONFIG
SL_E_CHREF_PRODUCT_KEY_BINDING_MISMATCH
SL_E_CHREF_PRODUCT_KEY_BINDING_MISMATCH
SL_E_CHREF_PRODUCT_KEY_POLICY_OVERLAPPED
SL_E_CHREF_PRODUCT_KEY_POLICY_OVERLAPPED
SL_E_CHREF_INVALID_PRODUCT_KEY_UNIQUEID
SL_E_CHREF_INVALID_PRODUCT_KEY_UNIQUEID
SL_E_CHREF_PRODUCT_KEY_POLICY_MISSING
SL_E_CHREF_PRODUCT_KEY_POLICY_MISSING
SL_E_CHREF_INVALID_PRODUCT_KEY_ALGORITHM
SL_E_CHREF_INVALID_PRODUCT_KEY_ALGORITHM
SL_E_CHPA_FAILED_TO_INSERT_PRODUCT_KEY_RECORD
SL_E_CHPA_FAILED_TO_INSERT_PRODUCT_KEY_RECORD
SL_E_CHPA_FAILED_TO_UPDATE_PRODUCT_KEY_RECORD
SL_E_CHPA_FAILED_TO_UPDATE_PRODUCT_KEY_RECORD
SL_E_CHREF_INVALID_PRODUCT_KEY
SL_E_CHREF_INVALID_PRODUCT_KEY
SL_E_CHREF_EXCLUDED_PRODUCT_KEY
SL_E_CHREF_EXCLUDED_PRODUCT_KEY
SL_E_CHREF_PRODUCT_KEY_REVOKED
SL_E_CHREF_PRODUCT_KEY_REVOKED
SL_E_CHPA_PRODUCT_KEY_BEING_USED
SL_E_CHPA_PRODUCT_KEY_BEING_USED
SL_E_CHPA_FAILED_TO_DELETE_PRODUCTKEY_BINDING
SL_E_CHPA_FAILED_TO_DELETE_PRODUCTKEY_BINDING
SL_E_CHPA_FAILED_TO_PROCESS_PRODUCT_KEY_BINDINGS_XML
SL_E_CHPA_FAILED_TO_PROCESS_PRODUCT_KEY_BINDINGS_XML
SL_E_CHPA_FAILED_TO_INSERT_PRODUCT_KEY_PROPERTY
SL_E_CHPA_FAILED_TO_INSERT_PRODUCT_KEY_PROPERTY
SL_E_CHPA_FAILED_TO_UPDATE_PRODUCT_KEY_PROPERTY
SL_E_CHPA_FAILED_TO_UPDATE_PRODUCT_KEY_PROPERTY
SL_E_CHPA_FAILED_TO_DELETE_PRODUCT_KEY_PROPERTY
SL_E_CHPA_FAILED_TO_DELETE_PRODUCT_KEY_PROPERTY
SL_E_CHPA_UNKNOWN_PRODUCT_KEY_TYPE
SL_E_CHPA_UNKNOWN_PRODUCT_KEY_TYPE
SL_E_CHPA_FAILED_TO_INSERT_PRODUCTKEY_BINDING
SL_E_CHPA_FAILED_TO_INSERT_PRODUCTKEY_BINDING
SL_E_CHPA_FAILED_TO_UPDATE_PRODUCTKEY_BINDING
SL_E_CHPA_FAILED_TO_UPDATE_PRODUCTKEY_BINDING
SL_E_CHPA_TIMEBASED_PRODUCT_KEY_NOT_CONFIGURED
SL_E_CHPA_TIMEBASED_PRODUCT_KEY_NOT_CONFIGURED
SL_E_CHPA_INVALID_PRODUCT_KEY_CHAR
SL_E_CHPA_INVALID_PRODUCT_KEY_CHAR
SL_E_CHPA_INVALID_PRODUCT_KEY_FORMAT
SL_E_CHPA_INVALID_PRODUCT_KEY_FORMAT
SL_E_CHPA_INVALID_PRODUCT_KEY_LENGTH
SL_E_CHPA_INVALID_PRODUCT_KEY_LENGTH
SL_E_CHPA_UNSUPPORTED_PRODUCT_KEY
SL_E_CHPA_UNSUPPORTED_PRODUCT_KEY
SL_E_CHPA_INVALID_PRODUCT_KEY
SL_E_CHPA_INVALID_PRODUCT_KEY
SL_E_CHPA_PRODUCT_KEY_BLOCKED
SL_E_CHPA_PRODUCT_KEY_BLOCKED
SL_E_CHPA_PRODUCT_KEY_OUT_OF_RANGE
SL_E_CHPA_PRODUCT_KEY_OUT_OF_RANGE
SL_E_SRV_INVALID_PRODUCT_KEY_LICENSE
SL_E_SRV_INVALID_PRODUCT_KEY_LICENSE
t.Ht!HHt
t.Ht!HHt
JET_wrnKeyChanged
JET_wrnKeyChanged
JET_wrnUniqueKey
JET_wrnUniqueKey
JET_errInvalidOperation
JET_errInvalidOperation
JET_errLanguageNotSupported
JET_errLanguageNotSupported
JET_errKeyDuplicate
JET_errKeyDuplicate
JET_errKeyNotMade
JET_errKeyNotMade
JET_errKeyIsMade
JET_errKeyIsMade
JET_errColumnIndexed
JET_errColumnIndexed
JET_errIndexTuplesKeyTooSmall
JET_errIndexTuplesKeyTooSmall
JET_errTooManyOpenIndexes
JET_errTooManyOpenIndexes
JET_errIllegalOperation
JET_errIllegalOperation
JET_errNullKeyDisallowed
JET_errNullKeyDisallowed
JET_errLinkNotSupported
JET_errLinkNotSupported
JET_errTooManyKeys
JET_errTooManyKeys
JET_errTooManyIndexes
JET_errTooManyIndexes
JET_errUnicodeNormalizationNotSupported
JET_errUnicodeNormalizationNotSupported
JET_errSectorSizeNotSupported
JET_errSectorSizeNotSupported
JET_errInvalidLoggedOperation
JET_errInvalidLoggedOperation
JET_errKeyTooBig
JET_errKeyTooBig
JET_errKeyTruncated
JET_errKeyTruncated
JET_errKeyBoundary
JET_errKeyBoundary
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
GetWindowsDirectoryW
GetWindowsDirectoryW
_amsg_exit
_amsg_exit
TrustedInstaller.pdb
TrustedInstaller.pdb
9$9*979_9
9$9*979_9
=!=&= =4=
=!=&= =4=
SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Version
SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Version
\cbscore.dll
\cbscore.dll
0.0.0.1
0.0.0.1
\wrpint.dll
\wrpint.dll
Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending
Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending
%s\%s
%s\%s
.WorkingDirectory
.WorkingDirectory
\CbsPersist_*.*
\CbsPersist_*.*
"%s" %s %s
"%s" %s %s
\CbsPersist_*.log
\CbsPersist_*.log
makecab.exe
makecab.exe
%s\CbsPersist_dddddd.log
%s\CbsPersist_dddddd.log
\CBS.log
\CBS.log
SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing
SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing
wdscore.dll
wdscore.dll
SxsStore.dll
SxsStore.dll
Windows Modules Installer
Windows Modules Installer
6.1.7601.17514 (win7sp1_rtm.101119-1850)
6.1.7601.17514 (win7sp1_rtm.101119-1850)
TrustedInstaller.exe
TrustedInstaller.exe
Windows
Windows
Operating System
Operating System
6.1.7601.17514
6.1.7601.17514
%original file name%.exe_2744:
.text
.text
`.rsrc
`.rsrc
@.reloc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
v2.0.50727
v2.0.50727
Microsoft.Win32
Microsoft.Win32
IUrlHistoryStg2
IUrlHistoryStg2
STATURLFLAG_ISCACHED
STATURLFLAG_ISCACHED
STATURL_QUERYFLAG_ISCACHED
STATURL_QUERYFLAG_ISCACHED
URL_ESCAPE_UNSAFE
URL_ESCAPE_UNSAFE
ADDURL_ADDTOHISTORYANDCACHE
ADDURL_ADDTOHISTORYANDCACHE
ADDURL_ADDTOCACHE
ADDURL_ADDTOCACHE
STATURL_QUERYFLAG_NOTITLE
STATURL_QUERYFLAG_NOTITLE
URL_UNESCAPE
URL_UNESCAPE
SHGFI_EXETYPE
SHGFI_EXETYPE
ADDURL_FLAG
ADDURL_FLAG
STATURLFLAG_ISTOPLEVEL
STATURLFLAG_ISTOPLEVEL
STATURL_QUERYFLAG_TOPLEVEL
STATURL_QUERYFLAG_TOPLEVEL
URL_PLUGGABLE_PROTOCOL
URL_PLUGGABLE_PROTOCOL
STATURL_QUERYFLAG_NOURL
STATURL_QUERYFLAG_NOURL
IEnumSTATURL
IEnumSTATURL
lpSTATURL
lpSTATURL
shlwapi_URL
shlwapi_URL
get_URL
get_URL
set_URL
set_URL
CannonializeURL
CannonializeURL
wstrURL
wstrURL
System.IO
System.IO
STATURLFLAGS
STATURLFLAGS
STATURL_QUERYFLAGS
STATURL_QUERYFLAGS
URL_ESCAPE_PERCENT
URL_ESCAPE_PERCENT
URL_DONT_SIMPLIFY
URL_DONT_SIMPLIFY
URL_ESCAPE_SPACES_ONLY
URL_ESCAPE_SPACES_ONLY
System.Collections.Generic
System.Collections.Generic
k__BackingField
k__BackingField
k__BackingField
k__BackingField
get_Password
get_Password
set_Password
set_Password
DecryptIePassword
DecryptIePassword
System.Collections.IComparer.Compare
System.Collections.IComparer.Compare
UrlCanonicalize
UrlCanonicalize
GetURLHashString
GetURLHashString
get_UrlString
get_UrlString
IUrlHistoryStg
IUrlHistoryStg
DoesURLMatchWithHash
DoesURLMatchWithHash
urlHash
urlHash
System.ComponentModel
System.ComponentModel
advapi32.dll
advapi32.dll
Kernel32.dll
Kernel32.dll
shell32.dll
shell32.dll
shlwapi.dll
shlwapi.dll
IELibrary.dll
IELibrary.dll
AddUrl
AddUrl
DeleteUrl
