HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Variant.Kazy.530639 (B) (Emsisoft), Gen:Variant.Kazy.530639 (AdAware), ZeroAccess.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 6ed750e80b585b72e5a7b8b97e9a7f62
SHA1: db754a6610b0066c475868468ad3170f8006845f
SHA256: 0c179bd3fb0bdd2e3959df89bbe7f8debc2039fd9195b37b69b849c01bc9970b
SSDeep: 24576:deiMQbRiL29rq5n2ny174FqQADA0SmFHxr iMDesoWyWO2:dSQ1pq5n2EW4VOr
Size: 1034240 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-02-07 11:53:36
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
cscript.exe:468
cscript.exe:884
cscript.exe:312
cscript.exe:1168
cscript.exe:1200
cscript.exe:1876
cscript.exe:272
cscript.exe:844
cscript.exe:496
cscript.exe:1784
cscript.exe:204
cscript.exe:1948
cscript.exe:852
cscript.exe:536
cscript.exe:1076
cscript.exe:1732
cscript.exe:1072
cscript.exe:1252
cscript.exe:544
cscript.exe:1652
cscript.exe:548
cscript.exe:1564
cscript.exe:1244
cscript.exe:996
cscript.exe:1312
cscript.exe:208
cscript.exe:676
cscript.exe:1612
cscript.exe:920
cscript.exe:1956
cscript.exe:168
cscript.exe:164
cscript.exe:224
cscript.exe:1508
cscript.exe:372
cscript.exe:1640
cscript.exe:1188
cscript.exe:1824
cscript.exe:1628
cscript.exe:968
cscript.exe:1604
cscript.exe:1240
cscript.exe:2000
cscript.exe:1980
cscript.exe:476
cscript.exe:532
cscript.exe:1100
cscript.exe:436
cscript.exe:1004
cscript.exe:820
cscript.exe:1416
cscript.exe:1512
%original file name%.exe:1788
%original file name%.exe:1324
%original file name%.exe:884
%original file name%.exe:1780
%original file name%.exe:1564
%original file name%.exe:1168
%original file name%.exe:332
%original file name%.exe:272
%original file name%.exe:996
%original file name%.exe:1640
%original file name%.exe:176
%original file name%.exe:496
%original file name%.exe:1488
%original file name%.exe:1784
%original file name%.exe:204
%original file name%.exe:692
%original file name%.exe:1588
%original file name%.exe:1056
%original file name%.exe:668
%original file name%.exe:1072
%original file name%.exe:1136
%original file name%.exe:956
%original file name%.exe:1500
%original file name%.exe:548
%original file name%.exe:1400
%original file name%.exe:528
%original file name%.exe:828
%original file name%.exe:1236
%original file name%.exe:448
%original file name%.exe:756
%original file name%.exe:896
%original file name%.exe:1792
%original file name%.exe:676
%original file name%.exe:1356
%original file name%.exe:1152
%original file name%.exe:244
%original file name%.exe:1512
%original file name%.exe:164
%original file name%.exe:224
%original file name%.exe:480
%original file name%.exe:868
%original file name%.exe:900
%original file name%.exe:852
%original file name%.exe:1188
%original file name%.exe:1528
%original file name%.exe:928
%original file name%.exe:356
%original file name%.exe:1980
%original file name%.exe:532
%original file name%.exe:1668
%original file name%.exe:920
%original file name%.exe:1572
%original file name%.exe:1004
%original file name%.exe:1380
%original file name%.exe:376
The Trojan injects its code into the following process(es):
rSwooYMM.exe:1108
jWcYYUcg.exe:524
FeEQMIQs.exe:1552
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process rSwooYMM.exe:1108 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (11518 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (7385 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (7433 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (35505 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (7385 bytes)
C:\totalcmd\TCUNINST.EXE.exe (7385 bytes)
C:\totalcmd\TcUsbRun.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\MAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (7433 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (7433 bytes)
C:\totalcmd\TCMDX32.EXE.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (7971 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (10177 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (7385 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp (0 bytes)
C:\totalcmd\TCMDX32.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp (0 bytes)
C:\totalcmd\TCUNINST.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp (0 bytes)
C:\totalcmd\TCMADMIN.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg (0 bytes)
C:\totalcmd\TOTALCMD.EXE (0 bytes)
The process %original file name%.exe:1788 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HEAoIgUQ.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uYIskYcU.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\uYIskYcU.bat (0 bytes)
The process %original file name%.exe:1324 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eYAkcIsw.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KAAwgEUk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TEQsYUsA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HEIYwggc.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\eYAkcIsw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TEQsYUsA.bat (0 bytes)
The process %original file name%.exe:884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EqAMIYwY.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VIYgswYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MkgAEYoY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BigYMEgw.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EqAMIYwY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MkgAEYoY.bat (0 bytes)
The process %original file name%.exe:1780 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xQMwMAYM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hsEYUMAw.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gYUogwAA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sukQYUME.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SAksokMk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yGoMQwwY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zuIwgwME.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EQgwogog.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yGoMQwwY.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EQgwogog.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zuIwgwME.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SAksokMk.bat (0 bytes)
The process %original file name%.exe:1564 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NeockEow.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DEwAocgM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\DEwAocgM.bat (0 bytes)
The process %original file name%.exe:1168 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ssUYYYEQ.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HggcwEEM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\HggcwEEM.bat (0 bytes)
The process %original file name%.exe:332 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RyEAkEsE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sSsUoQIw.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RyEAkEsE.bat (0 bytes)
The process %original file name%.exe:272 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xiEUcAYM.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IAkYsAcc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IAkYsAcc.bat (0 bytes)
The process %original file name%.exe:996 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dasIsQkI.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsscEoEw.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsscEoEw.bat (0 bytes)
The process %original file name%.exe:1640 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FaAMckUA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LiYcwYYQ.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FaAMckUA.bat (0 bytes)
The process %original file name%.exe:176 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\lCskAMAc.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dkoQgcQI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\dkoQgcQI.bat (0 bytes)
The process %original file name%.exe:496 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GacAQMYA.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EigMAUQY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GacAQMYA.bat (0 bytes)
The process %original file name%.exe:1488 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qGAkAMoQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nyQEYcYE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qGAkAMoQ.bat (0 bytes)
The process %original file name%.exe:1784 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bskwIMok.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LMMoQsMU.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bskwIMok.bat (0 bytes)
The process %original file name%.exe:204 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NgAIcwQQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SmcUwwkA.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\NgAIcwQQ.bat (0 bytes)
The process %original file name%.exe:692 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZUgUgwcI.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lUQssoII.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sEgMoIko.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ruMwYAYE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ZUgUgwcI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lUQssoII.bat (0 bytes)
The process %original file name%.exe:1588 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nSkwUMoI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XsUQkYAE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nSkwUMoI.bat (0 bytes)
The process %original file name%.exe:1056 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XIwkkMoo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PCgAIkQw.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XIwkkMoo.bat (0 bytes)
The process %original file name%.exe:668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BEwMYsEI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yKwUoAAE.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\BEwMYsEI.bat (0 bytes)
The process %original file name%.exe:1072 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AksAIAgg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aiQIocgY.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ygUYUIkU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hycEIYUs.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\AksAIAgg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ygUYUIkU.bat (0 bytes)
The process %original file name%.exe:1136 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GAAMEoUs.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yeYUosEs.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\yeYUosEs.bat (0 bytes)
The process %original file name%.exe:956 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\zWQQsosA.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RUoUUEUU.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RUoUUEUU.bat (0 bytes)
The process %original file name%.exe:1500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GoMkIYEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XOYAAwww.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XOYAAwww.bat (0 bytes)
The process %original file name%.exe:548 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aWYUgsAs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FaAQgwwI.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aWYUgsAs.bat (0 bytes)
The process %original file name%.exe:1400 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZwIEAYwY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fOEQowoc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\fOEQowoc.bat (0 bytes)
The process %original file name%.exe:528 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XasYsgMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WKkgUAIc.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\WKkgUAIc.bat (0 bytes)
The process %original file name%.exe:828 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\acwEgkEQ.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YgMIkUsY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\acwEgkEQ.bat (0 bytes)
The process %original file name%.exe:1236 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jassQkkg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LUYQskYw.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jassQkkg.bat (0 bytes)
The process %original file name%.exe:448 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.exe (7713 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TmkMcYYg.bat (112 bytes)
%Documents and Settings%\All Users\BOAMIgUE\jWcYYUcg.exe (7737 bytes)
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe (7761 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XowMowgo.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XowMowgo.bat (0 bytes)
The process %original file name%.exe:756 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jGwQwMwI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EcwggIoQ.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\neUEAowU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GKYIgIEU.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\neUEAowU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GKYIgIEU.bat (0 bytes)
The process %original file name%.exe:896 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XygAcQsM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WgEYowgY.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\XygAcQsM.bat (0 bytes)
The process %original file name%.exe:1792 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\VSYwQoUo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ugMsAsQM.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ksQAUYYo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vYoQgsUM.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ugMsAsQM.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ksQAUYYo.bat (0 bytes)
The process %original file name%.exe:676 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PckcgAIo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vaUgoMgI.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XYEYcYEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZIMQUkQY.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\PckcgAIo.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZIMQUkQY.bat (0 bytes)
The process %original file name%.exe:1356 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aYwgkQYk.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GIoUMosQ.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\GIoUMosQ.bat (0 bytes)
The process %original file name%.exe:1152 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kiwwMUEQ.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zwEIsAAI.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\kiwwMUEQ.bat (0 bytes)
The process %original file name%.exe:244 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KIIoUQsk.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OWQcIsAQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BIccgscI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jscYcMII.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OWQcIsAQ.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jscYcMII.bat (0 bytes)
The process %original file name%.exe:1512 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BEkQwwEo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NKwQkUkg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XCkAksQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PWsEkQcU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tOgMkkgc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iKccYIYw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SkgwcEIU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zaIAMwAU.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iKccYIYw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zaIAMwAU.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NKwQkUkg.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tOgMkkgc.bat (0 bytes)
The process %original file name%.exe:164 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cOEwMsck.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\icEgEUwo.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cOEwMsck.bat (0 bytes)
The process %original file name%.exe:224 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\gYAYQAwI.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\syIUEcgg.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\syIUEcgg.bat (0 bytes)
The process %original file name%.exe:480 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\EQEYUMcE.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qaMQIIwg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iSYAYQsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HuIkwooQ.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\iSYAYQsw.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HuIkwooQ.bat (0 bytes)
The process %original file name%.exe:868 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qEgskkUI.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wwIkYEwA.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\qEgskkUI.bat (0 bytes)
The process %original file name%.exe:900 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\bQAYkIEM.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\leQAEEQA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\leQAEEQA.bat (0 bytes)
The process %original file name%.exe:852 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\saUAUEQs.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xgMkkwcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OgUAcYcY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EcMsIEEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nkIcMQUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KIYEwwkA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\KIYEwwkA.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xgMkkwcI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nkIcMQUI.bat (0 bytes)
The process %original file name%.exe:1188 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FkAkwgkI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cegQAsog.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FkAkwgkI.bat (0 bytes)
The process %original file name%.exe:1528 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pUMscoQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VkIssEYE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\pUMscoQI.bat (0 bytes)
The process %original file name%.exe:928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pYoQQEMc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IYIkogQA.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\IYIkogQA.bat (0 bytes)
The process %original file name%.exe:356 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\poIIMcos.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rUwssQgY.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\poIIMcos.bat (0 bytes)
The process %original file name%.exe:1980 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FAYQgIgc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\leAQYIkM.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\FAYQgIgc.bat (0 bytes)
The process %original file name%.exe:532 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\usMUMAcI.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MAwwswws.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dqwEowIk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VsgcYUco.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\usMUMAcI.bat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MAwwswws.bat (0 bytes)
The process %original file name%.exe:1668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ySwIEUII.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UEoAwEoo.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\ySwIEUII.bat (0 bytes)
The process %original file name%.exe:920 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jQccMsEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xyYwkkcM.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\xyYwkkcM.bat (0 bytes)
The process %original file name%.exe:1572 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JQAEoAAs.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HwsMcsAE.bat (112 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\JQAEoAAs.bat (0 bytes)
The process %original file name%.exe:1004 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\OCMAowIc.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vQYEMUQw.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vQYEMUQw.bat (0 bytes)
The process %original file name%.exe:376 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\TYQAMckY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rmoYIYMU.bat (4 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\rmoYIYMU.bat (0 bytes)
The process FeEQMIQs.exe:1552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\MAAo.txt (8082 bytes)
The Trojan deletes the following file(s):
Registry activity
The process cscript.exe:468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE BA 4D F4 84 A6 64 BB E7 F0 36 C4 D3 A6 B9 25"
The process cscript.exe:884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DB 5E EE F0 4E F9 F7 5D 0C 6F 4D 46 46 17 A0 D1"
The process cscript.exe:312 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 E4 49 D4 6C DB 32 01 4D E6 81 30 34 B1 84 4A"
The process cscript.exe:1168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "47 82 82 3A F9 14 99 2A EB FC 8E 4E 63 C7 6B B7"
The process cscript.exe:1200 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F 71 34 23 48 6A 99 F7 16 76 80 4A 51 10 02 8D"
The process cscript.exe:1876 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F5 68 1E C3 AF F9 C0 42 56 5C 6C CC 71 55 FE 98"
The process cscript.exe:272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 35 AF 64 E8 F9 8B 98 77 8D 1E BA 02 96 29 A0"
The process cscript.exe:844 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C F3 5A 54 5B 18 63 9C 83 B6 43 5B 08 33 07 B5"
The process cscript.exe:496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF E9 13 8E EE 1A 26 AD 31 B5 85 61 26 50 6B 7A"
The process cscript.exe:1784 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "43 07 0B 36 8C 4E 78 38 17 3B 4A 9C 99 33 E0 A0"
The process cscript.exe:204 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB 31 97 FD 80 C4 25 C1 74 75 8C 6B 15 14 68 69"
The process cscript.exe:1948 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A A7 D5 E4 64 BF 0D C6 60 D0 B5 27 C6 99 BC E0"
The process cscript.exe:852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "29 23 77 13 02 F5 F4 A5 83 DF D2 8D 12 B1 49 F5"
The process cscript.exe:536 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 A9 BB 97 E0 62 00 B0 72 D9 A6 C0 50 32 5E 5C"
The process cscript.exe:1076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 82 5D CD C2 D8 21 23 E7 1C FA 99 F7 3C 5A 23"
The process cscript.exe:1732 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 44 9C C6 2A 72 98 AC 0B FF 94 C4 95 9C 48 19"
The process cscript.exe:1072 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 40 AD CB A5 5F AE 5D 6C 1A EA 31 CD A5 88 9C"
The process cscript.exe:1252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 4A 81 98 DF 3B BC 52 FF F7 3E 7D 79 24 58 38"
The process cscript.exe:544 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 FE 04 FA 2F 0E DF 0A E9 66 86 93 BB A7 E9 2E"
The process cscript.exe:1652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 7B 70 14 FB 1C 08 8E 43 96 3A 98 A6 00 AC 14"
The process cscript.exe:548 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 F9 56 97 F9 F8 EE E2 DA 79 AF 12 A9 5F 17 87"
The process cscript.exe:1564 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E 44 80 43 C4 10 C1 7B 58 C2 A0 4A 7C B4 ED CE"
The process cscript.exe:1244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 81 F3 22 1C 81 80 B3 1A FE 38 66 48 C6 05 D0"
The process cscript.exe:996 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C DB 60 AE 4F B7 36 B5 9F DC C8 0F 74 35 5C EA"
The process cscript.exe:1312 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 1F CD 6E BC D3 52 69 FB B6 B5 27 1D 67 82 6A"
The process cscript.exe:208 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 87 87 66 30 FA 04 B0 D9 01 D5 B7 F8 31 9B C0"
The process cscript.exe:676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D B3 77 2C 40 FA 7D 15 00 8B A4 08 76 2C 74 79"
The process cscript.exe:1612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "11 BB AB 40 DC 67 CE B7 48 B3 C8 4F DF DF FA 69"
The process cscript.exe:920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 AF 63 2E B5 8B B3 05 91 78 AD 01 82 85 AB A5"
The process cscript.exe:1956 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A4 0F A7 B3 78 BB 4D E2 09 55 D7 3D 64 B7 EC 18"
The process cscript.exe:168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 6C 0B 7C 5D 31 BA 23 D8 14 11 A7 C9 86 15 F4"
The process cscript.exe:164 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "56 BE 57 C6 82 9C 07 41 CD 67 D8 EE 6D FB 00 14"
The process cscript.exe:224 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 E7 BF DC F2 D9 BA 9F 39 6F 5E 8F 67 E0 79 9B"
The process cscript.exe:1508 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 18 1B 2B 12 3B 00 31 A8 24 0C A3 77 47 72 5E"
The process cscript.exe:372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 B4 A6 39 28 9C 00 12 95 53 A3 65 30 EF BA 7A"
The process cscript.exe:1640 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B2 56 40 97 C3 0B B0 E7 71 FE 49 30 99 D7 F7 5B"
The process cscript.exe:1188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 7E E9 41 F8 CD 8E E9 99 0D C7 1D FD C4 EE A3"
The process cscript.exe:1824 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 12 03 23 B1 E9 56 3B 09 52 C7 40 7F 71 F1 C2"
The process cscript.exe:1628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 39 19 65 BF 2F D5 73 AE 0A 55 20 4B F0 25 3C"
The process cscript.exe:968 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B 51 22 BF 2C E6 FB 89 58 08 88 E6 8E 6F 40 8C"
The process cscript.exe:1604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C C5 DE D6 DB D0 B4 04 61 57 43 EF 2B 4E 77 E0"
The process cscript.exe:1240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 7F 68 A5 C4 3E 64 A2 5D B3 A9 E9 CD 82 11 EA"
The process cscript.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC 67 07 A9 44 EF 5A 5F D7 22 01 D9 03 C8 EB FF"
The process cscript.exe:1980 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 EE 52 CF D5 A9 E7 77 A8 3F 2A 05 E2 76 A1 FE"
The process cscript.exe:476 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F AB 50 B2 46 FB D1 71 34 78 5B D1 C4 9D E5 4E"
The process cscript.exe:532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 D3 C7 F1 D1 B9 E1 74 55 81 09 45 64 46 D6 CF"
The process cscript.exe:1100 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "47 E8 1F 11 05 3A 35 40 51 26 10 EA 0E 8F 3F 3B"
The process cscript.exe:436 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 36 D2 B7 2B 2A 65 9E E0 88 25 D4 E0 69 C8 B7"
The process cscript.exe:1004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 F9 23 01 14 AE CE 5B 03 15 49 FF EC D2 CB F0"