DeleteUrl
pocsUrl
pocsUrl
pwcsUrl
pwcsUrl
QueryUrl
QueryUrl
pszUrl
pszUrl
_staturl
_staturl
System.Reflection
System.Reflection
STATURLEnumerator
STATURLEnumerator
.ctor
.ctor
System.Diagnostics
System.Diagnostics
GetSavedPasswords
GetSavedPasswords
System.Runtime.InteropServices
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Runtime.CompilerServices
System.Runtime.InteropServices.ComTypes
System.Runtime.InteropServices.ComTypes
get_EnumUrls
get_EnumUrls
System.Collections
System.Collections
UrlHistoryClass
UrlHistoryClass
_urlHistoryList
_urlHistoryList
System.Text
System.Text
OpenSubKey
OpenSubKey
hKey
hKey
RegistryKey
RegistryKey
AddUrlAndNotify
AddUrlAndNotify
System.Security.Cryptography
System.Security.Cryptography
ExplorerUrlHistory
ExplorerUrlHistory
GetUrlHistory
GetUrlHistory
urlHistory
urlHistory
System.Security
System.Security
$83018595-3f8a-4e71-94b2-8e41a61ed763
$83018595-3f8a-4e71-94b2-8e41a61ed763
1.0.0.0
1.0.0.0
$3C374A42-BAE4-11CF-BF7D-00AA006946EE
$3C374A42-BAE4-11CF-BF7D-00AA006946EE
$3C374A41-BAE4-11CF-BF7D-00AA006946EE
$3C374A41-BAE4-11CF-BF7D-00AA006946EE
$AFA0DC11-C313-11D0-831A-00C04FD5AE38
$AFA0DC11-C313-11D0-831A-00C04FD5AE38
$3C374A40-BAE4-11CF-BF7D-00AA006946EE
$3C374A40-BAE4-11CF-BF7D-00AA006946EE
C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb
C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb
mscoree.dll
mscoree.dll
6DDJ75IZVOLLH0TZEJ7MRASB6RTPEDDCJN74UEJ2.exe
6DDJ75IZVOLLH0TZEJ7MRASB6RTPEDDCJN74UEJ2.exe
Microsoft.VisualBasic
Microsoft.VisualBasic
System.Windows.Forms
System.Windows.Forms
System.Drawing
System.Drawing
System.Xml
System.Xml
System.Management
System.Management
user32.dll
user32.dll
avicap32.dll
avicap32.dll
User32.dll
User32.dll
kernel32.dll
kernel32.dll
IELibrary.resources
IELibrary.resources
Microsoft.VisualBasic.ApplicationServices
Microsoft.VisualBasic.ApplicationServices
System.CodeDom.Compiler
System.CodeDom.Compiler
Microsoft.VisualBasic.Devices
Microsoft.VisualBasic.Devices
m_MyWebServicesObjectProvider
m_MyWebServicesObjectProvider
.cctor
.cctor
get_WebServices
get_WebServices
HelpKeywordAttribute
HelpKeywordAttribute
System.ComponentModel.Design
System.ComponentModel.Design
WebServices
WebServices
Microsoft.VisualBasic.CompilerServices
Microsoft.VisualBasic.CompilerServices
MyWebServices
MyWebServices
keylogger
keylogger
webcam
webcam
webcam_time
webcam_time
webfilter
webfilter
disablecmd
disablecmd
BypassUAC
BypassUAC
ProcessHandle
ProcessHandle
System.Threading
System.Threading
_Sendwebcam
_Sendwebcam
lastkey
lastkey
Microsoft.VisualBasic.MyServices
Microsoft.VisualBasic.MyServices
CreateSubKey
CreateSubKey
DeleteSubKeyTree
DeleteSubKeyTree
SetFileBypassUAC
SetFileBypassUAC
System.Security.AccessControl
System.Security.AccessControl
System.Security.Principal
System.Security.Principal
System.Timers
System.Timers
GetExecutingAssembly
GetExecutingAssembly
Operators
Operators
get_Sendwebcam
get_Sendwebcam
set_Sendwebcam
set_Sendwebcam
System.Drawing.Imaging
System.Drawing.Imaging
OperatingSystem
OperatingSystem
Sendwebcam_Tick
Sendwebcam_Tick
WebClient
WebClient
System.Net
System.Net
System.Collections.Specialized
System.Collections.Specialized
System.Text.RegularExpressions
System.Text.RegularExpressions
FtpWebRequest
FtpWebRequest
WebRequest
WebRequest
UploadFTP
UploadFTP
UploadFTPImage
UploadFTPImage
MsgBox
MsgBox
MsgBoxResult
MsgBoxResult
MsgBoxStyle
MsgBoxStyle
SmtpClient
SmtpClient
System.Net.Mail
System.Net.Mail
System.Collections.ObjectModel
System.Collections.ObjectModel
set_Port
set_Port
DeleteSubKey
DeleteSubKey
get_ExecutablePath
get_ExecutablePath
webfilterr
webfilterr
HttpWebRequest
HttpWebRequest
WebResponse
WebResponse
get_Keyboard
get_Keyboard
Keyboard
Keyboard
get_AltKeyDown
get_AltKeyDown
get_CtrlKeyDown
get_CtrlKeyDown
Keys
Keys
get_ShiftKeyDown
get_ShiftKeyDown
kbHook_KeyDown
kbHook_KeyDown
kbHook_KeyUp
kbHook_KeyUp
GetKeyboardLayout
GetKeyboardLayout
wVirtKey
wVirtKey
lpKeyState
lpKeyState
GetKeyboardState
GetKeyboardState
MapVirtualKey
MapVirtualKey
Sendwebcam
Sendwebcam
OperatingSystemName
OperatingSystemName
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
get_Msg
get_Msg
KeyboardHook
KeyboardHook
KeyDownEvent
KeyDownEvent
KeyUpEvent
KeyUpEvent
WH_KEYBOARD_LL
WH_KEYBOARD_LL
WM_KEYDOWN
WM_KEYDOWN
WM_KEYUP
WM_KEYUP
WM_SYSKEYDOWN
WM_SYSKEYDOWN
WM_SYSKEYUP
WM_SYSKEYUP
SetWindowsHookEx
SetWindowsHookEx
add_KeyDown
add_KeyDown
remove_KeyDown
remove_KeyDown
add_KeyUp
add_KeyUp
remove_KeyUp
remove_KeyUp
KeyboardProc
KeyboardProc
KeyDown
KeyDown
KeyUp
KeyUp
KeyDownEventHandler
KeyDownEventHandler
KeyUpEventHandler
KeyUpEventHandler
processHandle
processHandle
PROCESS_VM_OPERATION
PROCESS_VM_OPERATION
GetCPUID
GetCPUID
Export
Export
_password
_password
Password
Password
Passwords
Passwords
_wsftpkey
_wsftpkey
opera_salt
opera_salt
GetChromePasswords
GetChromePasswords
GetOperaPasswords
GetOperaPasswords
GetYandexPasswords
GetYandexPasswords
GetFirefoxPasswords
GetFirefoxPasswords
System.Resources
System.Resources
GetIExplorerPasswords
GetIExplorerPasswords
GetSafariPasswords
GetSafariPasswords
GetSeaMonkeyPasswords
GetSeaMonkeyPasswords
GetComodoPasswords
GetComodoPasswords
GetCoolnovoPasswords
GetCoolnovoPasswords
GetChromiumPasswords
GetChromiumPasswords
lpKeyName
lpKeyName
GetSubKeyNames
GetSubKeyNames
GetWinSCPPasswords
GetWinSCPPasswords
SmartFTP
SmartFTP
KeyCollection
KeyCollection
get_Keys
get_Keys
WS_FTP
WS_FTP
DecodeWSFTP
DecodeWSFTP
DecryptWSFTP
DecryptWSFTP
FtpCommander
FtpCommander
decryptOutlookPassword
decryptOutlookPassword
GetFoxmailPasswords
GetFoxmailPasswords
OperaMail
OperaMail
set_Key
set_Key
ContainsKey
ContainsKey
keychain
keychain
DecryptPassword
DecryptPassword
set_UseShellExecute
set_UseShellExecute
ConvertKeychain
ConvertKeychain
Firefox
Firefox
is64BitOperatingSystem
is64BitOperatingSystem
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
loadCerts
loadCerts
SQLiteHandler
SQLiteHandler
SQLDataTypeSize
SQLDataTypeSize
sqlite_master_entry
sqlite_master_entry
sql_statement
sql_statement
SafeKeyHandle
SafeKeyHandle
RegOpenKeyEx
RegOpenKeyEx
subKey
subKey
System.Runtime.ConstrainedExecution
System.Runtime.ConstrainedExecution
RegCloseKey
RegCloseKey
8.0.0.0
8.0.0.0
My.Computer
My.Computer
My.Application
My.Application
My.User
My.User
My.WebServices
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
4System.Web.Services.Protocols.SoapHttpClientProtocol
_CorExeMain
_CorExeMain
-,1020304050607098:8;8==?=
-,1020304050607098:8;8==?=
smtp
smtp
%startupfolder%
%startupfolder%
\Java\JavaUpdtr.exe
\Java\JavaUpdtr.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion
SOFTWARE\Microsoft\Windows NT\CurrentVersion
76487-337-8429955-22614
76487-337-8429955-22614
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Windows\System32\WindowsPowerShell\v1.0\powershell.exe
eventvwr.exe
eventvwr.exe
Windows 7
Windows 7
Windows 8
Windows 8
Windows 10
Windows 10
webpanel
webpanel
Software\Microsoft\Windows NT\CurrentVersion\Windows
Software\Microsoft\Windows NT\CurrentVersion\Windows
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
WebCap
WebCap
\CamCampture\webcam.jpeg
\CamCampture\webcam.jpeg
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&webcam_screen={7}&client={8}&link={9}&username={10}&password={11}&screen_link={12}
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&webcam_screen={7}&client={8}&link={9}&username={10}&password={11}&screen_link={12}
Webcam Capture From:
Webcam Capture From:
associacion@asociacionvecinosmalilla.com
associacion@asociacionvecinosmalilla.com
Agent_Tesla_Webcam_
Agent_Tesla_Webcam_
.jpeg
.jpeg
hXXps://api.imgur.com/3/upload.xml
hXXps://api.imgur.com/3/upload.xml
\ScreenShot\screen.jpeg
\ScreenShot\screen.jpeg
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&webcam_link={7}&client={8}&link={9}&username={10}&password={11}&screen_link={12}
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&webcam_link={7}&client={8}&link={9}&username={10}&password={11}&screen_link={12}
/log.tmp
/log.tmp
keylog
keylog
Keystrokes From:
Keystrokes From:
.html
.html
Agent_Tesla_Keystrokes_
Agent_Tesla_Keystrokes_
%ftphost%/
%ftphost%/
%ftpuser%
%ftpuser%
%ftppassword%
%ftppassword%
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&wbscreen={7}&client={8}&link={9}&username={10}&password={11}&screen_name={12}
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&wbscreen={7}&client={8}&link={9}&username={10}&password={11}&screen_name={12}
passwords
passwords
Password:
Password:
\CoreFTP\sites.idx
\CoreFTP\sites.idx
HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\
HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\
HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSites
HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSites
Port
Port
CoreFTP
CoreFTP
Passwords Recovered From:
Passwords Recovered From:
Agent_Tesla_Password_Recoveries_
Agent_Tesla_Password_Recoveries_
asociacionvecinosmalilla.com
asociacionvecinosmalilla.com
:Zone.Identifier
:Zone.Identifier
%DownLink%
%DownLink%
/%filename%
/%filename%
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 1 /f
REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 1 /f
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
DisableCMD
DisableCMD
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d 1 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d 1 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 1 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 1 /f
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
REG add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
REG add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
REG add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
REG add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
MSCONFIG.EXE
MSCONFIG.EXE
\JavaUpdtr.exe
\JavaUpdtr.exe
ashWebSv
ashWebSv
keyscrambler
keyscrambler
npfmsg
npfmsg
%filter_list%
%filter_list%
%PostURL%/post.php
%PostURL%/post.php
Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)
Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)
application/x-www-form-urlencoded
application/x-www-form-urlencoded
hXXp://checkip.dyndns.org/
hXXp://checkip.dyndns.org/
vbc.exe
vbc.exe
logins
logins
origin_url
origin_url
password_value
password_value
Google\Chrome\User Data\Default\Login Data
Google\Chrome\User Data\Default\Login Data
Chrome
Chrome
Opera Software\Opera Stable\Login Data
Opera Software\Opera Stable\Login Data
Opera
Opera
Yandex\YandexBrowser\User Data\Default\Login Data
Yandex\YandexBrowser\User Data\Default\Login Data
firefox
firefox
logins.json
logins.json
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
IELibrary.InternetExplorer
IELibrary.InternetExplorer
\Common Files\Apple\Apple Application Support\plutil.exe
\Common Files\Apple\Apple Application Support\plutil.exe
\Apple Computer\Preferences\keychain.plist
\Apple Computer\Preferences\keychain.plist
seamonkey
seamonkey
SeaMonkey
SeaMonkey
Comodo\Dragon\User Data\Default\Login Data
Comodo\Dragon\User Data\Default\Login Data
MapleStudio\ChromePlus\User Data\Default\Login Data
MapleStudio\ChromePlus\User Data\Default\Login Data
Chromium\User Data\Default\Login Data
Chromium\User Data\Default\Login Data
HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine
HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine
SavePasswordText
SavePasswordText
signons.sqlite
signons.sqlite
moz_logins
moz_logins
encryptedPassword
encryptedPassword
signons3.txt
signons3.txt
DynDNS\Updater\config.dyndns
DynDNS\Updater\config.dyndns
password=
password=
hXXp://DynDns.com
hXXp://DynDns.com
\FileZilla\recentservers.xml
\FileZilla\recentservers.xml
PublicKeyFile
PublicKeyFile
PortNumber
PortNumber
[PRIVATE KEY LOCATION: "{0}"]
[PRIVATE KEY LOCATION: "{0}"]
\FlashFXP\3quick.dat
\FlashFXP\3quick.dat
port=
port=
pass=
pass=
\jDownloader\config\database.script
\jDownloader\config\database.script
HKEY_CURRENT_USER\Software\Paltalk\
HKEY_CURRENT_USER\Software\Paltalk\
hXXp://Paltalk.com
hXXp://Paltalk.com
\.purple\accounts.xml
\.purple\accounts.xml
\SmartFTP\Client 2.0\Favorites\Quick Connect\
\SmartFTP\Client 2.0\Favorites\Quick Connect\
SmartFTPClient 2.0FavoritesQuick Connect*.xml
SmartFTPClient 2.0FavoritesQuick Connect*.xml
\Ipswitch\WS_FTP\Sites\ws_PTF.ini
\Ipswitch\WS_FTP\Sites\ws_PTF.ini
Password decryption failed!