The process cscript.exe:820 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 61 29 66 08 BE B6 A3 6A 9F EB 04 3F 1B 36 FB"
The process cscript.exe:1416 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 5F 26 6C CD BB 71 EE 55 54 5B CB E7 5F 23 27"
The process cscript.exe:1512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE 9B 8F 23 78 6B 31 12 78 C3 63 47 1C 9C AC AE"
The process rSwooYMM.exe:1108 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C DA EF 8A D3 6E 9F 61 AA 65 5B 83 20 90 1E 1D"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"rSwooYMM.exe" = "%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.exe"
The process %original file name%.exe:1788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 D6 07 D4 47 4D CB AA 4E 06 2E 86 D5 8B A1 B0"
The process %original file name%.exe:1324 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F 18 37 0C 9D 04 A2 72 67 62 EE 9B 97 37 A9 A1"
The process %original file name%.exe:884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D 39 6C 4D CB 3E 64 F7 74 BA 06 26 CA 4E E4 49"
The process %original file name%.exe:1780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 CE 98 20 5F 58 F5 EF 73 BF 79 52 74 07 10 53"
The process %original file name%.exe:1564 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 07 DD F9 A0 09 A6 27 7F DC BA A2 DC F7 98 5B"
The process %original file name%.exe:1168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 4F 9D 83 64 79 C7 0A A2 7C DA 3B F5 97 CA 4D"
The process %original file name%.exe:332 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A DE 92 E6 59 03 F4 9D 55 0C E5 EB BE CE EC B7"
The process %original file name%.exe:272 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 17 18 C8 F9 FC 52 CB 25 75 FB 91 B4 63 7B 32"
The process %original file name%.exe:996 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 A2 8A A7 32 28 D3 7E A8 42 9E B6 16 95 B9 05"
The process %original file name%.exe:1640 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "43 93 55 E5 02 7C A3 4C 7D 59 0E A8 0F 92 0B 45"
The process %original file name%.exe:176 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 B4 6B B1 A2 5D EE F1 F5 74 1A 9F EC 54 9C 84"
The process %original file name%.exe:496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 E8 DE 6E 2E 1F F2 11 79 EA 01 C3 66 03 41 83"
The process %original file name%.exe:1488 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 9D C9 3C A3 B0 A0 BD CA 40 71 60 F2 9B 3F 6C"
The process %original file name%.exe:1784 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 4A B9 D2 33 9D 22 30 0C 09 0A FF 03 EE FD 59"
The process %original file name%.exe:204 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 49 59 83 51 71 6F 9C 43 35 D6 B3 7E 4D D8 ED"
The process %original file name%.exe:692 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 46 32 D1 BC E9 A8 F1 DE 9B B1 2C AB 6F 7A EC"
The process %original file name%.exe:1588 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1B 9F FE 73 C9 03 63 0C 6E 9E 28 56 C4 5B 18 E9"
The process %original file name%.exe:1056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 9B AB FE D7 D7 1F 50 21 11 0B 97 48 E5 18 39"
The process %original file name%.exe:668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "15 BF 72 4E F8 D1 3D 89 48 59 C5 34 16 9F 52 85"
The process %original file name%.exe:1072 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D 69 50 24 FD 10 72 E3 47 CB F0 F2 BD B3 88 01"
The process %original file name%.exe:1136 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 AD 9D E9 50 54 72 7B 00 66 4C 8A 91 DE 08 26"
The process %original file name%.exe:956 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E5 D8 91 F4 03 78 55 A6 64 73 79 D9 64 0E BC 53"
The process %original file name%.exe:1500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 C9 B3 44 FB A7 34 77 08 20 DB 8F 45 C8 B0 F1"
The process %original file name%.exe:548 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 1C BA 99 2D 2A 54 EC CE E0 00 C1 49 00 66 BB"
The process %original file name%.exe:1400 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 E7 E7 61 5C 80 12 1F 10 31 D5 73 63 EB 0B 11"
The process %original file name%.exe:528 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 C2 36 FA 91 44 F8 E4 B5 06 8A 58 CC 0C 58 E8"
The process %original file name%.exe:828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B ED 69 8E 55 23 D3 38 40 FE 20 5E EE 5D 04 75"
The process %original file name%.exe:1236 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 4A 86 3D 63 5C 14 6C 38 92 A6 3D B0 6F 59 38"
The process %original file name%.exe:448 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 4C 42 69 D5 5F 3E 19 74 57 4A 76 A5 A4 BD 00"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FeEQMIQs.exe" = "%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe"
The Trojan adds the reference to itself to be executed when a user logs on:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe,%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe,"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"rSwooYMM.exe" = "%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.exe"
The process %original file name%.exe:756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE BF B1 BE 83 74 99 51 97 AB C4 EA 16 FE AB F0"
The process %original file name%.exe:896 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AC AC C5 4D 16 F0 B4 47 CA DA 53 2B 14 DE 5F 41"
The process %original file name%.exe:1792 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E2 6F C3 3D 75 44 C4 8E 86 8D 85 C9 C6 7E 44 69"
The process %original file name%.exe:676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "64 CD 48 10 45 F6 FC FA 26 33 AF B5 7A 5D 5E 12"
The process %original file name%.exe:1356 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F 73 1D EF 89 5B 6D EF 4B AD 8E 40 75 DD 4C 9B"
The process %original file name%.exe:1152 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E 10 8E BF 26 17 C6 B6 14 A9 C4 22 7E 73 D7 C1"
The process %original file name%.exe:244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3B 9D 3E 45 29 27 80 80 AD A3 51 1F 86 5D CF DA"
The process %original file name%.exe:1512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "82 AD 07 0A 63 7C 99 AB AD DB 1C 15 F0 C0 89 D6"
The process %original file name%.exe:164 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 1B 24 60 D0 26 C8 15 9F D4 13 1F 39 CE D6 91"
The process %original file name%.exe:224 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BD 23 C9 6A A8 F6 0E 36 DC EC 08 9F FA BC 81 B7"
The process %original file name%.exe:480 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 D9 61 A5 E9 5D B2 DC A5 45 91 A6 AD 27 FD 6B"
The process %original file name%.exe:868 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 81 F3 7A 69 6D 7F 69 1E FF 14 11 C6 EC 15 84"
The process %original file name%.exe:900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1A 6E C6 AC 88 00 04 B8 62 5E 99 DE 9E 50 7B 18"
The process %original file name%.exe:852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C FE 29 DE 4E 51 A2 23 25 04 3B 24 F0 AA 36 8E"
The process %original file name%.exe:1188 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 F5 BF B6 D6 D3 41 B1 ED 84 57 A6 FD 90 94 18"
The process %original file name%.exe:1528 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C3 3E 20 CE 55 A3 04 BF 0E 47 FD EE 65 9E E0 BC"
The process %original file name%.exe:928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 64 6F 5C 0F 9A D3 61 E2 E8 10 CF 88 74 13 D8"
The process %original file name%.exe:356 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "85 F4 BC B4 94 4A 1E 51 2E 5D 5A 01 F8 6E 8F 35"
The process %original file name%.exe:1980 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 16 0F 38 7A 62 D5 4C AC A7 1C 43 F7 41 A4 11"
The process %original file name%.exe:532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 5A D3 07 2C 18 FB 53 49 1A 07 00 5E 20 4B E9"
The process %original file name%.exe:1668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 25 62 D3 4D BD E7 81 4B B1 89 84 22 C2 32 70"
The process %original file name%.exe:920 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 22 F1 38 7E 07 F7 90 0F 4C 1C 26 05 75 A3 F3"
The process %original file name%.exe:1572 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 77 3D CD 92 71 0A 0E 6A E1 18 89 5A FC 09 3E"
The process %original file name%.exe:1004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF 26 F6 BE 0F FE CB 46 EE 3C CE A9 AD EA D2 9C"
The process %original file name%.exe:1380 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 88 40 8C 8B 53 79 5F 88 27 01 3B E7 61 3D 78"
The process %original file name%.exe:376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 71 23 38 FF A6 6A 01 4A F7 1F 7F 99 37 97 7F"
The process jWcYYUcg.exe:524 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C2 C0 BF 1E 7C 08 B7 E4 A5 F0 A5 0E AD 42 C8 33"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FeEQMIQs.exe" = "%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe"
The process FeEQMIQs.exe:1552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 91 D8 BF 3A FC D5 66 6D C9 FE A3 A1 69 50 59"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FeEQMIQs.exe" = "%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe"
Dropped PE files
| MD5 | File path |
|---|---|
| 72423a6ce0e3159984a468de15703710 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe |
| 5b5b0eb4167ce12cc926f2fb53d1129a | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe |
| 98463f977a11fd7cad0bd699bf29544d | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe |
| b12807ae1553ca2523be57b80e1501d1 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe |
| f7394d4980c95074a0fd87f45c74bbb3 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe |
| 882d5b65392e98ad56d5fea509cb459f | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe |
| 0cd4e6a39814e05e3c1685b469d14228 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe |
| b1cf27e857a66f33e5715d58bb6d874e | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe |
| 61e848d1c8a4a572091a6398636ec74c | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe |
| 27e49e856efc520c29969b5dd3bd4905 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe |
| 483ee407c8ebe7dfa5674ef0f9c5b09d | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe |
| d2e8d282d18e8663adf8e3a10255ba41 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe |
| 614e763e4cf451593ec3b37702d8385e | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe |
| 31bf54791e97e8e4d639bfe8657ffc9c | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe |
| 2ef0b9b7d69cdcbb7346d243b212c807 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe |
| aa8eeef1ad387ec48359efd3a0cdeece | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe |
| f0cf9b9168bc6aad73842c9a5de4819a | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe |
| e034897055c48f1ca46b0b6972cd2408 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe |
| a6396d3978098c2e34b30f253e25927a | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe |
| 12f834893e525c1de23d0bd7cd146adc | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe |
| 45caa11388d5d89660c5449718f5dc15 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe |
| 7b4d2771a9e116ddb7fd26c030dc4351 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe |
| e8141109baf488b3369c96226a624218 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe |
| b639fcf3cc1cfe022cf5429425048d16 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe |
| cd89bd22a8d68d51caec7c6328895f4a | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe |
| 50c4409b32e725287ccae6892ebb7f80 | c:\Documents and Settings\All Users\BOAMIgUE\jWcYYUcg.exe |
| 08922f80cf4809b73d8fdd92177fed51 | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe |
| a63f1860e90ee8fbbbd0bbf966b86b41 | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe |
| 79251342f5c2391b945f1c7ae10a2c8d | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe |
| f5e8439ac391b580c414414ffdd3df5a | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe |
| d84af9ef0ea2c1c218eee96b809a9386 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe |
| 3bfcea80ff38c952fc993cc98c190fd5 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe |
| c726617d0af843eaff8b82b069795b04 | c:\Documents and Settings\All Users\hUEQccwo\FeEQMIQs.exe |
| 3b9eedb28ef0e26ee6c43685295c65e5 | c:\Documents and Settings\"%CurrentUserName%"\NwIscAww\rSwooYMM.exe |
| 897a8648f92ad3030742bc25e90ffe21 | c:\Perl\eg\IEExamples\ie_animated.gif.exe |
| 970c2204fe4ac3d229076cbdb3bd770b | c:\Perl\eg\aspSamples\ASbanner.gif.exe |
| 0a51001dcac93a342516a8b2f4c2a380 | c:\Perl\eg\aspSamples\Main_Banner.gif.exe |
| 4c65720ac204c93b7a52bd7a1d7ae69d | c:\Perl\eg\aspSamples\psbwlogo.gif.exe |
| 1dc0593f7aa2964c46718956739a06ca | c:\Perl\lib\ActivePerl\PPM\images\gecko.png.exe |
| 91acca2dd5b8fa114997c5d789f77451 | c:\Perl\lib\ActivePerl\PPM\images\perl_48x48.png.exe |
| 7e092ab14714760ca5906566433bc384 | c:\Perl\lib\Devel\NYTProf\js\asc.png.exe |
| c9b62583b6f41bd33ef03bbe11ea8cb1 | c:\Perl\lib\Devel\NYTProf\js\bg.png.exe |
| 7d64cc07ac1cb241ca7438441e973b81 | c:\Perl\lib\Devel\NYTProf\js\desc.png.exe |
| 33d8dc2c20548e49234e956b4b0db4c5 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient.png.exe |
| bc9545d484fddaac611556ee440eef3d | c:\Perl\lib\Devel\NYTProf\js\jit\gradient20.png.exe |
| d54695000d2d86c2e706557fc3b91ccc | c:\Perl\lib\Devel\NYTProf\js\jit\gradient30.png.exe |
| 3b6be6b9f65cda06003d44e1e8850db0 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient40.png.exe |
| ce9d992089209fac4193bb873b7702df | c:\Perl\lib\Devel\NYTProf\js\jit\gradient50.png.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
cscript.exe:468
cscript.exe:884
cscript.exe:312
cscript.exe:1168
cscript.exe:1200
cscript.exe:1876
cscript.exe:272
cscript.exe:844
cscript.exe:496
cscript.exe:1784
cscript.exe:204
cscript.exe:1948
cscript.exe:852
cscript.exe:536
cscript.exe:1076
cscript.exe:1732
cscript.exe:1072
cscript.exe:1252
cscript.exe:544
cscript.exe:1652
cscript.exe:548
cscript.exe:1564
cscript.exe:1244
cscript.exe:996
cscript.exe:1312
cscript.exe:208
cscript.exe:676
cscript.exe:1612
cscript.exe:920
cscript.exe:1956
cscript.exe:168
cscript.exe:164
cscript.exe:224
cscript.exe:1508
cscript.exe:372
cscript.exe:1640
cscript.exe:1188
cscript.exe:1824
cscript.exe:1628
cscript.exe:968
cscript.exe:1604
cscript.exe:1240
cscript.exe:2000
cscript.exe:1980
cscript.exe:476
cscript.exe:532
cscript.exe:1100
cscript.exe:436
cscript.exe:1004
cscript.exe:820
cscript.exe:1416
cscript.exe:1512
%original file name%.exe:1788
%original file name%.exe:1324
%original file name%.exe:884
%original file name%.exe:1780
%original file name%.exe:1564
%original file name%.exe:1168
%original file name%.exe:332
%original file name%.exe:272
%original file name%.exe:996
%original file name%.exe:1640
%original file name%.exe:176
%original file name%.exe:496
%original file name%.exe:1488
%original file name%.exe:1784
%original file name%.exe:204
%original file name%.exe:692
%original file name%.exe:1588
%original file name%.exe:1056
%original file name%.exe:668
%original file name%.exe:1072
%original file name%.exe:1136
%original file name%.exe:956
%original file name%.exe:1500
%original file name%.exe:548
%original file name%.exe:1400
%original file name%.exe:528
%original file name%.exe:828
%original file name%.exe:1236
%original file name%.exe:448
%original file name%.exe:756
%original file name%.exe:896
%original file name%.exe:1792
%original file name%.exe:676
%original file name%.exe:1356
%original file name%.exe:1152
%original file name%.exe:244
%original file name%.exe:1512
%original file name%.exe:164
%original file name%.exe:224
%original file name%.exe:480
%original file name%.exe:868
%original file name%.exe:900
%original file name%.exe:852
%original file name%.exe:1188
%original file name%.exe:1528
%original file name%.exe:928
%original file name%.exe:356
%original file name%.exe:1980
%original file name%.exe:532
%original file name%.exe:1668
%original file name%.exe:920
%original file name%.exe:1572
%original file name%.exe:1004
%original file name%.exe:1380
%original file name%.exe:376 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (11518 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (7385 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (7433 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (35505 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (7385 bytes)
C:\totalcmd\TCUNINST.EXE.exe (7385 bytes)
C:\totalcmd\TcUsbRun.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\MAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (7433 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (7433 bytes)
C:\totalcmd\TCMDX32.EXE.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (7971 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (10177 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HEAoIgUQ.bat (112 bytes)
C:\6ed750e80b585b72e5a7b8b97e9a7f62 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\uYIskYcU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\eYAkcIsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KAAwgEUk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TEQsYUsA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HEIYwggc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EqAMIYwY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VIYgswYI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MkgAEYoY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BigYMEgw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xQMwMAYM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hsEYUMAw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gYUogwAA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sukQYUME.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SAksokMk.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yGoMQwwY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zuIwgwME.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EQgwogog.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NeockEow.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DEwAocgM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ssUYYYEQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HggcwEEM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RyEAkEsE.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sSsUoQIw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xiEUcAYM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IAkYsAcc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dasIsQkI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsscEoEw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FaAMckUA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LiYcwYYQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lCskAMAc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dkoQgcQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GacAQMYA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EigMAUQY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qGAkAMoQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nyQEYcYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bskwIMok.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LMMoQsMU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NgAIcwQQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SmcUwwkA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZUgUgwcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lUQssoII.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\sEgMoIko.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ruMwYAYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nSkwUMoI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XsUQkYAE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XIwkkMoo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PCgAIkQw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BEwMYsEI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yKwUoAAE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\AksAIAgg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aiQIocgY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ygUYUIkU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\hycEIYUs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GAAMEoUs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\yeYUosEs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zWQQsosA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RUoUUEUU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GoMkIYEw.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XOYAAwww.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aWYUgsAs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FaAQgwwI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZwIEAYwY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fOEQowoc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XasYsgMo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WKkgUAIc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\acwEgkEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\YgMIkUsY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jassQkkg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\LUYQskYw.bat (112 bytes)
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.exe (7713 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TmkMcYYg.bat (112 bytes)
%Documents and Settings%\All Users\BOAMIgUE\jWcYYUcg.exe (7737 bytes)
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe (7761 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XowMowgo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jGwQwMwI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EcwggIoQ.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\neUEAowU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GKYIgIEU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XygAcQsM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WgEYowgY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VSYwQoUo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ugMsAsQM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ksQAUYYo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vYoQgsUM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PckcgAIo.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vaUgoMgI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XYEYcYEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ZIMQUkQY.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aYwgkQYk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\GIoUMosQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kiwwMUEQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zwEIsAAI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KIIoUQsk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OWQcIsAQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BIccgscI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jscYcMII.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BEkQwwEo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\NKwQkUkg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\XCkAksQk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PWsEkQcU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tOgMkkgc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iKccYIYw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SkgwcEIU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\zaIAMwAU.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cOEwMsck.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\icEgEUwo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gYAYQAwI.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\syIUEcgg.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EQEYUMcE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qaMQIIwg.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\iSYAYQsw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HuIkwooQ.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qEgskkUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wwIkYEwA.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bQAYkIEM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\leQAEEQA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\saUAUEQs.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xgMkkwcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OgUAcYcY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\EcMsIEEU.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nkIcMQUI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KIYEwwkA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FkAkwgkI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\cegQAsog.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pUMscoQI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VkIssEYE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pYoQQEMc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IYIkogQA.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\poIIMcos.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rUwssQgY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\FAYQgIgc.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\leAQYIkM.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\usMUMAcI.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\MAwwswws.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dqwEowIk.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VsgcYUco.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ySwIEUII.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UEoAwEoo.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jQccMsEY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\xyYwkkcM.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\JQAEoAAs.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\HwsMcsAE.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OCMAowIc.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vQYEMUQw.bat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TYQAMckY.bat (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\rmoYIYMU.bat (4 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"rSwooYMM.exe" = "%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FeEQMIQs.exe" = "%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe" - Remove the references to the Trojan by modifying the following registry value(s) (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe,%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe," - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 1028096 | 1027072 | 5.44381 | b5b941f1a3be2c51dbf5ca7aea0f6031 |
| .rdata | 1032192 | 4096 | 512 | 1.81588 | bd8420a28242473773ae7c7753b2b4be |
| .data | 1036288 | 4 | 512 | 0.056519 | dfbec37c22852e1f8e679c7f20f7d72e |
| .rsrc | 1040384 | 4444 | 4608 | 2.04642 | f9638897d2011e145125c3512d20e7f3 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://google.com/ | 173.194.112.65 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET / HTTP/1.1
Host: google.com
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=29IVVevgLOOG8QflqIGYBA
Content-Length: 262
Date: Fri, 27 Mar 2015 21:59:55 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=29IVVevgLOOG8QflqIGYBA">here</A>...</BODY></HTML>....