Password decryption failed!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander\UninstallString
uninstall.exe
uninstall.exe
Ftplist.txt
Ftplist.txt
;Port=
;Port=
;Password=
;Password=
FTPCommander
FTPCommander
HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC
HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC
HKEY_CURRENT_USER\SOFTWARE\Vitalwerks\DUC
HKEY_CURRENT_USER\SOFTWARE\Vitalwerks\DUC
hXXp://no-ip.com
hXXp://no-ip.com
\Account.CFN
\Account.CFN
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
IMAP Password
IMAP Password
POP3 Password
POP3 Password
HTTP Password
HTTP Password
SMTP Password
SMTP Password
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
\Accounts\Account.rec0
\Accounts\Account.rec0
\Account.stg
\Account.stg
POP3Password
POP3Password
\Opera Mail\Opera Mail\wand.dat
\Opera Mail\Opera Mail\wand.dat
Opera Mail
Opera Mail
\Pocomail\accounts.ini
\Pocomail\accounts.ini
POPPass
POPPass
SMTPPass
SMTPPass
\fixed_keychain.xml"
\fixed_keychain.xml"
\Mozilla Firefox\
\Mozilla Firefox\
\Mozilla Thunderbird\
\Mozilla Thunderbird\
\SeaMonkey\
\SeaMonkey\
\msvcr100.dll
\msvcr100.dll
\msvcp100.dll
\msvcp100.dll
\msvcr120.dll
\msvcr120.dll
\msvcp120.dll
\msvcp120.dll
\msvcp140.dll
\msvcp140.dll
\vcruntime140.dll
\vcruntime140.dll
mozglue.dll
mozglue.dll
nss3.dll
nss3.dll
\Mozilla\Firefox\
\Mozilla\Firefox\
profiles.ini
profiles.ini
\Mozilla\SeaMonkey\
\Mozilla\SeaMonkey\
SQLite format 3
SQLite format 3
Not a valid SQLite 3 Database File
Not a valid SQLite 3 Database File
Auto-vacuum capable database is not supported
Auto-vacuum capable database is not supported
WScript.Shell
WScript.Shell
Software\DownloadManager\Passwords\
Software\DownloadManager\Passwords\
EncPassword
EncPassword
0.0.0.0
0.0.0.0
%original file name%.exe_2744_rwx_00400000_0002A000:
.text
.text
`.rsrc
`.rsrc
@.reloc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
v2.0.50727
v2.0.50727
Microsoft.Win32
Microsoft.Win32
IUrlHistoryStg2
IUrlHistoryStg2
STATURLFLAG_ISCACHED
STATURLFLAG_ISCACHED
STATURL_QUERYFLAG_ISCACHED
STATURL_QUERYFLAG_ISCACHED
URL_ESCAPE_UNSAFE
URL_ESCAPE_UNSAFE
ADDURL_ADDTOHISTORYANDCACHE
ADDURL_ADDTOHISTORYANDCACHE
ADDURL_ADDTOCACHE
ADDURL_ADDTOCACHE
STATURL_QUERYFLAG_NOTITLE
STATURL_QUERYFLAG_NOTITLE
URL_UNESCAPE
URL_UNESCAPE
SHGFI_EXETYPE
SHGFI_EXETYPE
ADDURL_FLAG
ADDURL_FLAG
STATURLFLAG_ISTOPLEVEL
STATURLFLAG_ISTOPLEVEL
STATURL_QUERYFLAG_TOPLEVEL
STATURL_QUERYFLAG_TOPLEVEL
URL_PLUGGABLE_PROTOCOL
URL_PLUGGABLE_PROTOCOL
STATURL_QUERYFLAG_NOURL
STATURL_QUERYFLAG_NOURL
IEnumSTATURL
IEnumSTATURL
lpSTATURL
lpSTATURL
shlwapi_URL
shlwapi_URL
get_URL
get_URL
set_URL
set_URL
CannonializeURL
CannonializeURL
wstrURL
wstrURL
System.IO
System.IO
STATURLFLAGS
STATURLFLAGS
STATURL_QUERYFLAGS
STATURL_QUERYFLAGS
URL_ESCAPE_PERCENT
URL_ESCAPE_PERCENT
URL_DONT_SIMPLIFY
URL_DONT_SIMPLIFY
URL_ESCAPE_SPACES_ONLY
URL_ESCAPE_SPACES_ONLY
System.Collections.Generic
System.Collections.Generic
k__BackingField
k__BackingField
k__BackingField
k__BackingField
get_Password
get_Password
set_Password
set_Password
DecryptIePassword
DecryptIePassword
System.Collections.IComparer.Compare
System.Collections.IComparer.Compare
UrlCanonicalize
UrlCanonicalize
GetURLHashString
GetURLHashString
get_UrlString
get_UrlString
IUrlHistoryStg
IUrlHistoryStg
DoesURLMatchWithHash
DoesURLMatchWithHash
urlHash
urlHash
System.ComponentModel
System.ComponentModel
advapi32.dll
advapi32.dll
Kernel32.dll
Kernel32.dll
shell32.dll
shell32.dll
shlwapi.dll
shlwapi.dll
IELibrary.dll
IELibrary.dll
AddUrl
AddUrl
DeleteUrl
DeleteUrl
pocsUrl
pocsUrl
pwcsUrl
pwcsUrl
QueryUrl
QueryUrl
pszUrl
pszUrl
_staturl
_staturl
System.Reflection
System.Reflection
STATURLEnumerator
STATURLEnumerator
.ctor
.ctor
System.Diagnostics
System.Diagnostics
GetSavedPasswords
GetSavedPasswords
System.Runtime.InteropServices
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Runtime.CompilerServices
System.Runtime.InteropServices.ComTypes
System.Runtime.InteropServices.ComTypes
get_EnumUrls
get_EnumUrls
System.Collections
System.Collections
UrlHistoryClass
UrlHistoryClass
_urlHistoryList
_urlHistoryList
System.Text
System.Text
OpenSubKey
OpenSubKey
hKey
hKey
RegistryKey
RegistryKey
AddUrlAndNotify
AddUrlAndNotify
System.Security.Cryptography
System.Security.Cryptography
ExplorerUrlHistory
ExplorerUrlHistory
GetUrlHistory
GetUrlHistory
urlHistory
urlHistory
System.Security
System.Security
$83018595-3f8a-4e71-94b2-8e41a61ed763
$83018595-3f8a-4e71-94b2-8e41a61ed763
1.0.0.0
1.0.0.0
$3C374A42-BAE4-11CF-BF7D-00AA006946EE
$3C374A42-BAE4-11CF-BF7D-00AA006946EE
$3C374A41-BAE4-11CF-BF7D-00AA006946EE
$3C374A41-BAE4-11CF-BF7D-00AA006946EE
$AFA0DC11-C313-11D0-831A-00C04FD5AE38
$AFA0DC11-C313-11D0-831A-00C04FD5AE38
$3C374A40-BAE4-11CF-BF7D-00AA006946EE
$3C374A40-BAE4-11CF-BF7D-00AA006946EE
C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb
C:\Users\Admin\Desktop\IELibrary\IELibrary\obj\Debug\IELibrary.pdb
mscoree.dll
mscoree.dll
6DDJ75IZVOLLH0TZEJ7MRASB6RTPEDDCJN74UEJ2.exe
6DDJ75IZVOLLH0TZEJ7MRASB6RTPEDDCJN74UEJ2.exe
Microsoft.VisualBasic
Microsoft.VisualBasic
System.Windows.Forms
System.Windows.Forms
System.Drawing
System.Drawing
System.Xml
System.Xml
System.Management
System.Management
user32.dll
user32.dll
avicap32.dll
avicap32.dll
User32.dll
User32.dll
kernel32.dll
kernel32.dll
IELibrary.resources
IELibrary.resources
Microsoft.VisualBasic.ApplicationServices
Microsoft.VisualBasic.ApplicationServices
System.CodeDom.Compiler
System.CodeDom.Compiler
Microsoft.VisualBasic.Devices
Microsoft.VisualBasic.Devices
m_MyWebServicesObjectProvider
m_MyWebServicesObjectProvider
.cctor
.cctor
get_WebServices
get_WebServices
HelpKeywordAttribute
HelpKeywordAttribute
System.ComponentModel.Design
System.ComponentModel.Design
WebServices
WebServices
Microsoft.VisualBasic.CompilerServices
Microsoft.VisualBasic.CompilerServices
MyWebServices
MyWebServices
keylogger
keylogger
webcam
webcam
webcam_time
webcam_time
webfilter
webfilter
disablecmd
disablecmd
BypassUAC
BypassUAC
ProcessHandle
ProcessHandle
System.Threading
System.Threading
_Sendwebcam
_Sendwebcam
lastkey
lastkey
Microsoft.VisualBasic.MyServices
Microsoft.VisualBasic.MyServices
CreateSubKey
CreateSubKey
DeleteSubKeyTree
DeleteSubKeyTree
SetFileBypassUAC
SetFileBypassUAC
System.Security.AccessControl
System.Security.AccessControl
System.Security.Principal
System.Security.Principal
System.Timers
System.Timers
GetExecutingAssembly
GetExecutingAssembly
Operators
Operators
get_Sendwebcam
get_Sendwebcam
set_Sendwebcam
set_Sendwebcam
System.Drawing.Imaging
System.Drawing.Imaging
OperatingSystem
OperatingSystem
Sendwebcam_Tick
Sendwebcam_Tick
WebClient
WebClient
System.Net
System.Net
System.Collections.Specialized
System.Collections.Specialized
System.Text.RegularExpressions
System.Text.RegularExpressions
FtpWebRequest
FtpWebRequest
WebRequest
WebRequest
UploadFTP
UploadFTP
UploadFTPImage
UploadFTPImage
MsgBox
MsgBox
MsgBoxResult
MsgBoxResult
MsgBoxStyle
MsgBoxStyle
SmtpClient
SmtpClient
System.Net.Mail
System.Net.Mail
System.Collections.ObjectModel
System.Collections.ObjectModel
set_Port
set_Port
DeleteSubKey
DeleteSubKey
get_ExecutablePath
get_ExecutablePath
webfilterr
webfilterr
HttpWebRequest
HttpWebRequest
WebResponse
WebResponse
get_Keyboard
get_Keyboard
Keyboard
Keyboard
get_AltKeyDown
get_AltKeyDown
get_CtrlKeyDown
get_CtrlKeyDown
Keys
Keys
get_ShiftKeyDown
get_ShiftKeyDown
kbHook_KeyDown
kbHook_KeyDown
kbHook_KeyUp
kbHook_KeyUp
GetKeyboardLayout
GetKeyboardLayout
wVirtKey
wVirtKey
lpKeyState
lpKeyState
GetKeyboardState
GetKeyboardState
MapVirtualKey
MapVirtualKey
Sendwebcam
Sendwebcam
OperatingSystemName
OperatingSystemName
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
get_Msg
get_Msg
KeyboardHook
KeyboardHook
KeyDownEvent
KeyDownEvent
KeyUpEvent
KeyUpEvent
WH_KEYBOARD_LL
WH_KEYBOARD_LL
WM_KEYDOWN
WM_KEYDOWN
WM_KEYUP
WM_KEYUP
WM_SYSKEYDOWN
WM_SYSKEYDOWN
WM_SYSKEYUP
WM_SYSKEYUP
SetWindowsHookEx
SetWindowsHookEx
add_KeyDown
add_KeyDown
remove_KeyDown
remove_KeyDown
add_KeyUp
add_KeyUp
remove_KeyUp
remove_KeyUp
KeyboardProc
KeyboardProc
KeyDown
KeyDown
KeyUp
KeyUp
KeyDownEventHandler
KeyDownEventHandler
KeyUpEventHandler
KeyUpEventHandler
processHandle
processHandle
PROCESS_VM_OPERATION
PROCESS_VM_OPERATION
GetCPUID
GetCPUID
Export
Export
_password
_password
Password
Password
Passwords
Passwords
_wsftpkey
_wsftpkey
opera_salt
opera_salt
GetChromePasswords
GetChromePasswords
GetOperaPasswords
GetOperaPasswords
GetYandexPasswords
GetYandexPasswords
GetFirefoxPasswords
GetFirefoxPasswords
System.Resources
System.Resources
GetIExplorerPasswords
GetIExplorerPasswords
GetSafariPasswords
GetSafariPasswords
GetSeaMonkeyPasswords
GetSeaMonkeyPasswords
GetComodoPasswords
GetComodoPasswords
GetCoolnovoPasswords
GetCoolnovoPasswords
GetChromiumPasswords
GetChromiumPasswords
lpKeyName
lpKeyName
GetSubKeyNames
GetSubKeyNames
GetWinSCPPasswords
GetWinSCPPasswords
SmartFTP
SmartFTP
KeyCollection
KeyCollection
get_Keys
get_Keys
WS_FTP
WS_FTP
DecodeWSFTP
DecodeWSFTP
DecryptWSFTP
DecryptWSFTP
FtpCommander
FtpCommander
decryptOutlookPassword
decryptOutlookPassword
GetFoxmailPasswords
GetFoxmailPasswords
OperaMail
OperaMail
set_Key
set_Key
ContainsKey
ContainsKey
keychain
keychain
DecryptPassword
DecryptPassword
set_UseShellExecute
set_UseShellExecute
ConvertKeychain
ConvertKeychain
Firefox
Firefox
is64BitOperatingSystem
is64BitOperatingSystem
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
loadCerts
loadCerts
SQLiteHandler
SQLiteHandler
SQLDataTypeSize
SQLDataTypeSize
sqlite_master_entry
sqlite_master_entry
sql_statement
sql_statement
SafeKeyHandle
SafeKeyHandle
RegOpenKeyEx
RegOpenKeyEx
subKey
subKey
System.Runtime.ConstrainedExecution
System.Runtime.ConstrainedExecution
RegCloseKey
RegCloseKey
8.0.0.0
8.0.0.0
My.Computer
My.Computer
My.Application
My.Application
My.User
My.User
My.WebServices
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
4System.Web.Services.Protocols.SoapHttpClientProtocol
_CorExeMain
_CorExeMain
-,1020304050607098:8;8==?=
-,1020304050607098:8;8==?=
smtp
smtp
%startupfolder%
%startupfolder%
\Java\JavaUpdtr.exe
\Java\JavaUpdtr.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion
SOFTWARE\Microsoft\Windows NT\CurrentVersion
76487-337-8429955-22614
76487-337-8429955-22614
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Windows\System32\WindowsPowerShell\v1.0\powershell.exe
eventvwr.exe
eventvwr.exe
Windows 7
Windows 7
Windows 8
Windows 8
Windows 10
Windows 10
webpanel
webpanel
Software\Microsoft\Windows NT\CurrentVersion\Windows
Software\Microsoft\Windows NT\CurrentVersion\Windows
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
WebCap
WebCap
\CamCampture\webcam.jpeg
\CamCampture\webcam.jpeg
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&webcam_screen={7}&client={8}&link={9}&username={10}&password={11}&screen_link={12}
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&webcam_screen={7}&client={8}&link={9}&username={10}&password={11}&screen_link={12}
Webcam Capture From:
Webcam Capture From:
associacion@asociacionvecinosmalilla.com
associacion@asociacionvecinosmalilla.com
Agent_Tesla_Webcam_
Agent_Tesla_Webcam_
.jpeg
.jpeg
hXXps://api.imgur.com/3/upload.xml
hXXps://api.imgur.com/3/upload.xml
\ScreenShot\screen.jpeg
\ScreenShot\screen.jpeg
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&webcam_link={7}&client={8}&link={9}&username={10}&password={11}&screen_link={12}
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&webcam_link={7}&client={8}&link={9}&username={10}&password={11}&screen_link={12}
/log.tmp
/log.tmp
keylog
keylog
Keystrokes From:
Keystrokes From:
.html
.html
Agent_Tesla_Keystrokes_
Agent_Tesla_Keystrokes_
%ftphost%/
%ftphost%/
%ftpuser%
%ftpuser%
%ftppassword%
%ftppassword%
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&wbscreen={7}&client={8}&link={9}&username={10}&password={11}&screen_name={12}
type={0}&hwid={1}&time={2}&pcname={3}&logdata={4}&screen={5}&ipadd={6}&wbscreen={7}&client={8}&link={9}&username={10}&password={11}&screen_name={12}
passwords
passwords
Password:
Password:
\CoreFTP\sites.idx
\CoreFTP\sites.idx
HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\
HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\
HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSites
HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSites
Port
Port
CoreFTP
CoreFTP
Passwords Recovered From:
Passwords Recovered From:
Agent_Tesla_Password_Recoveries_
Agent_Tesla_Password_Recoveries_
asociacionvecinosmalilla.com
asociacionvecinosmalilla.com
:Zone.Identifier
:Zone.Identifier
%DownLink%
%DownLink%
/%filename%
/%filename%
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 1 /f
REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 1 /f
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
DisableCMD
DisableCMD
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d 1 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d 1 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 1 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 1 /f
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
REG add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
REG add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
REG add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
REG add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
MSCONFIG.EXE
MSCONFIG.EXE
\JavaUpdtr.exe
\JavaUpdtr.exe
ashWebSv
ashWebSv
keyscrambler
keyscrambler
npfmsg
npfmsg
%filter_list%
%filter_list%
%PostURL%/post.php
%PostURL%/post.php
Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)
Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)
application/x-www-form-urlencoded
application/x-www-form-urlencoded
hXXp://checkip.dyndns.org/
hXXp://checkip.dyndns.org/
vbc.exe
vbc.exe
logins
logins
origin_url
origin_url
password_value
password_value
Google\Chrome\User Data\Default\Login Data
Google\Chrome\User Data\Default\Login Data
Chrome
Chrome
Opera Software\Opera Stable\Login Data
Opera Software\Opera Stable\Login Data
Opera
Opera
Yandex\YandexBrowser\User Data\Default\Login Data
Yandex\YandexBrowser\User Data\Default\Login Data
firefox
firefox
logins.json
logins.json
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
IELibrary.InternetExplorer
IELibrary.InternetExplorer
\Common Files\Apple\Apple Application Support\plutil.exe
\Common Files\Apple\Apple Application Support\plutil.exe
\Apple Computer\Preferences\keychain.plist
\Apple Computer\Preferences\keychain.plist
seamonkey
seamonkey
SeaMonkey
SeaMonkey
Comodo\Dragon\User Data\Default\Login Data
Comodo\Dragon\User Data\Default\Login Data
MapleStudio\ChromePlus\User Data\Default\Login Data
MapleStudio\ChromePlus\User Data\Default\Login Data
Chromium\User Data\Default\Login Data
Chromium\User Data\Default\Login Data
HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine
HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine
SavePasswordText
SavePasswordText
signons.sqlite
signons.sqlite
moz_logins
moz_logins
encryptedPassword
encryptedPassword
signons3.txt
signons3.txt
DynDNS\Updater\config.dyndns
DynDNS\Updater\config.dyndns
password=
password=
hXXp://DynDns.com
hXXp://DynDns.com
\FileZilla\recentservers.xml
\FileZilla\recentservers.xml
PublicKeyFile
PublicKeyFile
PortNumber
PortNumber
[PRIVATE KEY LOCATION: "{0}"]
[PRIVATE KEY LOCATION: "{0}"]
\FlashFXP\3quick.dat
\FlashFXP\3quick.dat
port=
port=
pass=
pass=
\jDownloader\config\database.script
\jDownloader\config\database.script
HKEY_CURRENT_USER\Software\Paltalk\
HKEY_CURRENT_USER\Software\Paltalk\
hXXp://Paltalk.com
hXXp://Paltalk.com
\.purple\accounts.xml
\.purple\accounts.xml
\SmartFTP\Client 2.0\Favorites\Quick Connect\
\SmartFTP\Client 2.0\Favorites\Quick Connect\
SmartFTPClient 2.0FavoritesQuick Connect*.xml
SmartFTPClient 2.0FavoritesQuick Connect*.xml
\Ipswitch\WS_FTP\Sites\ws_PTF.ini
\Ipswitch\WS_FTP\Sites\ws_PTF.ini
Password decryption failed!
Password decryption failed!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander\UninstallString
uninstall.exe
uninstall.exe
Ftplist.txt
Ftplist.txt
;Port=
;Port=
;Password=
;Password=
FTPCommander
FTPCommander
HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC
HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC
HKEY_CURRENT_USER\SOFTWARE\Vitalwerks\DUC
HKEY_CURRENT_USER\SOFTWARE\Vitalwerks\DUC
hXXp://no-ip.com
hXXp://no-ip.com
\Account.CFN
\Account.CFN
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
IMAP Password
IMAP Password
POP3 Password
POP3 Password
HTTP Password
HTTP Password
SMTP Password
SMTP Password
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
\Accounts\Account.rec0
\Accounts\Account.rec0
\Account.stg
\Account.stg
POP3Password
POP3Password
\Opera Mail\Opera Mail\wand.dat
\Opera Mail\Opera Mail\wand.dat
Opera Mail
Opera Mail
\Pocomail\accounts.ini
\Pocomail\accounts.ini
POPPass
POPPass
SMTPPass
SMTPPass
\fixed_keychain.xml"
\fixed_keychain.xml"
\Mozilla Firefox\
\Mozilla Firefox\
\Mozilla Thunderbird\
\Mozilla Thunderbird\
\SeaMonkey\
\SeaMonkey\
\msvcr100.dll
\msvcr100.dll
\msvcp100.dll
\msvcp100.dll
\msvcr120.dll
\msvcr120.dll
\msvcp120.dll
\msvcp120.dll
\msvcp140.dll
\msvcp140.dll
\vcruntime140.dll
\vcruntime140.dll
mozglue.dll
mozglue.dll
nss3.dll
nss3.dll
\Mozilla\Firefox\
\Mozilla\Firefox\
profiles.ini
profiles.ini
\Mozilla\SeaMonkey\
\Mozilla\SeaMonkey\
SQLite format 3
SQLite format 3
Not a valid SQLite 3 Database File
Not a valid SQLite 3 Database File
Auto-vacuum capable database is not supported
Auto-vacuum capable database is not supported
WScript.Shell
WScript.Shell
Software\DownloadManager\Passwords\
Software\DownloadManager\Passwords\
EncPassword
EncPassword
0.0.0.0
0.0.0.0
securityscan.exe_936:
`.rsrc
`.rsrc
SSh8*
SSh8*
PSSSSSSh
PSSSSSSh
Gt.Ht$
Gt.Ht$
t.jGZf;
t.jGZf;
PSSShl
PSSShl
PVSShl
PVSShl
j.Zf;
j.Zf;
;K|s%f
;K|s%f
.Jw`8Hw~fHw
.Jw`8Hw~fHw
?#%X.y
?#%X.y
GetProcessWindowStation
GetProcessWindowStation
operator
operator
kernel32.dll
kernel32.dll
oleaut32.dll
oleaut32.dll
RegDeleteKeyExW
RegDeleteKeyExW
advapi32.dll
advapi32.dll
Error text not found (please report)