GET / HTTP/1.1
Host: google.com
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=3NIVVY3ULOKG8Qe61YCYBQ
Content-Length: 262
Date: Fri, 27 Mar 2015 21:59:56 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=3NIVVY3ULOKG8Qe61YCYBQ">here</A>...</BODY></HTML>....
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
rSwooYMM.exe_1108:
.text
.text
.rdata
.rdata
@.data
@.data
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
õ(r'
õ(r'
Yy.IA9
Yy.IA9
Microsoft Windows
Microsoft Windows
z.vPV
z.vPV
#qcFtPV
#qcFtPV
]a.PV
]a.PV
x!.PV
x!.PV
]q.RV
]q.RV
oleaut32.dll
oleaut32.dll
RegOpenKeyW
RegOpenKeyW
advapi32.dll
advapi32.dll
kernel32.dll
kernel32.dll
user32.dll
user32.dll
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
rSwooYMM.exe_1108_rwx_00401000_000EA000:
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
õ(r'
õ(r'
Yy.IA9
Yy.IA9
Microsoft Windows
Microsoft Windows
z.vPV
z.vPV
#qcFtPV
#qcFtPV
]a.PV
]a.PV
x!.PV
x!.PV
]q.RV
]q.RV
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
rSwooYMM.exe_1108_rwx_009A0000_00001000:
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
FeEQMIQs.exe_1552:
.text
.text
.rdata
.rdata
@.data
@.data
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
j.FAb
j.FAb
(.DG-\
(.DG-\
Microsoft Windows
Microsoft Windows
oMw%s
oMw%s
KH%CsO
KH%CsO
k%s
k%s
advapi32.dll
advapi32.dll
ntdll.dll
ntdll.dll
oleaut32.dll
oleaut32.dll
user32.dll
user32.dll
GetProcessHeap
GetProcessHeap
kernel32.dll
kernel32.dll
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
rSwooYMM.exe_1108_rwx_00A00000_00001000:
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM
rSwooYMM.exe_1108_rwx_00A10000_00001000:
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs
rSwooYMM.exe_1108_rwx_00A30000_000E9000:
C{?%f{[
C{?%f{[
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
x.sd6
x.sd6
4%UMv
4%UMv
4%UEInb
4%UEInb
%uNaO
%uNaO
.YtUO
.YtUO
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
rSwooYMM.exe_1108_rwx_00E20000_00001000:
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.inf
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.inf
rSwooYMM.exe_1108_rwx_00E30000_00001000:
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.inf
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.inf
jWcYYUcg.exe_524:
.text
.text
.rdata
.rdata
@.data
@.data
C{?%f{[
C{?%f{[
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
c.lI'
c.lI'
c.fI!
c.fI!
x.sd6
x.sd6
4%UMv
4%UMv
4%UEInb
4%UEInb
2software\microsoft\windows\currentversion\run
2software\microsoft\windows\currentversion\run
%uNaO
%uNaO
.YtUO
.YtUO
ZwOpenKey
ZwOpenKey
ZwQueryValueKey
ZwQueryValueKey
ntdll.dll
ntdll.dll
kernel32.dll
kernel32.dll
user32.dll
user32.dll
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
rSwooYMM.exe_1108_rwx_00E40000_00001000:
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.exe
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.exe
rSwooYMM.exe_1108_rwx_00E50000_00001000:
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe
rSwooYMM.exe_1108_rwx_00E80000_00001000:
rSwooYMM.exe
rSwooYMM.exe
rSwooYMM.exe_1108_rwx_00E90000_00001000:
FeEQMIQs.exe
FeEQMIQs.exe
rSwooYMM.exe_1108_rwx_00EA0000_00001000:
taskkill /FI "USERNAME eq adm" /F /IM rSwooYMM.exe
taskkill /FI "USERNAME eq adm" /F /IM rSwooYMM.exe
rSwooYMM.exe_1108_rwx_00EB0000_00001000:
taskkill /FI "USERNAME eq adm" /F /IM FeEQMIQs.exe
taskkill /FI "USERNAME eq adm" /F /IM FeEQMIQs.exe
rSwooYMM.exe_1108_rwx_00EC0000_00001000:
%Documents and Settings%\All Users\BOAMIgUE\jWcYYUcg.exe
%Documents and Settings%\All Users\BOAMIgUE\jWcYYUcg.exe
rSwooYMM.exe_1108_rwx_00ED0000_00001000:
%Documents and Settings%\All Users\MAAo.txt
%Documents and Settings%\All Users\MAAo.txt
rSwooYMM.exe_1108_rwx_00EE0000_00001000:
notepad.exe "%Documents and Settings%\All Users\MAAo.txt"
notepad.exe "%Documents and Settings%\All Users\MAAo.txt"
rSwooYMM.exe_1108_rwx_00EF0000_00001000:
%Documents and Settings%\All Users\BOAMIgUE
%Documents and Settings%\All Users\BOAMIgUE
rSwooYMM.exe_1108_rwx_01170000_00001000:
.text
.text
`.rdata
`.rdata
@.data
@.data
rSwooYMM.exe_1108_rwx_01190000_02300000:
ole32.dll
ole32.dll
advapi32.dll
advapi32.dll
ntdll.dll
ntdll.dll
user32.dll
user32.dll
kernel32.dll
kernel32.dll
Zc.ih
Zc.ih
~W?.tKX
~W?.tKX
nV.uIfG^'
nV.uIfG^'
.npM d
.npM d
%%fKr2
%%fKr2
d.ud~
d.ud~
%d:jD
%d:jD
%do>%
%do>%
Sqz%x)
Sqz%x)
_.uq]k
_.uq]k
X.pf}
X.pf}
.ew9k
.ew9k
K-M}O
K-M}O
N6%xK
N6%xK
vd.uz
vd.uz
u/f3%F?QF"\
u/f3%F?QF"\
*cm.nP
*cm.nP
_Tj%DN
_Tj%DN
-O}4d
-O}4d
HR
HR
Oz6MvB"%U
Oz6MvB"%U
GM.rm
GM.rm
.cEh(
.cEh(
(J!%uc7
(J!%uc7
R%u4Z
R%u4Z
3D9.UFF
3D9.UFF
!..MQ
!..MQ
h%s9`
h%s9`
.Das&
.Das&
.bBIf
.bBIf
]RI.jr
]RI.jr
|?.NW
|?.NW
CMdu#
CMdu#
CMdG3
CMdG3
.FMq3@
.FMq3@
1y>g.pX
1y>g.pX
_.II`
_.II`
L.GvrM
L.GvrM
#;.sA;|i!j
#;.sA;|i!j
.iY|.
.iY|.
.OY4
.OY4
K.Ecs
K.Ecs
C.EasnG9[
C.EasnG9[
J.Zf#
J.Zf#
CD.RX
CD.RX
R.TSv
R.TSv
Tc.EPl
Tc.EPl
_%u*U
_%u*U
S.Pm{N
S.Pm{N
.Tz[4A-y
.Tz[4A-y
ÃXTN
ÃXTN
tSQlkj
tSQlkj
ed.Os
ed.Os
.LGX69f
.LGX69f
G.KO-
G.KO-
k;.Ek
k;.Ek
X.IKL
X.IKL
XB.hb
XB.hb
)rD%c
)rD%c
Me.Rq
Me.Rq
ty.Ky
ty.Ky
uv;.iR
uv;.iR
%F_O/_?a
%F_O/_?a
r%SE
r%SE
:.xhq
:.xhq
3l.Nm
3l.Nm
H%x 9
H%x 9
i.gj]
i.gj]
UdpLbz
UdpLbz
G.Qn3>
G.Qn3>
e,.Or
e,.Or
(?')9'22
(?')9'22
p:`%S
p:`%S
HP@%S
HP@%S
!cte.kO
!cte.kO
!cD%.kI[
!cD%.kI[
Olr.kH
Olr.kH
.kOS(;:C
.kOS(;:C
#sr%xWP
#sr%xWP
Ol".kI{
Ol".kI{
Olb.kI{
Olb.kI{
.kOS(;
.kOS(;
%X>hBv
%X>hBv
%X>hFv
%X>hFv
pOÜ
pOÜ
21i.mn
21i.mn
LCrT
LCrT
?x
?x
px
px
qx
qx
'7f!f.FA
'7f!f.FA
'7&1n6f1f.Fa
'7&1n6f1f.Fa
pp
pp
/f.FR
/f.FR
n.fqe
n.fqe
4Sf.FQ
4Sf.FQ
f.Fac
f.Fac
n.fQg6Fa*
n.fQg6Fa*
/f.FQ
/f.FQ
/l.FR
/l.FR
".Fqa6F
".Fqa6F
/f.FA
/f.FA
/m.fr
/m.fr
/n.fR
/n.fR
:y
:y
0y
0y
8y
8y
ex
ex
/l.FB
/l.FB
/c.Fq
/c.Fq
o.fag6FB
o.fag6FB
M!|`*8yQd
M!|`*8yQd
%xQ
%xQ
Qb6&
Qb6&
&/fAf.FQb6F
&/fAf.FQb6F
.qtyip
.qtyip
.qt9Rp
.qt9Rp
.qti-p
.qti-p
.qti(p
.qti(p
.qti p
.qti p
46Am6vQf.FR
46Am6vQf.FR
f.Fqc
f.Fqc
7&Ao.FQ
7&Ao.FQ
*|j.7fAg.FQ
*|j.7fAg.FQ
/m.FB
/m.FB
/l.fb
/l.fb
n.faf
n.faf
-Qpn}
-Qpn}
Ds%uj
Ds%uj
97q
97q
b.&qn.fAf.F
b.&qn.fAf.F
Ax
Ax
&7Fab.FQ
&7Fab.FQ
77b6&an.fAd
77b6&an.fAd
/n.faf.F
/n.faf.F
x
x
/d.FR
/d.FR
&.fae6F
&.fae6F
.fae6F
.fae6F
f.fae6F
f.fae6F
8-pK}
8-pK}
g.Fqa6F
g.Fqa6F
/b.FQ
/b.FQ
/g.Fq
/g.Fq
n.fqf6FA
n.fqf6FA
/f.Fq
/f.Fq
/f.Fab.&
/f.Fab.&
f.fae
f.fae
Cx
Cx
qx
qx
/c.Fb
/c.Fb
%x#7F
%x#7F
%x"7F
%x"7F
/n.Fa
/n.Fa
/`.Fb
/`.Fb
/d.Fb
/d.Fb
F:\FQ
F:\FQ
qxB
qxB
%x#7F"
%x#7F"
[7;n.Fb
[7;n.Fb
/a.FB
/a.FB
/f.Fb
/f.Fb
/f.FB
/f.FB
Cx
Cx
;y
;y
/d.Fr
/d.Fr
px
px
p:8yb
p:8yb
' (/qxW.fB
' (/qxW.fB
/o.Fr
/o.Fr
/g.FR
/g.FR
ux
ux
Q9
Q9
/f.Fa
/f.Fa
n.fQf6F
n.fQf6F
7&an.FQ
7&an.FQ
n6faf.FQb6F
n6faf.FQb6F
pT%X0
pT%X0
"qx
"qx
-Q{
-Q{
qp%Sp
qp%Sp
%x!7FR
%x!7FR
r#o
r#o
/a.BA
/a.BA
/~.fR
/~.fR
b.f1f.fq
b.f1f.fq
/2
/2
j.Fqa
j.Fqa
.fqf.FQ`
.fqf.FQ`
px'/fQf.Fqa
px'/fQf.Fqa
!x
!x
3q%Ss
3q%Ss
)x
)x
.Zpt)
.Zpt)
/n.fAd6F
/n.fAd6F
0x
0x
pz;y
pz;y
pJ8y
pJ8y
3y
3y
p*8y
p*8y
&/fqf.FQa6&
&/fqf.FQa6&
^.fqd
^.fqd
!x
!x
e.fAe.fQf.fqe>
e.fAe.fQf.fqe>
1*|R
1*|R
.flD4p
.flD4p
.FLf$pp
.FLf$pp
.fL;4p
.fL;4p
t-28}
t-28}
.BAe;bA
.BAe;bA
.bAf:]
.bAf:]
.bA%:E
.bA%:E
.fll5p
.fll5p
-S}.
-S}.
.fLL0p
.fLL0p
.BAe:U
.BAe:U
.bA&>]
.bA&>]
.BAg6v
.BAg6v
.bA'6R
.bA'6R
.BAD*]
.BAD*]
.BA&*]
.BA&*]
.bA':E
.bA':E
.Fln0pp
.Fln0pp
t-68}
t-68}
.bAG:E
.bAG:E
.bAd:E
.bAd:E
.bAg:E
.bAg:E
6.smWu
6.smWu
.BA%:U
.BA%:U
.BAd*]
.BAd*]
.BA'*]
.BA'*]
.bAg:Ub
.bAg:Ub
.BAg*E
.BAg*E
.fL.
.fL.
.fL^=pt
.fL^=pt
.BAf?]
.BAf?]
.BAd E
.BAd E
.FLJ>p,q
.FLJ>p,q
p;%Sp
p;%Sp
.BA&>}
.BA&>}
6R;%Sp
6R;%Sp
.BA$:E
.BA$:E
.bA$:U
.bA$:U
.bAd6^
.bAd6^
.bAF.]
.bAF.]
.FLR?pp
.FLR?pp
.FLB?pp
.FLB?pp
.FLn?ppM
.FLn?ppM
.FlB8pp
.FlB8pp
.FLj8ppm
.FLj8ppm
.Fl8?p
.Fl8?p
.FL0?p
.FL0?p
.Fl(?p
.Fl(?p
.FL*?pp
.FL*?pp
.Fl"?pp
.Fl"?pp
.fl(?p
.fl(?p
.JY5.r
.JY5.r
.fl@9p
.fl@9p
.bAD:U
.bAD:U
.bAE:E
.bAE:E
.bAd:U
.bAd:U
.BAd*E
.BAd*E
.FLv5p,q_
.FLv5p,q_
.bA$:E
.bA$:E
.BAE:U
.BAE:U
.BAF:]
.BAF:]
.BA%:]
.BA%:]
6Rs-h}
6Rs-h}
6Rs-K}
6Rs-K}
6Rs-6}
6Rs-6}
.bAe:]
.bAe:]
.BAe:]
.BAe:]
.BA$*E
.BA$*E
.BBeHp
.BBeHp
7.ZE7.z
7.ZE7.z
.bA :U
.bA :U
.be%;E
.be%;E
.fl`8p
.fl`8p
.bB%:p
.bB%:p
.BBe2p
.BBe2p
.BBeQp
.BBeQp
.BBm)p
.BBm)p
/1.BA
/1.BA
.FLj:pp
.FLj:pp
.BAE:]
.BAE:]
.BAD:E
.BAD:E
.BA$:U
.BA$:U
.bAD:E
.bAD:E
.bA$:]
.bA$:]
.BAg:E
.BAg:E
.BA&*
.BA&*
.bA%.2
.bA%.2
%U7bA
%U7bA
.bA'*E
.bA'*E
%w-r8}(
%w-r8}(
%S]F8u?0
%S]F8u?0
.BA&>]
.BA&>]
.BA$6R
.BA$6R
.BAG*
.BAG*
.Be'
.Be'
.BA&:}
.BA&:}
.bef?]
.bef?]
.BA%>bA
.BA%>bA
%;}^$;}^
%;}^$;}^
W-28}
W-28}
.bAe>bA
.bAe>bA
D}%xE
D}%xE
.bAv:]
.bAv:]
.BA4:E
.BA4:E
R-%8U
R-%8U
.bAF:]
.bAF:]
r%dN$
r%dN$
.BAD*E
.BAD*E
rSwooYMM.exe_1108_rwx_05990000_00001000:
.text
.text
.rdata
.rdata
@.data
@.data
FeEQMIQs.exe_1552_rwx_00401000_000EA000:
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
j.FAb
j.FAb
(.DG-\
(.DG-\
Microsoft Windows
Microsoft Windows
oMw%s
oMw%s
KH%CsO
KH%CsO
k%s
k%s
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
FeEQMIQs.exe_1552_rwx_009A0000_00001000:
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
FeEQMIQs.exe_1552_rwx_00A00000_00001000:
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM
FeEQMIQs.exe_1552_rwx_00A10000_00001000:
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs
FeEQMIQs.exe_1552_rwx_00A30000_000E9000:
C{?%f{[
C{?%f{[
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
x.sd6
x.sd6
4%UMv
4%UMv
4%UEInb
4%UEInb
%uNaO
%uNaO
.YtUO
.YtUO
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
FeEQMIQs.exe_1552_rwx_00E20000_00001000:
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.inf
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.inf
FeEQMIQs.exe_1552_rwx_00E30000_00001000:
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.inf
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.inf
FeEQMIQs.exe_1552_rwx_00E40000_00001000:
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.exe
%Documents and Settings%\%current user%\NwIscAww\rSwooYMM.exe
FeEQMIQs.exe_1552_rwx_00E50000_00001000:
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe
%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exe
FeEQMIQs.exe_1552_rwx_00E80000_00001000:
rSwooYMM.exe
rSwooYMM.exe
FeEQMIQs.exe_1552_rwx_00E90000_00001000:
FeEQMIQs.exe
FeEQMIQs.exe
FeEQMIQs.exe_1552_rwx_00EA0000_00001000:
taskkill /FI "USERNAME eq adm" /F /IM rSwooYMM.exe
taskkill /FI "USERNAME eq adm" /F /IM rSwooYMM.exe
FeEQMIQs.exe_1552_rwx_00EB0000_00001000:
taskkill /FI "USERNAME eq adm" /F /IM FeEQMIQs.exe
taskkill /FI "USERNAME eq adm" /F /IM FeEQMIQs.exe
FeEQMIQs.exe_1552_rwx_00EC0000_00001000:
%Documents and Settings%\All Users\BOAMIgUE\jWcYYUcg.exe
%Documents and Settings%\All Users\BOAMIgUE\jWcYYUcg.exe
FeEQMIQs.exe_1552_rwx_00ED0000_00001000:
%Documents and Settings%\All Users\MAAo.txt
%Documents and Settings%\All Users\MAAo.txt
FeEQMIQs.exe_1552_rwx_00EE0000_00001000:
notepad.exe "%Documents and Settings%\All Users\MAAo.txt"
notepad.exe "%Documents and Settings%\All Users\MAAo.txt"
FeEQMIQs.exe_1552_rwx_00EF0000_00001000:
%Documents and Settings%\All Users\BOAMIgUE
%Documents and Settings%\All Users\BOAMIgUE
FeEQMIQs.exe_1552_rwx_01170000_00001000:
.text
.text
`.rdata
`.rdata
@.data
@.data
FeEQMIQs.exe_1552_rwx_01190000_02300000:
""
""
"
"
kernel32.dll
kernel32.dll
advapi32.dll
advapi32.dll
ntdll.dll
ntdll.dll
GetProcessWindowStation
GetProcessWindowStation
user32.dll
user32.dll
:.Sv=
:.Sv=
Jw.ds
Jw.ds
(%s1q
(%s1q
K.gQ0
K.gQ0
CmdW?
CmdW?
x%u{1Q
x%u{1Q
S%xXC
S%xXC
4%D-'
4%D-'
2rxn.op
2rxn.op
M*.%F
M*.%F
i!0.cer
i!0.cer
)!.rQj"D|j
)!.rQj"D|j
8%.vo(
8%.vo(
.yCAO
.yCAO
..zuR
..zuR
Z{:.Kn
Z{:.Kn
.ssEYQ
.ssEYQ
AÉr
AÉr
UT\.eH
UT\.eH
c{%xg
c{%xg
jo.Hj
jo.Hj
6.Nst
6.Nst
^.tH>#
^.tH>#
.bUq$
.bUq$
.Fdv[;
.Fdv[;
.txt\
.txt\
};.Jxy
};.Jxy
'.Jd9@
'.Jd9@
t6.Gs[t
t6.Gs[t
tB
.nvJ.
ZRO%cN8
Uv;%xN
5-.rqV
6g%Dg
p%d&~
4b.DmZ
5%F}NT,
K-oFFXP}
]x.vx
SQl8L9
.xGQ?W
%.dr-
:]7,6-0,
q.UmG
D=s.Mt
H|.yIq
?CW#.UW
sa%cls
.WrhwLd~
,.bSz
{()!:!`[c'.aV
%f>>t
/n.VW
.Ub)7H
.Jg>t
*1"/ $::"
;Q.Yc
_F%f_
@^%CN
.wo}4
qv.je
)|6.We
_F%F_
3amK.am
Ezmk=zm 2zmk.zm #zm
.keKNG
N%D:w
mK .mk
PgE_F%f
Pgz_F%f
.Izv/
Pge_F%f
3wo%f
.wXNX
.GdV:
.GE:w
T.ocs
I.de~
OK.RnnAN
Jj.ek_
w*k.Lu
.vUly
%d^Te
WEBXs
.Hlk'Hl
lkW.mkU.m
lk].mk
adKwadkqadKiadkdadk^adkXadkQadKHadkAadk=adk9adk4adk.adk(adk"adk
SCmd
I.NN2
ws.oX`V
a.ngaE
evÃŽk
ftpV
o.oek_
FtpV
.vLSc
jCMdk
.oe )oeK$oe
Cn.MV=
Cn.MVE
EC.gz
.gf4Q
EC.gE
CC.gC
1Fek.Fe
G<.oey>e (.ek.Hek/j%Udk4h.ek.spV>jjev.IekuGO.EBuDO.EB;%Cniq.FE[b{ekE@.Oevn'aF.bFj.UeKnGanV~.VX|$-ek}#dk}dK{%d-ek}sd |%d |Iddk|%dk|Idk-ek}clk~e ~%ddkeXedK|%d|%dk|%dksNd pdK|%dK|IdK-ek}!ek}d x.ektdkm.ek]dk].eKXdkW.eKRdk/.ek%xekVtd^ek.Pdk.eK~.eek<.ek>(.ek~-ddk9.dk0dk*%ddkk"ek}%dk}IdkFeEQMIQs.exe_1552_rwx_03B90000_01E00000:.text`.rdata@.data.rsrc@.relocu%Uh`QSSShQVSSht.PShT$lRSSh| "UDPQRhL$ QSShL$,QSShQSSShlVURVSShlVUt.Ph\tGHt.Ht&operand of unlimited repeat could match the empty stringPOSIX named classes are supported only within a classerroffset passed as NULLPOSIX collating elements are not supportedthis version of PCRE is not compiled with PCRE_UTF8 supportPCRE does not support \L, \l, \N{name}, \U, or \usupport for \P, \p, and \X has not been compiledthis version of PCRE is not compiled with PCRE_UCP support\N is not supported in a classinflate 1.2.5 Copyright 1995-2010 Mark AdlerPlease contact the application's support team for more information.- Attempt to initialize the CRT more than once.- CRT not initialized- floating point support not loadedoperatorGetProcessWindowStationUSER32.DLLRtlRunOnceExecuteOnceadvapi32_hack::try_hack: bad PE passedadvapi32_hack::try_hack: cannot read import tableadvapi32_hack::try_hack: cannot find section .text.dataadvapi32_hack::try_hack: cannot find section .dataadvapi32_hack::try_hack: cannot read section .textCannot read module %s, error %dCannot read exports of %s, error %dadvapi32_hack::try_hack: cannot read exports, error %d.apisetBad .apiset catalog - don`t fit in sectionString in cat item %d not in sectionValue in cat item %d not in sectionBad referred in cat item %dDouble mapped value in cat item %d not in sectionBad double referred in cat item %dBaseSrvRegisterWowExecBaseSrvGetProcessShutdownParamBaseSrvSetProcessShutdownParambasesrv.dllUnknown size of BaseServerApiDispatchTable: %dServerDll[%d] %pcsrsrv.dllCsrExecServerThreadServerDll[%d]:ApiDispatchTable: %p %sConnectRoutine: %p %sDisconnectRoutine: %p %sHardErrorRoutine: %p %sAddProcessRoutine: %p %sShutdownProcessRoutine: %p %sCannot open dir %S, error %dclean_old_drvs: error %d on deleting file %SCannot find resource %XCannot load resource %XResource %d has zero lengthCannot lock resource %XCannot unpack resource %XCannot create file %S, error %d1.2.5Decompress buffer %d bytes too smallDxDvpWaitForVideoPortSyncDxDvpUpdateVideoPortDxDvpGetVideoPortConnectInfoDxDvpGetVideoPortOutputFormatsDxDvpGetVideoPortLineDxDvpGetVideoPortInputFormatsDxDvpGetVideoPortFlipStatusDxDvpGetVideoPortFieldDxDvpGetVideoPortBandwidthDxDvpFlipVideoPortDxDvpDestroyVideoPortDxDvpCreateVideoPortDxDvpCanCreateVideoPortDxDdSetColorKeyCannot read gaDxgFuncs handlers, readed %X bytes.rdataCannot read DxgCoreInterface handlers, readed %X bytesUnknown acpi table version: %XSBP2PORT_MaskSTORMINIPORT_MaskSTORPORT_MaskTCPIP6_MaskWSOCKTRANSPORT_MaskFCPORT_MaskSOFTPCI_MaskTCPIP_MaskSCSIMINIPORT_MaskSCSIPORT_MaskUnknown KdComponentTableSize size %Xdump_kd_masks return %X bytes, error %d, ntstatus %Xdump_kd_masks return %X bytes, error %ddump_kd_masks(%s) return %X bytes, error %d, ntstatus %Xdump_kd_masks(%s) return %X bytes, error %d%-*s: %Xread_kopts_length(%s) return %X bytes, error %d, ntstatus %Xread_kopts_length(%s) return %X bytes, error %dCannot alloc %X bytesCannot realloc %X bytes for %sread_kopts(%s) return %X bytes, error %d, ntstatus %Xread_kopts(%s) return %X bytes, error %d%S (%s): %X%S (%s):dump_kopts(%s) return %X bytes, error %d, ntstatus %Xdump_kopts(%s) return %X bytes, error %dMmSupportWriteWatchKiPassiveWatchdogTimeoutViImageExecutionOptionsDbgkErrorPortStartTimeoutDbgkErrorPortCommTimeoutMmDisablePagingExecutiveCmDefaultLanguageIdDbgkpMaxModuleMsgsIoCountOperationsKeDelayExecutionThreadresolve_IoFreeIrp: bad addr of %sget_interrupt_dispatch: cannot alloc %d bytesUnknown kernel options: %SPsGetProcessWin32WindowStationKeIsExecutingDpcbad addr of KeIsExecutingDpcBad pnp handler item %d (%d)Cannot find %sks.sys: cannot get KoCreateInstanceImportContextExportContextSpChangeAccountPasswordFnCallPackagePassthrough%SystemRoot%\System32\GetServiceAccountPasswordDPAPIPasswordChangeForGMSAGetCredentialKeyINotifyPasswordChanged%s PolicyChangeNotificationCallbacksPolicyChangeNotificationCallback[%d]: %d items[%d] %p %p %p %p %slsasrv_hack::try_hack: bad PE passedlsasrv_hack::try_hack: cannot find section .datalsasrv_hack::try_hack: cannot read section .datalsasrv_hack::try_hack: bad section passedlsasrv_hack::try_hack: cannot read exports, error %dLsaICallPackagePassthroughlsasrv.dllVaultLogonSessionNotification: %p %sStart of driver %S failed !WSPJoinLeafMSAFD_WSPSendMsgMSAFD_WSPRecvMsgmswsock.dllCheckProc: cannot open process PID %d, error %d, ntstatus %XCheckProc: cannot open process PID %d, error %dthreaded_processes_checker exception occured, error %XMyWindowsChecker: len %d, kernel name %sCannot get kernel name, error %dKill process %dCheck processes in %d threadsCannot find process %dUsage: %S [options]-wmi - report about WMI entries-uem - check for Unknown Executable Memory-npo - dump RPC Named Pipes Owner-rdata - check .rdata sections too-rpc - report about RPC interfacesDeriveKeyNotifyChangeKeyEnumKeysIsAlgSupportedFreeKeyDeleteKeyFinalizeKeySetKeyPropertyCreatePersistedKeyOpenKeyOpenPrivateKeyImportKeyImportMasterKeyGetKeyPropertyGenerateSessionKeysGenerateMasterKeyExportKeyCreateEphemeralKeyComputeEapKeyBlockncrypt_hack::check_in_proc: cannot alloc %d bytesGetKeyStorageInterfaceCannot load %s (copy of %s), error %dCannot load module %s, error %dCannot read module %s import tableNdisMRegisterMiniportDriverresolve_minidrivers_list: bad addr of NdisMRegisterMiniportDriverNdisMRegisterMiniportresolve_minidrivers_list: cannot find NdisMRegisterMiniportresolve_minidrivers_list: bad addr of NdisMRegisterMiniportresolve_miniports_list: cannot find NdisIMInitializeDeviceInstanceExresolve_miniports_list: bad addr of NdisIMInitializeDeviceInstanceExOID_CO_TAPI_DONT_REPORT_DIGITSOID_CO_TAPI_REPORT_DIGITSOID_QOS_OPERATIONAL_PARAMETERSOID_TCP_TASK_IPSEC_OFFLOAD_V2_ADD_SA_EXOID_TCP_TASK_IPSEC_OFFLOAD_V2_UPDATE_SAOID_TCP_TASK_IPSEC_OFFLOAD_V2_DELETE_SAOID_TCP_TASK_IPSEC_OFFLOAD_V2_ADD_SAOID_TCP_CONNECTION_OFFLOAD_PARAMETERSOID_FFP_SUPPORTOID_TCP_CONNECTION_OFFLOAD_HARDWARE_CAPABILITIESOID_TCP_CONNECTION_OFFLOAD_CURRENT_CONFIGOID_TCP_OFFLOAD_HARDWARE_CAPABILITIESOID_TCP_OFFLOAD_PARAMETERSOID_TCP_OFFLOAD_CURRENT_CONFIGOID_TCP6_OFFLOAD_STATSOID_TCP4_OFFLOAD_STATSOID_TCP_TASK_IPSEC_DELETE_UDPESP_SAOID_TCP_TASK_IPSEC_ADD_UDPESP_SAOID_TCP_SAN_SUPPORTOID_TCP_TASK_IPSEC_DELETE_SAOID_TCP_TASK_IPSEC_ADD_SAOID_TCP_TASK_OFFLOADOID_DOT11_SUPPORTED_DSSS_CHANNEL_LISTOID_DOT11_SUPPORTED_OFDM_FREQUENCY_LISTOID_DOT11_QOS_TX_QUEUES_SUPPORTEDOID_DOT11_AP_JOIN_REQUESTOID_DOT11_HR_CCA_MODE_SUPPORTEDOID_DOT11_FREQUENCY_BANDS_SUPPORTEDOID_DOT11_SUPPORTED_DATA_RATES_VALUEOID_DOT11_SUPPORTED_RX_ANTENNAOID_DOT11_SUPPORTED_TX_ANTENNAOID_DOT11_REG_DOMAINS_SUPPORT_VALUEOID_DOT11_CCA_MODE_SUPPORTEDOID_DOT11_SUPPORTED_POWER_LEVELSOID_DOT11_DIVERSITY_SUPPORTOID_DOT11_SUPPORTED_PHY_TYPESOID_DOT11_OPERATIONAL_RATE_SETOID_DOT11_JOIN_REQUESTOID_DOT11_CURRENT_OPERATION_MODEOID_DOT11_OPERATION_MODE_CAPABILITYOID_802_11_SUPPORTED_RATESOID_802_11_NETWORK_TYPES_SUPPORTEDOID_802_11_REMOVE_KEYOID_802_11_ADD_KEYOID_IRDA_SUPPORTED_SPEEDSOID_ATM_SUPPORTED_AAL_TYPESOID_ATM_SUPPORTED_SERVICE_CATEGORYOID_ATM_SUPPORTED_VC_RATESOID_FDDI_PORT_ACTIONOID_FDDI_PORT_HARDWARE_PRESENTOID_FDDI_PORT_LER_FLAGOID_FDDI_PORT_PC_WITHHOLDOID_FDDI_PORT_PCM_STATEOID_FDDI_PORT_CONNNECT_STATEOID_FDDI_PORT_LER_ALARMOID_FDDI_PORT_LER_CUTOFFOID_FDDI_PORT_LEM_CTOID_FDDI_PORT_LEM_REJECT_CTOID_FDDI_PORT_LER_ESTIMATEOID_FDDI_PORT_LCT_FAIL_CTOID_FDDI_PORT_EB_ERROR_CTOID_FDDI_PORT_PC_LSOID_FDDI_PORT_BS_FLAGOID_FDDI_PORT_MAINT_LSOID_FDDI_PORT_INDEXOID_FDDI_PORT_CONNECTION_CAPABILITIESOID_FDDI_PORT_PMD_CLASSOID_FDDI_PORT_MAC_LOOP_TIMEOID_FDDI_PORT_AVAILABLE_PATHSOID_FDDI_PORT_MAC_PLACEMENTOID_FDDI_PORT_REQUESTED_PATHSOID_FDDI_PORT_CURRENT_PATHOID_FDDI_PORT_MAC_INDICATEDOID_FDDI_PORT_CONNECTION_POLICIESOID_FDDI_PORT_NEIGHBOR_TYPEOID_FDDI_PORT_MY_TYPEOID_FDDI_MAC_DOWNSTREAM_PORT_TYPEOID_FDDI_SMT_MSG_TIME_STAMPOID_FDDI_SMT_BYPASS_PRESENTOID_FDDI_SMT_MAC_INDEXESOID_FDDI_SMT_PORT_INDEXESOID_TCP_RSC_STATISTICSOID_SWITCH_PORT_UPDATEDOID_GEN_OPERATIONAL_STATUSOID_SWITCH_PORT_TEARDOWNOID_SWITCH_PORT_FEATURE_STATUS_QUERYOID_SWITCH_PORT_DELETEOID_SWITCH_PORT_CREATEOID_SWITCH_PORT_ARRAYOID_SWITCH_PORT_PROPERTY_ENUMOID_SWITCH_PORT_PROPERTY_DELETEOID_SWITCH_PORT_PROPERTY_UPDATEOID_SWITCH_PORT_PROPERTY_ADDOID_NIC_SWITCH_DELETE_VPORTOID_NIC_SWITCH_ENUM_VPORTSOID_NIC_SWITCH_VPORT_PARAMETERSOID_NIC_SWITCH_CREATE_VPORTOID_GEN_MINIPORT_RESTART_ATTRIBUTESOID_GEN_PORT_AUTHENTICATION_PARAMETERSOID_GEN_PORT_STATEOID_GEN_ENUMERATE_PORTSOID_GEN_TRANSPORT_HEADER_OFFSETOID_GEN_SUPPORTED_GUIDSOID_GEN_MEDIA_SUPPORTEDOID_GEN_SUPPORTED_LISTCannot