Error text not found (please report)
operand of unlimited repeat could match the empty string
operand of unlimited repeat could match the empty string
POSIX named classes are supported only within a class
POSIX named classes are supported only within a class
erroffset passed as NULL
erroffset passed as NULL
POSIX collating elements are not supported
POSIX collating elements are not supported
this version of PCRE is compiled without UTF support
this version of PCRE is compiled without UTF support
PCRE does not support \L, \l, \N{name}, \U, or \u
PCRE does not support \L, \l, \N{name}, \U, or \u
support for \P, \p, and \X has not been compiled
support for \P, \p, and \X has not been compiled
this version of PCRE is not compiled with Unicode property support
this version of PCRE is not compiled with Unicode property support
\N is not supported in a class
\N is not supported in a class
zcÃ
zcÃ
GetProcessHeap
GetProcessHeap
CreatePipe
CreatePipe
GetWindowsDirectoryW
GetWindowsDirectoryW
GetCPInfo
GetCPInfo
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
SetViewportOrgEx
SetViewportOrgEx
ShellExecuteExW
ShellExecuteExW
SHFileOperationW
SHFileOperationW
ShellExecuteW
ShellExecuteW
RegisterHotKey
RegisterHotKey
GetKeyboardLayoutNameW
GetKeyboardLayoutNameW
ExitWindowsEx
ExitWindowsEx
EnumThreadWindows
EnumThreadWindows
UnregisterHotKey
UnregisterHotKey
keybd_event
keybd_event
GetAsyncKeyState
GetAsyncKeyState
SetKeyboardState
SetKeyboardState
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
VkKeyScanW
VkKeyScanW
EnumWindows
EnumWindows
EnumChildWindows
EnumChildWindows
MapVirtualKeyW
MapVirtualKeyW
CloseWindowStation
CloseWindowStation
SetProcessWindowStation
SetProcessWindowStation
OpenWindowStationW
OpenWindowStationW
InternetCrackUrlW
InternetCrackUrlW
HttpQueryInfoW
HttpQueryInfoW
HttpOpenRequestW
HttpOpenRequestW
HttpSendRequestW
HttpSendRequestW
FtpOpenFileW
FtpOpenFileW
FtpGetFileSize
FtpGetFileSize
InternetOpenUrlW
InternetOpenUrlW
##@,&,//,))
##@,&,//,))
.jQG2
.jQG2
3(-,'')-*/%'
3(-,'')-*/%'
9(***3).**-)'
9(***3).**-)'
H%d=j@
H%d=j@
0!;....(
0!;....(
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
@.MNT
@.MNT
n..GGHHH
n..GGHHH
n...GGHHH
n...GGHHH
n ....HGHHHH
n ....HGHHHH
n ....G.HHH
n ....G.HHH
~~~~{~{{{{
~~~~{~{{{{
n!! ....HGHHHH
n!! ....HGHHHH
n!! .....HHHHHH
n!! .....HHHHHH
!!! ....GGHHH
!!! ....GGHHH
!!"".....HHHHnv
!!"".....HHHHnv
"""...-.nv
"""...-.nv
i/!.yu
i/!.yu
o.ENV
o.ENV
F .nk
F .nk
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
COMDLG32.dll
COMDLG32.dll
GDI32.dll
GDI32.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
MPR.dll
MPR.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
PSAPI.DLL
PSAPI.DLL
SHELL32.dll
SHELL32.dll
USER32.dll
USER32.dll
USERENV.dll
USERENV.dll
UxTheme.dll
UxTheme.dll
VERSION.dll
VERSION.dll
WININET.dll
WININET.dll
WINMM.dll
WINMM.dll
WSOCK32.dll
WSOCK32.dll
mscoree.dll
mscoree.dll
combase.dll
combase.dll
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- floating point support not loaded
- floating point support not loaded
USER32.DLL
USER32.DLL
>>>AUTOIT NO CMDEXECUTE
>>>AUTOIT NO CMDEXECUTE
CMDLINERAW
CMDLINERAW
CMDLINE
CMDLINE
/AutoIt3ExecuteLine
/AutoIt3ExecuteLine
/AutoIt3ExecuteScript
/AutoIt3ExecuteScript
APPSKEY
APPSKEY
789:;?
789:;?
FTPSETPROXY
FTPSETPROXY
GUICTRLRECVMSG
GUICTRLRECVMSG
GUICTRLSENDMSG
GUICTRLSENDMSG
GUIGETMSG
GUIGETMSG
GUIREGISTERMSG
GUIREGISTERMSG
HOTKEYSET
HOTKEYSET
HTTPSETPROXY
HTTPSETPROXY
HTTPSETUSERAGENT
HTTPSETUSERAGENT
ISKEYWORD
ISKEYWORD
MSGBOX
MSGBOX
REGENUMKEY
REGENUMKEY
SHELLEXECUTE
SHELLEXECUTE
SHELLEXECUTEWAIT
SHELLEXECUTEWAIT
TCPACCEPT
TCPACCEPT
TCPCLOSESOCKET
TCPCLOSESOCKET
TCPCONNECT
TCPCONNECT
TCPLISTEN
TCPLISTEN
TCPNAMETOIP
TCPNAMETOIP
TCPRECV
TCPRECV
TCPSEND
TCPSEND
TCPSHUTDOWN
TCPSHUTDOWN
TCPSTARTUP
TCPSTARTUP
TRAYGETMSG
TRAYGETMSG
UDPBIND
UDPBIND
UDPCLOSESOCKET
UDPCLOSESOCKET
UDPOPEN
UDPOPEN
UDPRECV
UDPRECV
UDPSEND
UDPSEND
UDPSHUTDOWN
UDPSHUTDOWN
UDPSTARTUP
UDPSTARTUP
SendKeyDelay
SendKeyDelay
SendKeyDownDelay
SendKeyDownDelay
TCPTimeout
TCPTimeout
WINDOWSDIR
WINDOWSDIR
AUTOITEXE
AUTOITEXE
HOTKEYPRESSED
HOTKEYPRESSED
%s (%d) : ==> %s.:
%s (%d) : ==> %s.:
Line %d:
Line %d:
Line %d (File "%s"):
Line %d (File "%s"):
%s (%d) : ==> %s:
%s (%d) : ==> %s:
AutoIt script files (*.au3, *.a3x)
AutoIt script files (*.au3, *.a3x)
*.au3;*.a3x
*.au3;*.a3x
All files (*.*)
All files (*.*)
04090000
04090000
%u.%u.%u.%u
%u.%u.%u.%u
0.0.0.0
0.0.0.0
Mddddd
Mddddd
"%s" (%d) : ==> %s:
"%s" (%d) : ==> %s:
\??\%s
\??\%s
GUI_RUNDEFMSG
GUI_RUNDEFMSG
AUTOITCALLVARIABLE%d
AUTOITCALLVARIABLE%d
255.255.255.255
255.255.255.255
Keyword
Keyword
AUTOIT.ERROR
AUTOIT.ERROR
Null Object assignment in FOR..IN loop
Null Object assignment in FOR..IN loop
Incorrect Object type in FOR..IN loop
Incorrect Object type in FOR..IN loop
3, 3, 12, 0
3, 3, 12, 0
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_USERS
HKEY_USERS
%d/d/d
%d/d/d
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\securityscan.exe
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\securityscan.exe
AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.
AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.
Missing operator in expression."Unbalanced brackets in expression.
Missing operator in expression."Unbalanced brackets in expression.
Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.#Variable subscript badly formatted.*Subscript used on non-accessible variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.
Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.#Variable subscript badly formatted.*Subscript used on non-accessible variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.
0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.
0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.
Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.K"ContinueLoop" statement with no matching "While", "Do" or "For" statement.
Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.K"ContinueLoop" statement with no matching "While", "Do" or "For" statement.
Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.
Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.
3This keyword cannot be used after a "Then" keyword.>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.
3This keyword cannot be used after a "Then" keyword.>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.
Can not redeclare a constant.5Can not redeclare a parameter inside a user function.HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.
Can not redeclare a constant.5Can not redeclare a parameter inside a user function.HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.
String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.
String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.
2.2.0.1
2.2.0.1
securityscan.exe_936_rwx_00AF1000_000FE000:
SSh8*
SSh8*
PSSSSSSh
PSSSSSSh
Gt.Ht$
Gt.Ht$
t.jGZf;
t.jGZf;
PSSShl
PSSShl
PVSShl
PVSShl
j.Zf;
j.Zf;
;K|s%f
;K|s%f
.Jw`8Hw~fHw
.Jw`8Hw~fHw
?#%X.y
?#%X.y
GetProcessWindowStation
GetProcessWindowStation
operator
operator
kernel32.dll
kernel32.dll
oleaut32.dll
oleaut32.dll
RegDeleteKeyExW
RegDeleteKeyExW
advapi32.dll
advapi32.dll
Error text not found (please report)
Error text not found (please report)
operand of unlimited repeat could match the empty string
operand of unlimited repeat could match the empty string
POSIX named classes are supported only within a class
POSIX named classes are supported only within a class
erroffset passed as NULL
erroffset passed as NULL
POSIX collating elements are not supported
POSIX collating elements are not supported
this version of PCRE is compiled without UTF support
this version of PCRE is compiled without UTF support
PCRE does not support \L, \l, \N{name}, \U, or \u
PCRE does not support \L, \l, \N{name}, \U, or \u
support for \P, \p, and \X has not been compiled
support for \P, \p, and \X has not been compiled
this version of PCRE is not compiled with Unicode property support
this version of PCRE is not compiled with Unicode property support
\N is not supported in a class
\N is not supported in a class
zcÃ
zcÃ
GetProcessHeap
GetProcessHeap
CreatePipe
CreatePipe
GetWindowsDirectoryW
GetWindowsDirectoryW
GetCPInfo
GetCPInfo
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
SetViewportOrgEx
SetViewportOrgEx
ShellExecuteExW
ShellExecuteExW
SHFileOperationW
SHFileOperationW
ShellExecuteW
ShellExecuteW
RegisterHotKey
RegisterHotKey
GetKeyboardLayoutNameW
GetKeyboardLayoutNameW
ExitWindowsEx
ExitWindowsEx
EnumThreadWindows
EnumThreadWindows
UnregisterHotKey
UnregisterHotKey
keybd_event
keybd_event
GetAsyncKeyState
GetAsyncKeyState
SetKeyboardState
SetKeyboardState
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
VkKeyScanW
VkKeyScanW
EnumWindows
EnumWindows
EnumChildWindows
EnumChildWindows
MapVirtualKeyW
MapVirtualKeyW
CloseWindowStation
CloseWindowStation
SetProcessWindowStation
SetProcessWindowStation
OpenWindowStationW
OpenWindowStationW
InternetCrackUrlW
InternetCrackUrlW
HttpQueryInfoW
HttpQueryInfoW
HttpOpenRequestW
HttpOpenRequestW
HttpSendRequestW
HttpSendRequestW
FtpOpenFileW
FtpOpenFileW
FtpGetFileSize
FtpGetFileSize
InternetOpenUrlW
InternetOpenUrlW
##@,&,//,))
##@,&,//,))
.jQG2
.jQG2
3(-,'')-*/%'
3(-,'')-*/%'
9(***3).**-)'
9(***3).**-)'
H%d=j@
H%d=j@
0!;....(
0!;....(
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
mscoree.dll
mscoree.dll
combase.dll
combase.dll
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- floating point support not loaded
- floating point support not loaded
USER32.DLL
USER32.DLL
>>>AUTOIT NO CMDEXECUTE
>>>AUTOIT NO CMDEXECUTE
CMDLINERAW
CMDLINERAW
CMDLINE
CMDLINE
/AutoIt3ExecuteLine
/AutoIt3ExecuteLine
/AutoIt3ExecuteScript
/AutoIt3ExecuteScript
APPSKEY
APPSKEY
789:;?
789:;?
FTPSETPROXY
FTPSETPROXY
GUICTRLRECVMSG
GUICTRLRECVMSG
GUICTRLSENDMSG
GUICTRLSENDMSG
GUIGETMSG
GUIGETMSG
GUIREGISTERMSG
GUIREGISTERMSG
HOTKEYSET
HOTKEYSET
HTTPSETPROXY
HTTPSETPROXY
HTTPSETUSERAGENT
HTTPSETUSERAGENT
ISKEYWORD
ISKEYWORD
MSGBOX
MSGBOX
REGENUMKEY
REGENUMKEY
SHELLEXECUTE
SHELLEXECUTE
SHELLEXECUTEWAIT
SHELLEXECUTEWAIT
TCPACCEPT
TCPACCEPT
TCPCLOSESOCKET
TCPCLOSESOCKET
TCPCONNECT
TCPCONNECT
TCPLISTEN
TCPLISTEN
TCPNAMETOIP
TCPNAMETOIP
TCPRECV
TCPRECV
TCPSEND
TCPSEND
TCPSHUTDOWN
TCPSHUTDOWN
TCPSTARTUP
TCPSTARTUP
TRAYGETMSG
TRAYGETMSG
UDPBIND
UDPBIND
UDPCLOSESOCKET
UDPCLOSESOCKET
UDPOPEN
UDPOPEN
UDPRECV
UDPRECV
UDPSEND
UDPSEND
UDPSHUTDOWN
UDPSHUTDOWN
UDPSTARTUP
UDPSTARTUP
SendKeyDelay
SendKeyDelay
SendKeyDownDelay
SendKeyDownDelay
TCPTimeout
TCPTimeout
WINDOWSDIR
WINDOWSDIR
AUTOITEXE
AUTOITEXE
HOTKEYPRESSED
HOTKEYPRESSED
%s (%d) : ==> %s.:
%s (%d) : ==> %s.:
Line %d:
Line %d:
Line %d (File "%s"):
Line %d (File "%s"):
%s (%d) : ==> %s:
%s (%d) : ==> %s:
AutoIt script files (*.au3, *.a3x)
AutoIt script files (*.au3, *.a3x)
*.au3;*.a3x
*.au3;*.a3x
All files (*.*)
All files (*.*)
04090000
04090000
%u.%u.%u.%u
%u.%u.%u.%u
0.0.0.0
0.0.0.0
Mddddd
Mddddd
"%s" (%d) : ==> %s:
"%s" (%d) : ==> %s:
\??\%s
\??\%s
GUI_RUNDEFMSG
GUI_RUNDEFMSG
AUTOITCALLVARIABLE%d
AUTOITCALLVARIABLE%d
255.255.255.255
255.255.255.255
Keyword
Keyword
AUTOIT.ERROR
AUTOIT.ERROR
Null Object assignment in FOR..IN loop
Null Object assignment in FOR..IN loop
Incorrect Object type in FOR..IN loop
Incorrect Object type in FOR..IN loop
3, 3, 12, 0
3, 3, 12, 0
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_USERS
HKEY_USERS
%d/d/d
%d/d/d
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\securityscan.exe
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\log\securityscan.exe
AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.
AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.
Missing operator in expression."Unbalanced brackets in expression.
Missing operator in expression."Unbalanced brackets in expression.
Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.#Variable subscript badly formatted.*Subscript used on non-accessible variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.
Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.#Variable subscript badly formatted.*Subscript used on non-accessible variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.
0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.
0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.
Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.K"ContinueLoop" statement with no matching "While", "Do" or "For" statement.
Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.K"ContinueLoop" statement with no matching "While", "Do" or "For" statement.
Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.
Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.
3This keyword cannot be used after a "Then" keyword.>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.
3This keyword cannot be used after a "Then" keyword.>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.
Can not redeclare a constant.5Can not redeclare a parameter inside a user function.HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.
Can not redeclare a constant.5Can not redeclare a parameter inside a user function.HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.
String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.
String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.