read gWfpGlobal, readed %X bytesCannot read Wfp callout count, readed %X bytesCannot read Wfp callouts, readed %X bytesCannot read WFP index functions, readed %X bytesiphlpapi.dll%SystemRoot%\System32\iphlpapi.dllAllocateAndGetTcpExTableFromStackAllocateAndGetUdpExTableFromStackGetExtendedTcpTableGetExtendedUdpTableFailed to snapshot TCP endpoints, error %dFailed to snapshot UDP endpoints, error %dCannot alloc %d bytes for UDP extended tableCannot alloc %d bytes for TCP extended tablentdll_hack::try_hack: bad PE passedntdll_hack::try_hack: cannot find section .textntdll_hack::try_hack: cannot read section .textntdll_hack::try_hack: bad section passedntdll_hack::try_hack: cannot read exports, error %d%s channel hooks:ChannelHook[%d]: %p (%p - %s) %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XChannelHook[%d]: %p (%p) %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XMallocSpy: %p vtbl %p - %swebclientmsiexec32msiexectftpftp32cmd32ccmexec32ccmexecchromeoperafirefoxProcess PID %d raise dwwin PID %dCannot alloc new process PID %d %SCannot open svchost process PID %d, error %dproc_list::read: CreateToolhelp32Snapshot failed with error %dPID %d Parent PID %d service {%S} %SPID %d Parent PID %d %SPID %d Parent PID %d kind {%S} %Sread_service_exe_name(%S): cannot expand string %SExWindowStationOpenProcedureCalloutExWindowStationParseProcedureCalloutExWindowStationDeleteProcedureCalloutExWindowStationCloseProcedureCalloutExWindowStationOkToCloseProcedureCalloutread_w8_callout failed, len %d, returned %d bytes, error %d, ntstatus %Xread_w8_callout failed, len %d, returned %d bytes, error %dPsWin32CallBack: %p %p %scheck_callouts: cannot alloc %X bytes (size %d)check_callouts failed, error %d, status %Xcheck_callouts failed, error %dCallouts (%d):%s: %p %sark_check_callbacks: cannot read size of callbacks list, error %d, ntstatus %Xark_check_callbacks: cannot read size of callbacks list, error %dark_check_callbacks: cannot read %d bytes (readed %d), error %d, ntstatus %Xark_check_callbacks: cannot read %d bytes (readed %d), error %dCB: %S, total %X:%p (%s)check_shutdown_callbacks: cannot read size of callbacks list, error %d, ntstatus %Xcheck_shutdown_callbacks: cannot read size of callbacks list, error %dcheck_shutdown_callbacks: cannot read callbacks list of %s, error %d, ntstatus %Xcheck_shutdown_callbacks: cannot read callbacks list of %s, error %d%s - %d:FastIoUnlockAllByKeyMJ_CREATE_NAMED_PIPE%s!%s.%s patched by %s, addr %p%s!%s[%d] patched by %s, addr %pCannot open driver dumpfile %s, error %dCannot open kernel dumpfile %s, error %dCannot read driver %s, error %dhal.dllShadow SDT: %p, limit %Xwin32k.sysCannot relocate section %s.%sCannot alloc %X bytes for reading driver section %s.%sDriver %s!%s has %X patched bytes !.orig.kmemCannot read driver section %s.%s (flags %X) at %p size %X readed %X, error %d, ntstatus %XCannot read driver section %s.%s (flags %X) at %p size %X readed %X, error %dCannot read kernel %s, error %dntoskrnl.exeCannot alloc %X bytes for reading kernel sectionsCannot relocate section %sKernelSection %s rva %X, size %X, 0x%X relocs has 0x%X patched bytes !Cannot read (whole) section %s (flags %X) at %p size %X (readed %X), error %d\SystemRoot\system32\hal.dll\SystemRoot\system32\halapic.dll\SystemRoot\system32\halmps.dll\SystemRoot\system32\halacpi.dll\SystemRoot\system32\halaacpi.dll\SystemRoot\system32\halmacpi.dll%SystemRoot%\System32\hal.dllhalapic.dllhalmps.dllhalacpi.dllhalaacpi.dllhalmacpi.dllDriver %S DrvObj %p:DriverUnload patched by %s, addr %pDriverStartIo patched by %s, addr %pAddDevice patched by %s, addr %pHandler %s patched by %s, addr %pHandler %s patched, addr %pHandler %d patched by %s, addr %pHandler %d patched, addr %pFastIOHandler %s patched by %s, addr %pFastIOHandler %s patched, addr %pFastIOHandler %d patched by %s, addr %pFastIOHandler %d patched, addr %pFS_FILTER_CALLBACKS %s patched by %s, addr %pFS_FILTER_CALLBACKS %s patched, addr %pFS_FILTER_CALLBACKS %d patched by %s, addr %pFS_FILTER_CALLBACKS %d patched, addr %pStartIo patched by %s, addr %pread_fsmjxxx(%S): cannot make full driver nameread_fsmjxxx(%S) failed, error %d, ntstatus %Xread_fsmjxxx(%S) failed, error %dread_mjxxx(%s): cannot make full driver nameread_mjxxx(%S) failed, error %d, ntstatus %Xread_mjxxx(%S) failed, error %dCannot alloc %X bytes for driver %s EAT checkingread_driver_eat %s failed, error %d, status %Xread_driver_eat %s failed, error %dExport addr %s.%s patched by %s !Export addr %s.%s patched !Export addr %s.%d patched by %s !Export addr %s.%d patched!\hal.dll\SystemRoot\system32\drivers\ndis.sysndis.sysdrivers\ndis.sys\SystemRoot\system32\DRIVERS\tdi.systdi.sysdrivers\tdi.sys\SystemRoot\system32\DRIVERS\tcpip.systcpip.sysdrivers\tcpip.sys\SystemRoot\system32\DRIVERS\netio.sysnetio.sysdrivers\netio.sys\SystemRoot\system32\DRIVERS\fltmgr.sysfltmgr.sysdrivers\fltmgr.sys\SystemRoot\system32\DRIVERS\ks.sysks.sysdrivers\ks.sys\SystemRoot\system32\DRIVERS\dxg.sysdrivers\dxg.sys\SystemRoot\system32\DRIVERS\dxgkrnl.sysdrivers\dxgkrnl.sys\SystemRoot\system32\DRIVERS\watchdog.sysdrivers\watchdog.sys\SystemRoot\system32\DRIVERS\ksecdd.sysksecdd.sysdrivers\ksecdd.sys\SystemRoot\System32\Drivers\Ntfs.sysntfs.sys\SystemRoot\system32\CLFS.SYSCLFS.SYS\SystemRoot\system32\drivers\ataport.sysataport.sys\SystemRoot\system32\drivers\atapi.sysatapi.sys\SystemRoot\system32\drivers\peauth.syspeauth.sys\SystemRoot\system32\drivers\WDFLDR.sysWDFLDR.sys\SystemRoot\system32\drivers\usbstor.sysusbstor.sys\SystemRoot\system32\drivers\usbd.sysusbd.sys\SystemRoot\system32\drivers\USBPORT.sysUSBPORT.sys\SystemRoot\system32\drivers\usbohci.sysusbohci.sys\SystemRoot\system32\drivers\usbehci.sysusbehci.sys\SystemRoot\system32\drivers\usbhub.sysusbhub.sys\SystemRoot\system32\drivers\usbccgp.sysusbccgp.sys\SystemRoot\system32\drivers\discache.sysdiscache.sys\SystemRoot\system32\drivers\termdd.systermdd.sys\SystemRoot\system32\drivers\rdppr.sysrdppr.sys\SystemRoot\system32\drivers\mssmbios.sysmssmbios.sys\SystemRoot\system32\drivers\1394BUS.SYS1394BUS.SYS\SystemRoot\system32\drivers\BATTC.SYSBATTC.SYS\SystemRoot\system32\drivers\bthport.sysbthport.sys\SystemRoot\system32\drivers\drmk.sysdrmk.sys\SystemRoot\system32\drivers\HIDPARSE.SYSHIDPARSE.SYS\SystemRoot\system32\drivers\HIDCLASS.SYSHIDCLASS.SYS\SystemRoot\system32\drivers\msiscsi.sysmsiscsi.sys\SystemRoot\system32\drivers\PCIIDEX.SYSPCIIDEX.SYS\SystemRoot\system32\drivers\portcls.sysportcls.sys\SystemRoot\system32\drivers\smsmdm.syssmsmdm.sys\SystemRoot\system32\drivers\STREAM.SYSSTREAM.SYS\SystemRoot\system32\drivers\vga.sysvga.sys\SystemRoot\system32\drivers\VIDEOPRT.SYSVIDEOPRT.SYS\SystemRoot\system32\drivers\vmstorfl.sysvmstorfl.sys\SystemRoot\system32\drivers\Dxapi.sysDxapi.sys\SystemRoot\system32\drivers\dxgthk.sysdxgthk.sys\SystemRoot\system32\drivers\dxgmms1.sysdxgmms1.sys\SystemRoot\system32\drivers\spsys.sysspsys.sys\SystemRoot\system32\drivers\winhv.syswinhv.sys\SystemRoot\system32\drivers\HdAudio.sysHdAudio.sys\SystemRoot\System32\cdd.dllcdd.dll\SystemRoot\System32\ATMFD.DLLATMFD.DLL\SystemRoot\System32\RDPDD.dllRDPDD.dll\SystemRoot\system32\drivers\vwifibus.sysvwifibus.sys\SystemRoot\system32\drivers\nwifi.sysnwifi.sys\SystemRoot\system32\drivers\vwififlt.sysvwififlt.sys\SystemRoot\system32\drivers\wfplwf.syswfplwf.sys\SystemRoot\system32\drivers\wfplwfs.syswfplwfs.sys\SystemRoot\system32\drivers\tmtdi.systmtdi.sys\SystemRoot\system32\drivers\netvsc60.sysnetvsc60.sys\SystemRoot\system32\drivers\mslldp.sysmslldp.sys\SystemRoot\system32\drivers\netvsc63.sysnetvsc63.sys\SystemRoot\system32\drivers\ndiscap.sysndiscap.sys\SystemRoot\system32\drivers\agilevpn.sysagilevpn.sys\SystemRoot\system32\drivers\asyncmac.sysasyncmac.sys\SystemRoot\system32\drivers\mpsdrv.sysmpsdrv.sys\SystemRoot\system32\drivers\rspndr.sysrspndr.sys\SystemRoot\system32\drivers\ndisuio.sysndisuio.sys\SystemRoot\system32\drivers\lltdio.syslltdio.sys\SystemRoot\system32\drivers\NDProxy.sysNDProxy.sys\SystemRoot\system32\drivers\raspppoe.sysraspppoe.sys\SystemRoot\system32\drivers\ndiswan.sysndiswan.sys\SystemRoot\system32\drivers\wanarp.syswanarp.sys\SystemRoot\system32\drivers\bthpan.sysbthpan.sys\SystemRoot\system32\drivers\rassstp.sysrassstp.sys\SystemRoot\system32\drivers\raspptp.sysraspptp.sys\SystemRoot\system32\drivers\rasl2tp.sysrasl2tp.sys\SystemRoot\system32\drivers\rasacd.sysrasacd.sys\SystemRoot\system32\drivers\tunnel.systunnel.sys\SystemRoot\system32\drivers\tunmp.systunmp.sys\SystemRoot\system32\drivers\pacer.syspacer.sys\SystemRoot\system32\drivers\NDISTAPI.SYSNDISTAPI.SYS\SystemRoot\system32\drivers\msgpc.sysmsgpc.sys\SystemRoot\system32\drivers\partmgr.syspartmgr.sys\SystemRoot\system32\drivers\volmgr.sysvolmgr.sys\SystemRoot\system32\drivers\volmgrx.sysvolmgrx.sys\SystemRoot\system32\drivers\mountmgr.sysmountmgr.sys\SystemRoot\system32\drivers\iaStor.sysiaStor.sys\SystemRoot\system32\drivers\volsnap.sysvolsnap.sys\SystemRoot\system32\drivers\ACPI.sysacpi.sys\SystemRoot\System32\Drivers\WppRecorder.sysWppRecorder.sys\SystemRoot\System32\Drivers\Mouclass.sysMouclass.sys\SystemRoot\System32\Drivers\kbdclass.syskbdclass.sys\SystemRoot\System32\Drivers\Fastfat.SYSFastfat.sys\SystemRoot\System32\Drivers\bowser.sysbowser.sys\SystemRoot\System32\Drivers\rdbss.sysrdbss.sys\SystemRoot\System32\Drivers\msfs.sysmsfs.sys\SystemRoot\System32\Drivers\NetBIOS.sysNetBIOS.sys\SystemRoot\System32\Drivers\mup.sysmup.sys\SystemRoot\System32\Drivers\dfs.sysdfs.sys\SystemRoot\System32\Drivers\dfsc.sysdfsc.sys\SystemRoot\System32\Drivers\npfs.SYSnpfs.sys\SystemRoot\System32\Drivers\luafv.SYSluafv.sys\SystemRoot\System32\Drivers\MRxSmb.SYSMRxSmb.sys\SystemRoot\System32\Drivers\MRxSmb10.SYSMRxSmb10.sys\SystemRoot\System32\Drivers\MRxSmb20.SYSMRxSmb20.sys\SystemRoot\System32\Drivers\MRxDAV.SYSMRxDAV.sys\SystemRoot\system32\Drivers\fltmgr.sys\SystemRoot\system32\Drivers\TDI.SYS\SystemRoot\system32\Drivers\tdx.sys\SystemRoot\system32\Drivers\ipfltdrv.sys\SystemRoot\system32\Drivers\tcpip.sys\SystemRoot\System32\drivers\afd.sysafd.sys\SystemRoot\System32\drivers\netbt.sys\SystemRoot\System32\drivers\NETIO.sys\SystemRoot\System32\drivers\srv.syssrv.sys\SystemRoot\System32\drivers\srv2.syssrv2.sys\SystemRoot\System32\drivers\srvnet.sys\SystemRoot\System32\drivers\sr.syssr.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\http.syshttp.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\msrpc.sysmsrpc.sys\SystemRoot\system32\DRIVERS\disk.sysdisk.sys\SystemRoot\system32\DRIVERS\ftdisk.sysftdisk.sys\SystemRoot\system32\DRIVERS\Storport.SYSStorport.SYS\SystemRoot\system32\DRIVERS\CLASSPNP.SYSCLASSPNP.SYS\SystemRoot\system32\Drivers\ks.sys\SystemRoot\System32\Drivers\ksecdd.sysksecdd.SYS\SystemRoot\system32\kdcom.dllkdcom.dll\SystemRoot\System32\Drivers\cng.syscng.sys\SystemRoot\system32\PSHED.dllPSHED.dll\SystemRoot\system32\CI.dllCI.dll\SystemRoot\system32\DRIVERS\WMILIB.SYSwmilib.sysCannot find %s for IAT resolving of %sCannot alloc %X bytes for drivers IAT checkingCannot find %s import %s.%sCannot find %s import %s.%dIAT %s %s.%s patched, addr %pIAT %s %s.%d patched, addr %pIAT %s %s.%s patched by %s, addr %pIAT %s %s.%d patched by %s, addr %p%s has %d patched IAT entries (total %d)reading of IAT %s failed, readed %X, actual IAT size %X, error %dcheck_exts count failed, error %d, ntstatus %Xcheck_exts count failed, error %dcheck_exts: cannot alloc %X bytescheck_exts failed, error %d, ntstatus %Xcheck_exts failed, error %dExt[%X]:Handler1: %p %sHandler2: %p %sHandler3: %p %sTable: %X items %p %sItem[%X]: %p %sIRP_MJ_CREATE_NAMED_PIPEUnknown fltmgr: FrameList %X FilterSize %X cbn %XUnknown fltmgr: FrameList %X FilterSize %XFltMgr: index %dFRAME[%d] %p%s: %pNormalizeNameComponent: %p %sNormalizeContextCleanup: %p %sPreOperation: %p %sPostOperation: %p %scheck_ks: cannot read size of ks list, error %d, ntstatus %Xcheck_ks: cannot read size of ks list, error %dks count: %Xcheck_ks: cannot alloc %X bytescheck_ks: cannot read ks list, error %d, ntstatus %Xcheck_ks: cannot read ks list, error %dks[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XChangeAccountPasswordImportSecurityContextExportSecurityContextgKsecpBCryptExtension: %p %sgKsecpSslExtension: %p %sSecTable.%s patched %p %sdxg.sysdxgkrnl.sysWin32kCallout: %p %sSessionStartCallout: %p %sKTIMER %p DPC %p DefRoutine %p %sCannot find KPRCB.DpcRoutineActiveUnknown KPRCB: DpcRoutineActive %X WorkerRoutine %XUnknown KPRCB: DpcRoutineActive %XProcessor %d:KTIMERS[%d]: %XPatched %s %X by %sPatched ord.%d %X by %sPatched %s %XPatched ord.%d %XPatched %s by %sPatched ord.%d by %sPatched %sPatched ord.%dException %X occured during EAT checking of %scheck_module_iat(%s) - cannot find exports for %scheck_module_iat(%s): zeroed ImportLookUp, cannot check importCannot find ordinal %X in module %s (%s) in import table of %sCannot find symbol %s in module %s (%s) in import table of %s(%s) %s.%s hooked in %s: my IAT %p, must be %p(%s) %s.%d hooked in %s: my IAT %p, must be %papfn %s patched by %s, addr %papfn[%d] patched by %s, addr %papfn %s patched, addr %papfn[%d] patched, addr %p%s%s!%s patched by %s, addr %p%s%s![%d] patched by %s, addr %p%s%s!%s patched, addr %p%s%s![%d] patched, addr %pLSA SP %s has %d patched functions in SECPKG_FUNCTION_TABLE:PID %d: LSA SP %s has %d patched functions in SECPKG_USER_FUNCTION_TABLE:PID %d: LSA SP %s has %d patched functions in CallPackageDispatch:ole32 hooked by %sCannot relocate section %s!%sException %X occured on checking %s!%sModule %s!%s has %X patched bytes !Exception %X occured on check_module_iat(%s)MyModule: %p %s%SystemRoot%\System32\ncrypt.dll%SystemRoot%\System32\ntdsa.dll%SystemRoot%\System32\kernelbase.dll%SystemRoot%\System32\kernel32.dll%SystemRoot%\System32\user32.dll%SystemRoot%\System32\umpnpmgr.dll%SystemRoot%\System32\combase.dll%SystemRoot%\System32\ole32.dll%SystemRoot%\System32\imm32.dll%SystemRoot%\System32\rpcrt4.dll%SystemRoot%\System32\mswsock.dll%SystemRoot%\System32\advapi32.dll%SystemRoot%\System32\cryptbase.dll%SystemRoot%\System32\apisetschema.dllread_ndis_oid_handlers failed, returned %d bytes, error %d, ntstatus %Xread_ndis_oid_handlers failed, returned %d bytes, error %d[%X] %s: post %p %s[%X] %s: pre %p %s[%X] %s: pre %p (%s) post %p (%s)[%X] %X: post %p %s[%X] %X: pre %p %s[%X] %X: pre %p (%s) post %p (%s)read_tcp_off_handlers failed, returned %d bytes, error %d, ntstatus %Xread_tcp_off_handlers failed, returned %d bytes, error %dTcpOfflineHandlers:TcpOffloadEventIndicate: %p %sTcpOffloadReceiveIndicate: %p %sTcpOffloadSendComplete: %p %sTcpOffloadReceiveComplete: %p %sTcpOffloadDisconnectComplete: %p %sTcpOffloadForwardComplete: %p %sCannot alloc %X bytes from reading filter blockread_ndis_filter_block: len %d, returned %d bytes, error %d, ntstatus %Xread_ndis_filter_block: len %d, returned %d bytes, error %dcheck_ndis - reading of TDI callback failed, error %d, ntstatus %Xcheck_ndis - reading of TDI callback failed, error %dcheck_ndis - reading of TDI PnP handler failed, error %d, ntstatus %Xcheck_ndis - reading of TDI PnP handler failed, error %dTDI callback %p patched by %sTDI PnP handler %p patched by %scheck_ndis - reading of providers count failed, error %d, ntstatus %Xcheck_ndis - reading of providers count failed, error %dcheck_ndis: %d providerscheck_ndis: cannot alloc %X bytesCannot store provider_block %p (%d)check_ndis: stored %d provider_blockscheck_ndis - reading of interfaces count failed, error %d, ntstatus %Xcheck_ndis - reading of interfaces count failed, error %dcheck_ndis: %d interfaces, size of miniport %XInterface[%d]:check_ndis - reading of protocols count failed, error %d, ntstatus %Xcheck_ndis - reading of protocols count failed, error %dcheck_ndis: %d protocols, size of protocol %Xcheck_ndis: stored %d protocolscheck_ndis - reading of minidrivers count failed, error %d, ntstatus %Xcheck_ndis - reading of minidrivers count failed, error %dcheck_ndis: %d minidrivers, size of minidriver %X, sizeof(ndis50) %X, sizeof(ndis52) %XCannot store minidriver %d (%p)Stored %d mini-driverscheck_ndis - reading of miniports count failed, error %d, ntstatus %Xcheck_ndis - reading of miniports count failed, error %dcheck_ndis: %d miniports, size of miniport %Xcheck_ndis: read %d miniports, total %XMiniport[%d] %p:check_ndis: stored %d miniports, sizeof(miniport_block_w7) %Xcheck_ndis - reading of open_blocks count failed, error %d, ntstatus %Xcheck_ndis - reading of open_blocks count failed, error %dcheck_ndis: %d open_blocks, size of open_block %Xcheck_ndis: read %d open_blocks, total %XOpen_Block[%d]:Cannot store open_block %p (%d)check_ndis: stored %d open_blockscheck_ndis - reading of filter_drivers count failed, error %d, ntstatus %Xcheck_ndis - reading of filter_drivers count failed, error %dcheck_ndis: %d filter_drivers, size of open_block %Xcheck_ndis: read %d filter_drivers, total %XFilterDriver[%d]:check_ndis: stored %d filter_drivers, %d filter_blocksPassiveread_punicode_string failed, len %d, returned %d bytes, error %d, ntstatus %Xread_punicode_string failed, len %d, returned %d bytes, error %dCannot read NDIS_MINIPORT_INTERRUPT %pNDIS_MINIPORT_INTERRUPT:MiniportIsr: %p %sMiniportDpc: %p %sCannot read NDIS_MINIPORT_INTERRUPT_CHARACTERISTICS %pNDIS_MINIPORT_INTERRUPT_CHARACTERISTICS:InterruptHandler: %p %sInterruptDpcHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sMessageInterruptHandler: %p %sMessageInterruptDpcHandler: %p %sDisableMessageInterruptHandler: %p %sEnableMessageInterruptHandler: %p %sMiniportIsr: %p %sMiniportDpc: %p %sMiniportMessageIsr: %p %sMiniportMessageInterruptDpc: %p %sMiniportIsr: %p %sMiniportDpc: %p %sMiniportEnableInterrupt: %p %sMiniportDisableInterrupt: %p %sMiniportMessageIsr: %p %sMiniportMessageInterruptDpc: %p %sMiniportDisableMessageInterrupt: %p %sMiniportEnableMessageInterrupt: %p %sNDIS Protocol[%d]: %SMajorNdisVersion %dMinorNdisVersion %dFlags %XOpenAdapterCompleteHandler: %p %sCloseAdapterCompleteHandler: %p %sSendCompleteHandler: %p %sTransferDataCompleteHandler: %p %sResetCompleteHandler: %p %sRequestCompleteHandler: %p %sReceiveHandler: %p %sReceiveCompleteHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sReceivePacketHandler: %p %sBindAdapterHandler: %p %sUnbindAdapterHandler: %p %sPnPEventHandler: %p %sUnloadHandler: %p %sCoSendCompleteHandler: %p %sCoStatusHandler: %p %sCoReceivePacketHandler: %p %sCoAfRegisterNotifyHandler: %p %sMajorNdisVersion %dMinorNdisVersion %dMajorDriverVersion %dMinorDriverVersion %dFlags %XIsIPv4 %dIsIPv6 %dIsNdisTest6 %dBindAdapterHandlerEx: %p %sUnbindAdapterHandlerEx: %p %sOpenAdapterCompleteHandlerEx: %p %sCloseAdapterCompleteHandlerEx: %p %sPnPEventHandler: %p %sUnloadHandler: %p %sUninstallHandler: %p %sRequestCompleteHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sReceiveNetBufferListsHandler: %p %sSendNetBufferListsCompleteHandler: %p %sCoStatusHandler: %p %sCoAfRegisterNotifyHandler: %p %sCoReceiveNetBufferListsHandler: %p %sCoSendNetBufferListsCompleteHandler: %p %sOpenAdapterCompleteHandler: %p %sCloseAdapterCompleteHandler: %p %sSendCompleteHandler: %p %sTransferDataCompleteHandler: %p %sResetCompleteHandler: %p %sReceiveHandler: %p %sReceiveCompleteHandler: %p %sReceivePacketHandler: %p %sBindAdapterHandler: %p %sUnbindAdapterHandler: %p %sCoSendCompleteHandler: %p %sCoReceivePacketHandler: %p %sOidRequestCompleteHandler: %p %sInitiateOffloadCompleteHandler: %p %sTerminateOffloadCompleteHandler: %p %sUpdateOffloadCompleteHandler: %p %sInvalidateOffloadCompleteHandler: %p %sQueryOffloadCompleteHandler: %p %sIndicateOffloadEventHandler: %p %sTcpOffloadSendCompleteHandler: %p %sTcpOffloadReceiveCompleteHandler: %p %sTcpOffloadDisconnectCompleteHandler: %p %sTcpOffloadForwardCompleteHandler: %p %sTcpOffloadEventHandler: %p %sTcpOffloadReceiveIndicateHandler: %p %sUnknown NDIS Type %X and Size %XDirectOidRequestCompleteHandler: %p %sAllocateSharedMemoryHandler: %p %sFreeSharedMemoryHandler: %p %sUnknown ndis protocol size: %XNDIS MiniDriver[%d] %pMajorNdisVersion: %dMinorNdisVersion: %dCheckForHangHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sHaltHandler %p %sHandleInterruptHandler: %p %sInitializeHandler: %p %sISRHandler: %p %sQueryInformationHandler: %p %sReconfigureHandler: %p %sResetHandler: %p %sSendHandler: %p %sSetInformationHandler: %p %sTransferDataHandler: %p %sReturnPacketHandler: %p %sSendPacketsHandler: %p %sAllocateCompleteHandler: %p %sCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendPacketsHandler: %p %sCoRequestHandler: %p %sCheckForHangHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sHaltHandler %p %sHandleInterruptHandler: %p %sInitializeHandler: %p %sISRHandler: %p %sQueryInformationHandler: %p %sReconfigureHandler: %p %sResetHandler: %p %sSendHandler: %p %sSetInformationHandler: %p %sTransferDataHandler: %p %sReturnPacketHandler: %p %sSendPacketsHandler: %p %sAllocateCompleteHandler: %p %sCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendPacketsHandler: %p %sCoRequestHandler: %p %sCancelSendPacketsHandler: %p %sPnPEventNotifyHandler: %p %sAdapterShutdownHandler: %p %sCheckForHangHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sHaltHandler %p %sHandleInterruptHandler: %p %sInitializeHandler: %p %sISRHandler: %p %sQueryInformationHandler: %p %sReconfigureHandler: %p %sResetHandler: %p %sSendHandler: %p %sSetInformationHandler: %p %sTransferDataHandler: %p %sReturnPacketHandler: %p %sSendPacketsHandler: %p %sAllocateCompleteHandler: %p %sCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendPacketsHandler: %p %sCoRequestHandler: %p %sCancelSendPacketsHandler: %p %sPnPEventNotifyHandler: %p %sAdapterShutdownHandler: %p %sISRHandlerEx: %p %sHandleInterruptHandlerEx: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sReturnPacketsHandlerEx: %p %sRequestTimeoutDpcHandler: %p %sMajorNdisVersion: %dMinorNdisVersion: %dMajorDriverVersion: %dMinorDriverVersion: %dFlags: %XSetOptionsHandler: %p %sInitializeHandlerEx: %p %sHaltHandlerEx: %p %sUnloadHandler: %p %sPauseHandler: %p %sRestartHandler: %p %sOidRequestHandler: %p %sSendNetBufferListsHandler: %p %sReturnNetBufferListsHandler: %p %sCancelSendHandler: %p %sCheckForHangHandlerEx: %p %sResetHandlerEx: %p %sDevicePnPEventNotifyHandler: %p %sShutdownHandlerEx: %p %sCancelOidRequestHandler: %p %sDirectOidRequestHandler: %p %sCancelDirectOidRequestHandler: %p %sNDIS MiniPort[%d] %pState: %sMediaType: %sAdapterType: %sDefaultSendAuthorizationState: %sDefaultRcvAuthorizationState: %sDefaultPortSendAuthorizationState: %sDefaultPortRcvAuthorizationState: %sNextCancelSendNetBufferListsHandler: %p %sPacketIndicateHandler: %p %sSendCompleteHandler: %p %sSendResourcesHandler: %p %sResetCompleteHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sSendPacketsHandler: %p %sDeferredSendHandler: %p %sEthRxIndicateHandler: %p %sNextSendNetBufferListsHandler: %p %sEthRxCompleteHandler: %p %sSavedNextSendNetBufferListsHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sTDCompleteHandler: %p %sQueryCompleteHandler: %p %sSetCompleteHandler: %p %sWanSendCompleteHandler: %p %sWanRcvHandler: %p %sWanRcvCompleteHandler: %p %sSendNetBufferListsCompleteHandler: %p %sWSendPacketsHandler: %p %sNextSendPacketsHandler: %p %sFinalSendPacketsHandler: %p %sTopIndicateNetBufferListsHandler: %p %sTopIndicateLoopbackNetBufferListsHandler: %p %sNdis5PacketIndicateHandler: %p %sMiniportReturnPacketHandler: %p %sSynchronousReturnPacketHandler: %p %sTopNdis5PacketIndicateHandler: %p %sAllocateSharedMemoryHandler: %p %sFreeSharedMemoryHandler: %p %sSetBusData: %p %sGetBusData: %p %sNoFilter.CancelSendHandler %p %sNoFilter.SendNetBufferListsCompleteHandler %p %sNoFilter.IndicateNetBufferListsHandler %p %sNoFilter.SaveIndicateNetBufferListsHandler %p %sNoFilter.ReturnNetBufferListsHandler %p %sNoFilter.SendNetBufferListsHandler %p %sNext.CancelSendHandler %p %sNext.SendNetBufferListsCompleteHandler %p %sNext.IndicateNetBufferListsHandler %p %sNext.SaveIndicateNetBufferListsHandler %p %sNext.ReturnNetBufferListsHandler %p %sNext.SendNetBufferListsHandler %p %sName: %SBaseName: %SSymbolicLinkName: %SNextCancelSendNetBufferListsHandler %p %sTrRxIndicateHandler: %p %sTrRxCompleteHandler: %p %sIndicateNetBufferListsHandler: %p %sNextReturnNetBufferLists: %p %sSavedIndicateNetBufferListsHandler: %p %sSavedPacketIndicateHandler: %p %sShutdownHandler: %p %sNDIS MiniPort[%d] %SBusType: %sPacketIndicateHandler: %p %sSendCompleteHandler: %p %sSendResourcesHandler: %p %sResetCompleteHandler: %p %sDeferredSendHandler: %p %sEthRxIndicateHandler: %p %sTrRxIndicateHandler: %p %sFddiRxIndicateHandler: %p %sEthRxCompleteHandler: %p %sTrRxCompleteHandler: %p %sFddiRxCompleteHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sTDCompleteHandler: %p %sQueryCompleteHandler: %p %sSetCompleteHandler: %p %sWanSendCompleteHandler: %p %sWanRcvHandler: %p %sWanRcvCompleteHandler: %p %sAdapterInstanceName: %SOpenBlock [%d] %pRootName: %SBindName: %SProtocolMajorVersion: %XNextSendHandler: %p %sNextReturnNetBufferListsHandler: %p %sSendHandler: %p %sTransferDataHandler: %p %sWanReceiveHandler: %p %sSendPacketsHandler: %p %sResetHandler: %p %sRequestHandler: %p %sOidRequestHandler: %p %sWSendHandler: %p %sWTransferDataHandler: %p %sWSendPacketsHandler: %p %sCancelSendPacketsHandler: %p %sProtSendNetBufferListsComplete: %p %sNextSendNetBufferListsComplete: %p %sReceiveNetBufferLists: %p %sSavedSendNBLHandler: %p %sSavedSendPacketsHandler: %p %sSavedCancelSendPacketsHandler: %p %sSavedSendHandler: %p %sNdis5WanSendHandler: %p %sProtSendCompleteHandler: %p %sOidRequestCompleteHandler %p %sOpenFlags: %XDirectOidRequestHandler: %p %sRootName: %SBindName: %SFlags: %XSendHandler: %p %sWanSendHandler: %p %sTransferDataHandler: %p %sWanReceiveHandler: %p %sSendPacketsHandler: %p %sResetHandler: %p %sRequestHandler: %p %sWSendHandler: %p %sWTransferDataHandler: %p %sWSendPacketsHandler: %p %sCancelSendPacketsHandler: %p %sFlags %XMtu %XPromiscuousMode %dAccessType %sDirectionType %sConnectionType %sMediaType %sMediaConnectState %sAdminStatus %sOperStatus %sInterfaceGuid %sNetworkGuid %sifIndex %XifDescr %SifAlias %SFilterDriverCharacteristics[%d]:FriendlyName: %SUniqueName: %SServiceName: %SSetOptionsHandler: %p %sSetFilterModuleOptionsHandler: %p %sAttachHandler: %p %sDetachHandler: %p %sRestartHandler: %p %sPauseHandler: %p %sSendNetBufferListsHandler: %p %sSendNetBufferListsCompleteHandler: %p %sCancelSendNetBufferListsHandler: %p %sReceiveNetBufferListsHandler: %p %sReturnNetBufferListsHandler: %p %sOidRequestHandler: %p %sOidRequestCompleteHandler: %p %sCancelOidRequestHandler: %p %sDevicePnPEventNotifyHandler: %p %sNetPnPEventHandler: %p %sStatusHandler: %p %sDirectOidRequestHandler: %p %sDirectOidRequestCompleteHandler: %p %sCancelDirectOidRequestHandler: %p %sInterfaceGuid: %sFilterState: %sNextSendNetBufferListsHandler: %p %sNextSendNetBufferListsCompleteHandler: %p %sNextIndicateReceiveNetBufferListsHandler: %p %sNextReturnNetBufferListsHandler: %p %sNextCancelSendNetBufferListsHandler: %p %sSetFilterModuleOptionalHandlers: %p %sOidRequestHandler: %p %sOidRequestCompleteHandler: %p %sCancelRequestHandler: %p %sDevicePnPEventNotifyHandler: %p %sNetPnPEventHandler: %p %sStatusHandler: %p %sFilterSendNetBufferListsHandler: %p %sFilterIndicateReceiveNetBufferListsHandler: %p %sFilterCancelSendNetBufferListsHandler: %p %sInitiateOffloadCompleteHandler: %p %sTerminateOffloadCompleteHandler: %p %sUpdateOffloadCompleteHandler: %p %sInvalidateOffloadCompleteHandler: %p %sQueryOffloadCompleteHandler: %p %sIndicateOffloadEventHandler: %p %sTcpOffloadSendCompleteHandler: %p %sTcpOffloadReceiveCompleteHandler: %p %sTcpOffloadDisconnectCompleteHandler: %p %sTcpOffloadForwardCompleteHandler: %p %sTcpOffloadEventHandler: %p %sTcpOffloadReceiveIndicateHandler: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sDirectOidRequestHandler: %p %sDirectOidRequestCompleteHandler: %p %sCancelDirectOidRequestHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sProvider[%d]: %pQueryObjectHandler: %p %sSetObjectHandler: %p %sFilterDriverBlock[%d]InitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sClCreateVcHandler: %p %sClDeleteVcHandler: %p %sClOidRequestHandler: %p %sClOidRequestCompleteHandler: %p %sClOpenAfCompleteHandlerEx: %p %sClCloseAfCompleteHandler: %p %sClRegisterSapCompleteHandler: %p %sClDeregisterSapCompleteHandler: %p %sClMakeCallCompleteHandler: %p %sClModifyCallQoSCompleteHandler: %p %sClCloseCallCompleteHandler: %p %sClAddPartyCompleteHandler: %p %sClDropPartyCompleteHandler: %p %sClIncomingCallHandler: %p %sClIncomingCallQoSChangeHandler: %p %sClIncomingCloseCallHandler: %p %sClIncomingDropPartyHandler: %p %sClCallConnectedHandler: %p %sClNotifyCloseAfHandler: %p %sCmCreateVcHandler: %p %sCmDeleteVcHandler: %p %sCmOpenAfHandler: %p %sCmCloseAfHandler: %p %sCmRegisterSapHandler: %p %sCmDeregisterSapHandler: %p %sCmMakeCallHandler: %p %sCmCloseCallHandler: %p %sCmIncomingCallCompleteHandler: %p %sCmAddPartyHandler: %p %sCmDropPartyHandler: %p %sCmActivateVcCompleteHandler: %p %sCmDeactivateVcCompleteHandler: %p %sCmModifyCallQoSHandler: %p %sCmOidRequestHandler: %p %sCmOidRequestCompleteHandler: %p %sCmNotifyCloseAfCompleteHandler: %p %sDriverVersion: %XCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendNetBufferListsHandler: %p %sCoRequestHandler: %p %sCoOidRequestHandler: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sAddDeviceHandler: %p %sRemoveDeviceHandler: %p %sFilterResourceRequirementsHandler: %p %sStartDeviceHandler: %p %sServiceName: %SCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendNetBufferListsHandler: %p %sCoRequestHandler: %p %sCoOidRequestHandler: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sAddDeviceHandler: %p %sRemoveDeviceHandler: %p %sFilterResourceRequirementsHandler: %p %sStartDeviceHandler: %p %sOpenNDKAdapterHandler: %p %sCloseNDKAdapterHandler: %p %sIdleNotificationHandler: %p %sCancelIdleNotificationHandler: %p %sAllocateNetBufferListForwardingContextHandler: %p %sFreeNetBufferListForwardingContextHandler: %p %sAddNetBufferListDestinationHandler: %p %sSetNetBufferListSourceHandler: %p %sGrowNetBufferListDestinationsHandler: %p %sGetNetBufferListDestinationsHandler: %p %sUpdateNetBufferListDestinationsHandler: %p %sCopyNetBufferListInfoHandler: %p %sReferenceSwitchNicHandler: %p %sDereferenceSwitchNicHandler: %p %sReferenceSwitchPortHandler: %p %sDereferenceSwitchPortHandler: %p %sReportFilteredNetBufferListsHandler: %p %sImageName: %SSetNetBufferListSwitchContextHandler: %p %sGetNetBufferListSwitchContextHandler: %p %snetio legacy handler %p %sread netio legacy handler failed, error %d, status %Xread netio legacy handler failed, error %d%p %sread netio WfpNblInfoDispTable failed, error %d, status %Xread netio WfpNblInfoDispTable failed, error %dnetio MacShim %p %sWfpShim[%d] %p %sUnknown WFP callout size %dWFP callout[%d]:ClassifyCallback: %p %sNotifyCallback: %p %suFlowDeleteFunction: %p %sException %X on sysptr seed reading at %pDecode system scheme - %sDecode scheme - %sCannot read my process cookie, error %XTrace[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X (%p) %sTrace[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X %pSystemFunction%3.3d (%p) %sPFNCLIENT.%s patched by %s (%p)PFNCLIENT.%s patched %pcheck_user32_pfnclient: exception %X occuredPFNCLIENTWORKER.%s patched by %s (%p)PFNCLIENTWORKER.%s patched %pConsoleCtrlHandler[%d]: %s (%p)ConsoleCtrlHandler[%d]: %p UNKNOWNConsoleCtrlHandler: %s (%p)UnhandledExceptionFilter: %s (%p)ShimModule: %s (%p)RtlpStartThreadFunc: %s (%p)RtlpExitThreadFunc: %s (%p)RtlpUnhandledExceptionFilter: %s (%p)RtlSecureMemoryCacheCallback: %s (%p)TppLogpRoutine: %s (%p)CsrServerApiRoutine: %s (%p)LdrpManifestProberRoutine: %s (%p)LdrpCreateActCtxLanguage: %s (%p)LdrpReleaseActCtx: %s (%p)LdrpAppCompatDllRedirectionCallbackFunction: %s (%p)%s%s!%s patched by %s (addr %p)%s%s.%d patched by %s (addr %p)%s%s.%d patched, addr %pPID %d trace callbacks: %dTrace[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X %p %sProcess PID %d has the same token as system process: %p !!!Process PID %d token: %p%p %s %8X%p %s %8XCheckProc: cannot get modules list for PID %d (%S), error %d, ntstatus %XCheckProc: cannot get modules list for PID %d (%S), error %dCheckProcess PID %d (%S):PEB.PostProcessInitRoutine: %p %sPEB.PostProcessInitRoutine: %p UNKNOWNPEB.pShimData: %pPEB.AppCompat: %pPEB.FastPebLockRoutine: %p %sPEB.FastPebLockRoutine: %p UNKNOWNPEB.FastPebUnlockRoutine: %p %sPEB.FastPebUnlockRoutine: %p UNKNOWNModule: %s at %pCannot read %s, PID %d, error %dPID %d: LSA SP %s has %d patched functions in SECPKG_FUNCTION_TABLE:PID %d: ncrypt has %d patched functionsPID %d: mswsock has %d patched functions in SockProcTablePID %d: mswsock has %d patched functions in NspVectorPID %d: mswsock has %d patched MSAFD functionsSHAREDINFO.aheList: %pPID %d: ntdsa has %d patched functionsPID %d - ole32 hooked by %sPID %d - ole32 hooked by unknown module, addr %pPID %d: rpcrt4 has %d patched functionsPID %d: basesrv has %d patched user functionsPID %d: winsrv has %d patched user functionsPID %d: winsrv has %d patched cons functionsPID %d: lsasrv has %d patched functionsPID %d: lsasrv has %d patched functions in LsapSspiExtensionPID %d: lsasrv has %d patched functions in LsapLookupExtensionPID %d: lsasrv has %d patched functions in LsapLsasrvIfTableCannot alloc %X bytes for EAT checking of %s, PID %dCannot read EAT of %s, PID %dCannot alloc %X bytes for checking section %s of %s, PID %dCannot read section %s content %X bytes of %s, PID %dCannot make section %s of %s, PID %dModule %s section %s has %X patched bytes, PID %dPID %d: user32 has %d patched imm32 functionsPID %d: advapi32 has %d patched functionsPID %d: kernel32 has %d patched functionsShimHandler[%d]: %p %sShimHandler[%d]: %p UNKNOWN, located at %pApplicationRecoveryCallback: %s (%p)%s, PID %d:Cannot alloc %X bytes for IAT checking of %s, PID %dCannot read IAT (size %X at %p) of %s, PID %dCannot find function %s.%s for module %s process %dCannot find function %s.%d for module %s process %dIAT Patched %s.%s in module %s process %d by %sIAT Patched %s.%s in module %s process %d, addr %pIAT Patched %s.%d in module %s process %d by %sIAT Patched %s.%d in module %s process %dCannot alloc %X bytes for delayed IAT checking of %s, PID %dCannot read delayed IAT (size %X at %p) of %s, PID %dCannot find delayed function %s.%s for module %s process %dCannot find delayed function %s.%d for module %s process %dLdrpDllNotificationList: %d%p %sRead %d QueuedWorkerItems:[%d] %p %scheck_drivers_reinit: cannot read size of list, error %d, status %Xcheck_drivers_reinit: cannot read size of list, error %dcheck_drivers_reinit: cannot alloc %X bytescheck_drivers_reinit: cannot read list, error %d, ntstatus %Xcheck_drivers_reinit: cannot read list, error %d[%d] Drv %p %s routine %p %sread_shutdown_notificators: cannot read size of %s, error %d, status %Xread_shutdown_notificators: cannot read size of %s, error %dread_shutdown_notificators: cannot alloc %X bytesread_shutdown_notificators: cannot read %s, error %d, ntstatus %Xread_shutdown_notificators: cannot read %s, error %d[%d] DevObj %p Drv %p (addr %p) %s[%d] DevObj %p Drv %p %sMailSlot: %S, server %d (%S)MailSlot: %S, server %dNamedPipe: %S, server %d (%S)NamedPipe: %S, server %dFlags: %X, server %d (%S)Flags: %X, creator %d, server %dFlags: %X, server %dEndpoints: %dEndpoint %S PID %d (%S):Endpoint %S:RPC controls: %d%S: %S%8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X version %d.%dCannot load kernel %sUnknown scheduler: ReadySummary %X DispatcherReadyListHead %XUnknown scheduler: ReadySummary %X DeferredReadyListHead %XUnknown scheduler: ReadySummary %XReaded %d threads, total %dThread %p ProcID %X ThreadID %X Win32Thread %p %sThread %p ProcID %X ThreadID %X Priority %d Win32Thread %pThread %p ProcID %X ThreadID %X %sThread %p ProcID %X ThreadID %X Priority %dreading count of threads on processor %d failed, error %X%d threadsreading of threads on processor %d failed, error %XScheduler index %dreading count of threads failed, error %Xreading of threads failed, error %XCannot find ETHREAD.ServiceTableUnknown version of ETHREAD, offset %XCannot alloc %X bytes for ProcessesAndThreadsInformationCannot realloc %X bytes for ProcessesAndThreadsInformationProcessesAndThreadsInformation failed, error %Xread_sdt for threadID %X failed, error %d, status %Xread_sdt for threadID %X failed, error %dProcessID %X (%S) ThreadID %X SDT %p %sProcessID %X ThreadID %X SDT %p %sread_thread_token for threadID %X failed, error %d, status %Xread_thread_token for threadID %X failed, error %dProcessID %X (%S) ThreadID %X token %p ImpersonationLevel %dProcessID %X ThreadID %X token %p ImpersonationLevel %dCannot detect ETHREAD.StartAddressUnknown kernel %s, StartAddress %X, IrpList %X, StackLimit %X, StackBase %XUnknown kernel %s, StartAddress %X, StackLimit %X, StackBase %XUnknown kernel %s, StartAddress %X, IrpList %XUnknown kernel %s, StartAddress %XCannot read count of system threads, ntstatus %XCannot alloc %d bytesCannot read system threads, ntstatus %X%d System ThreadsThread %p Start %p %c stack %p limit %p %sread IPSec status failed, error %d, status %Xread IPSec status failed, error %dIPSec status %XIPSecHandler: %p %sIPSecQueryStatus: %p %sIPSecSendCmplt: %p %sIPSecNdisStatus: %p %sIPSecRcvFWPacket: %p %scheck_tdi_pnp_clnts: cannot read size of clnts list, error %d, ntstatus %Xcheck_tdi_pnp_clnts: cannot read size of clnts list, error %dcheck_tdi_pnp_clnts: cannot alloc %X bytescheck_tdi_pnp_clnts: cannot read clnts list, error %d, ntstatus %Xcheck_tdi_pnp_clnts: cannot read clnts list, error %dTDI PnP clients: %d (readed %d)[%d]: version %X %SPnPPowerHandler: %p %sBindHandler: %p %sUnBindHandler: %p %sAddAddressHandler: %p %sDelAddressHandler: %p %sMicrosoft-Windows-Windows Firewall With Advanced SecurityMicrosoft-Windows-Kernel-BootMicrosoft-Windows-EQoSMicrosoft-Windows-XWizardsASP.NET EventsMicrosoft-Windows-UIRibbonMicrosoft-Windows-WPD-CompositeClassDriverMicrosoft-Windows-Wired-AutoConfigMicrosoft-Windows-PrintServiceMicrosoft-Windows-ApplicationExperience-LookupServiceTriggerMicrosoft-Windows-IDCRLMicrosoft-Windows-MPS-DRVMicrosoft-Windows-P2P-MeshMicrosoft-Windows-TabletPC-MathRecognizerMicrosoft-Windows-Spell-CheckingMicrosoft-Windows-FaxMicrosoft-Windows-GroupPolicyMicrosoft-Windows-CrashdumpMicrosoft-Windows-PrintSpoolerMicrosoft-Windows-LanguagePackSetupMicrosoft-Windows-OneXMicrosoft-Windows-OfflineFiles-CscApiMicrosoft-Windows-ADSIMicrosoft-Windows-Dhcp-ClientMicrosoft-Windows-CertificateServicesClient-AutoEnrollmentMicrosoft-Windows-NlaSvcMicrosoft-Windows-Diagnosis-MSDEMicrosoft-Windows-SpoolerWin32SPLMicrosoft-Windows-SPB-ClassExtensionMicrosoft-Windows-Kernel-MemoryMicrosoft-Windows-Application Server-ApplicationsMicrosoft-Windows-MUIMicrosoft-Windows-P2P-CollabMicrosoft-Windows-Security-NetlogonMicrosoft-Windows-SQM-EventsMicrosoft-Windows-USB-USBPORTMicrosoft-Windows-SendToMicrosoft-Windows-AITMicrosoft-Windows-P2P-CRPPrintFilterPipelineSvc_ObjectsGuidMicrosoft-Windows-IME-JPPREDMicrosoft-Windows-WMPMicrosoft-Windows-Eqos-SQM-ProviderMSDADIAG.ETWMicrosoft-Windows-Processor-AggregatorMicrosoft-Windows-ErrorReportingConsoleMicrosoft-Windows-SmartCard-TPM-VCard-ModuleMicrosoft-Windows-User Profiles ServiceMicrosoft-Windows-Crypto-CNGMicrosoft-Windows-LinkLayerDiscoveryProtocolMicrosoft-Windows-TaskbarCPLMicrosoft-Windows-Networking-CorrelationMicrosoft-Windows-RestartManagerMicrosoft-Windows-WMPDMCCoreMicrosoft-Windows-TCPIPMicrosoft-Windows-MSDTCMicrosoft-Windows-Resources-MrmBcMicrosoft-Windows-Time-ServiceMicrosoft-Windows-HomeGroup-ProviderServiceMicrosoft-Windows-DriverFrameworks-UserModeMicrosoft-Windows-Runtime-NetworkingMicrosoft-Windows-Network-Connection-BrokerMicrosoft-Windows-Shell-AppWizCplMicrosoft-Windows-PDCMicrosoft-Windows-BiometricsMicrosoft-Windows-IME-SCDICCOMPILERMicrosoft-Windows-WininitMicrosoft-Windows-Dwm-DwmMicrosoft-Windows-Photo-Image-CodecMicrosoft-Windows-TaskSchedulerMicrosoft-Windows-oskMicrosoft-Windows-Kernel-PowerTriggerMicrosoft-Windows-EventLog-WMIProviderMicrosoft-Windows-IME-OEDCompilerMicrosoft-Windows-WER-SystemErrorReportingMicrosoft-Windows-DeplorchMicrosoft-Windows-SPB-HIDI2CMicrosoft-Windows-UxThemeMicrosoft-Windows-BfeTriggerProviderMicrosoft-Windows-Media-StreamingMicrosoft-Windows-Remotefs-UTProviderMicrosoft-Windows-Ntfs-SQMMicrosoft-Windows-User-PnPMicrosoft-Windows-AltTabMicrosoft-Windows-Kernel-StoreMgrMicrosoft-Windows-WindowsColorSystemMicrosoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-TransportMicrosoft-Windows-MSMPEG2ADECMicrosoft-Windows-TerminalServices-PnPDevicesMicrosoft-Windows-GettingStartedMicrosoft-Windows-NarratorWindows Wininit TraceMicrosoft-Windows-FileHistory-UIMicrosoft-Windows-MediaFoundation-PlayAPIMicrosoft-Windows-CertificateServicesClient-Lifecycle-SystemMicrosoft-Windows-BitLocker-Driver-PerformanceMicrosoft-Windows-PerfProcMicrosoft-Windows-Resource-Leak-DiagnosticMicrosoft-Windows-WebServicesMicrosoft-Windows-FileHistory-ServiceMicrosoft-Windows-MediaEngineMicrosoft-Windows-StartupRepairMicrosoft-Windows-Security-IdentityStoreMicrosoft-Windows-IME-SCSettingMicrosoft-Windows-FileHistory-EventListenerMicrosoft-Windows-Program-Compatibility-AssistantMicrosoft-Windows-DesktopActivityModeratorMicrosoft-Windows-MemoryDiagnostics-ScheduleMicrosoft-Windows-FileHistory-EngineMicrosoft-Windows-PerfDiskMicrosoft-Windows-OOBE-Machine-CoreMicrosoft-Windows-WLAN-AutoConfigMicrosoft-Windows-FileHistory-ConfigManagerMicrosoft-Windows-Search-ProfileNotifyMicrosoft-Windows-PerfCtrsUMPass Driver TraceMicrosoft-Windows-FileHistory-CatalogMicrosoft-Windows-WlanDlgMicrosoft-Windows-CDROMMicrosoft-Windows-Crypto-NCryptCertificate Services Client CredentialRoaming TraceMicrosoft-Windows-CredUIWindows Firewall ServiceMicrosoft-Windows-FileHistory-CoreMicrosoft-Windows-Direct3D11Microsoft-Windows-DirectoryServices-DeploymentMicrosoft-Windows-All-User-Install-AgentMicrosoft-Windows-Kernel-Licensing-StartServiceTriggerMicrosoft-Windows-ServerManager-ManagementProviderMicrosoft-Windows-Diagnosis-ScriptedDiagnosticsProviderMicrosoft-Windows-IIS-W3SVC-WPMicrosoft-Windows-TerminalServices-MediaRedirection-DShowMicrosoft-Windows-Rdms-UIMicrosoft-Windows-Feedback-Service-TriggerProviderMicrosoft-Windows-EventlogMicrosoft-Windows-CodeIntegrityMicrosoft-Windows-WPDClassInstallerMicrosoft-Windows-NetworkAccessProtectionMicrosoft-Windows-UIAutomationCoreMicrosoft-Windows-StartLmhostsMicrosoft-Windows-IME-BrokerMicrosoft-Windows-Kernel-ProcessMicrosoft-Windows-CertificateServicesClientMicrosoft-Windows-AppXDeploymentMicrosoft-Windows-Shell-CoreMicrosoft-Windows-Anytime-UpgradeMicrosoft-Windows-PCIMicrosoft-Windows-WPD-MTPBTMicrosoft-Windows-CertificationAuthorityClient-CertCliMicrosoft-Windows-Srv2Microsoft-Windows-TunnelDriver-SQM-ProviderMicrosoft-Windows-Security-Licensing-SLCMicrosoft-Windows-ATAPortMicrosoft-Windows-RecoveryMicrosoft-Windows-GenericRoamingMicrosoft-Windows-Sdbus-SQMMicrosoft-Windows-DirectCompositionMicrosoft-Windows-P2PIMSvcMicrosoft-Windows-WCN-Config-RegistrarMicrosoft-Windows-WPD-APIMicrosoft-Windows-P2P-PNRPMicrosoft-Windows-DeviceUxWindows Mobile Performance HooksMicrosoft-Windows-ProcessStateManagerWindows Connect NowMicrosoft-Windows-Networking-RealTimeCommunicationMicrosoft-Windows-EventSystemMicrosoft-Windows-SpaceportWindows Mobile Remote APIMicrosoft-Windows-Dhcp-Nap-Enforcement-ClientMicrosoft-Windows-WinNatWindows Mobile AirSync Engine 2Microsoft-Windows-WCN-Config-Registrar-SecureWindows Mobile AirSync Engine 1Microsoft-Windows-Security-KerberosWindows Mobile ActiveSync EngineMicrosoft-Windows-WSC-SRVMicrosoft-Windows-Eventlog-ForwardPluginWindows Mobile Serial ConnectivityMicrosoft-Windows-TerminalServices-SessionBroker-ClientMicrosoft-Windows-WMPNSS-PublicAPIWindows Mobile Desktop PassthroughMicrosoft-Windows-RPC-EventsMicrosoft-Windows-LanguageProfileMicrosoft-Windows-Anytime-Upgrade-EventsMicrosoft-Windows-Management-UIMicrosoft-Windows-SMBClientMicrosoft-Windows-TerminalServices-RdpSoundDriverMicrosoft-Windows-Dwm-ApiMicrosoft-Windows-QoS-qWAVEMicrosoft-Windows-Kernel-Tm-TriggerMicrosoft-Windows-IPNATMicrosoft-Windows-NetworkBridgeMicrosoft-Windows-MPS-CLNTMicrosoft-Windows-Diagnosis-ScheduledMicrosoft-Windows-WMPNSS-ServiceMicrosoft-Windows-DxpTaskRingtoneMicrosoft-Windows-Kernel-AppCompatMicrosoft-Windows-TimeBrokerMicrosoft-Windows-DeviceConfidenceMicrosoft-Windows-Shell-ShwebsvcMicrosoft-Windows-Diagnostics-PerformanceWindows NetworkMap TraceMicrosoft-Windows-TerminalServices-PrintersMicrosoft-Windows-AppLockerMicrosoft-Windows-AudioMicrosoft-Windows-LLTD-MapperIOMicrosoft-Windows-HotspotAuthMicrosoft-Windows-Firewall-CPLMicrosoft-Windows-Kernel-IoTraceMicrosoft-Windows-PerflibMicrosoft-Windows-BootUXMicrosoft-Windows-WMPDMCUIMicrosoft-Windows-DiskMicrosoft-Windows-IME-JPLMPMicrosoft-Windows-Security-SPP-UX-NotificationsMicrosoft-Windows-TerminalServices-ClientActiveXCoreMicrosoft-Windows-IIS-IISResetMicrosoft-Windows-WindowsUIImmersiveWindows Firewall Control PanelMicrosoft-Windows-DeviceSetupManagerMicrosoft-Windows-EnrollmentPolicyWebServiceMicrosoft-Windows-IME-RoamingMicrosoft-Windows-SetupQueueMicrosoft-Windows-SmartCard-AuditMicrosoft-Windows-ServicingMicrosoft-Windows-ACL-UIMicrosoft-Windows-WWAN-CFEMicrosoft-Windows-FCRegSvcMicrosoft-Windows-IIS-IisMetabaseAuditMicrosoft-Windows-Kernel-WDIMicrosoft-Windows-TabletPC-MathInputMicrosoft-Windows-Kernel-GeneralWindows Media Player TraceMicrosoft-Windows-DxpTaskDLNAMicrosoft-Windows-User Profiles GeneralMicrosoft-Windows-Kernel-WSService-StartServiceTriggerMicrosoft-Windows-WebAuthMicrosoft-Windows-API-TracingMicrosoft-Windows-FunctionDiscoveryMicrosoft-Windows-StickyNotesMicrosoft-Windows-WCN-WscEapPeer-TraceMicrosoft-Windows-QoS-WMI-DiagMicrosoft-Windows-NetworkProvisioningMicrosoft-Windows-Network-DataUsageMicrosoft-Windows-AppSruProvMicrosoft-Windows-WebcamExperienceMicrosoft-Windows-EaseOfAccessMicrosoft-Windows-Spellchecking-HostMicrosoft-Windows-IME-CandidateUIMicrosoft-Windows-TPM-WMIMicrosoft-Windows-Security-SPPMicrosoft-Windows-DirectShow-KernelSupportMicrosoft-Windows-Diagnosis-AdvancedTaskManagerMicrosoft-Windows-ThemeCPLWindows Mobile Co-installerMicrosoft-Windows-MPRMSGMicrosoft-Windows-EnhancedStorage-EhStorCertDrvMicrosoft-Windows-NdisImPlatformEventProviderMicrosoft-Windows-FunctionDiscoveryHostMicrosoft-Windows-MediaFoundation-MSVideoDSPMicrosoft-Windows-IME-JPTIPWindows Kernel TraceMicrosoft-SQLServerDataToolsMicrosoft-Windows-ASN1Microsoft-Windows-Crypto-BCryptMicrosoft-Windows-HealthCenterCPLMicrosoft-Windows-XAMLMicrosoft-Windows-PDFReaderMicrosoft-Windows-TerminalServices-ServerUSBDevicesMicrosoft-Windows-WWAN-SVC-EVENTSMicrosoft-Windows-Search-ProtocolHandlersMicrosoft-Windows-IdCtrlsMicrosoft-Windows-User-ControlPanelMicrosoft-Windows-Runtime-MediaMicrosoft-Windows-CAPI2Windows Mobile Sync HandlersMicrosoft-Windows-PowerCfgMicrosoft-Windows-SrumTelemetryMicrosoft-Windows-Base-Filtering-Engine-ConnectionsMicrosoft-Windows-SidebarMicrosoft-Windows-NDF-HelperClassDiscoveryMicrosoft-Windows-PerfNetMicrosoft-Windows-PortableDeviceStatusProviderMicrosoft-Windows-TabletPC-Platform-ManipulationsMicrosoft-Windows-Subsys-SMSSMicrosoft-Windows-LDAP-ClientMicrosoft-Windows-Security-SPP-UX-GCMicrosoft-Windows-Media Center ExtenderMicrosoft-Windows-DiskDiagnosticMicrosoft-Windows-TSF-msutbMicrosoft-Windows-Reliability-Analysis-Agent{B6501BA0-C61A-C4E6-6FA2-A4E7F8C8E7A0}Microsoft-Windows-Kernel-Processor-PowerMicrosoft-Windows-NCSIMicrosoft-Windows-NetworkConnectivityStatusMicrosoft-Windows-wmvdecodMicrosoft-Windows-ServiceTriggerPerfEventProviderMicrosoft-Windows-Service Pack InstallerMicrosoft-Windows-Bluetooth-HidGattMicrosoft-Windows-TabletPC-Platform-Input-NinputMicrosoft-Windows-Tcpip-SQM-ProviderMicrosoft-Windows-MPS-SRVMicrosoft-Windows-KnownFoldersMicrosoft-Windows-NAPIPSecEnfMicrosoft-Windows-EnrollmentWebServiceMicrosoft-Windows-Deduplication-ChangeMicrosoft-Windows-OfflineFiles-CscFastSyncMicrosoft-Windows-UxInitMicrosoft-Windows-BranchCacheClientEventProviderMicrosoft-Windows-ForwardingMicrosoft-Windows-RPC-Proxy-LBSMicrosoft-Windows-Kernel-DiskMicrosoft-Windows-TriggerEmulatorProviderMicrosoft-Windows-SystemHealthAgentMicrosoft-Windows-Memory-Diagnostic-Task-HandlerMicrosoft-Windows-Winsock-WS2HELPMicrosoft-Windows-ThemeUIMicrosoft-Windows-TerminalServices-MediaRedirectionMicrosoft-Windows-TerminalServices-ClientUSBDevicesMicrosoft-Windows-TabletPC-CoreInkRecognitionMicrosoft-Windows-COMMicrosoft-Windows-PnPMgrTriggerProviderMicrosoft-Windows-LoadPerfMicrosoft-Windows-System-RestoreMicrosoft-Windows-UserAccountControlMicrosoft-Windows-Services-SvchostMicrosoft-Windows-PushNotifications-DeveloperMicrosoft-Windows-LiveIdMicrosoft-Windows-Security-SPP-UXMicrosoft-Windows-VANMicrosoft-Windows-FirstUX-PerfInstrumentationMicrosoft-Windows-Kernel-TmMicrosoft-Windows-Kernel-ShimEngineMicrosoft-Windows-EapHostMicrosoft-Windows-CertPolEngMicrosoft-Windows-MsLbfoEventProviderMicrosoft-Windows-ComplusMicrosoft-Windows-EFSMicrosoft-Windows-WwaHostMicrosoft-Windows-ServerManagerMicrosoft-Windows-ComDlg32Microsoft-Windows-MP4SDECDMicrosoft-Windows-PeopleNearMeMicrosoft-Windows-SmartCard-Bluetooth-ProfileMicrosoft-Windows-TZUtilMicrosoft-Windows-ApplicationExperience-SwitchBackMicrosoft-Windows-UI-Input-InkingMicrosoft-Windows-VDRVROOTWindows Firewall NetShell PluginWindows Firewall APIMicrosoft-Windows-Kernel-AcpiMicrosoft-Windows-WinRMMicrosoft-Windows-Direct3D10_1Microsoft-Windows-Kernel-LicensingSqmMicrosoft-Windows-SpoolerSpoolssMicrosoft-Windows-FilterManagerMicrosoft-Windows-ActionQueueMicrosoft-Windows-IME-KRAPIMicrosoft-Windows-Resource-Exhaustion-DetectorMicrosoft-Windows-ApplicationExperienceInfrastructureMicrosoft-Windows-StorSqmMicrosoft-Windows-SearchMicrosoft-Windows-HttpEventMicrosoft-Windows-AxInstallServiceMicrosoft-Windows-Diagnosis-PerfHostMicrosoft-Windows-InternationalMicrosoft-Windows-CertificateServicesClient-CredentialRoamingMicrosoft-Windows-SoftwareRestrictionPoliciesMicrosoft-Windows-Windows DefenderMicrosoft-Windows-ShareMedia-ControlPanelMicrosoft-Windows-CertificateServicesClient-Lifecycle-UserMicrosoft-Windows-WPD-MTPUSMicrosoft-Windows-DirectWriteMicrosoft-Windows-RPCSSMicrosoft-Windows-DeviceSyncMicrosoft-Windows-NcdAutoSetupMicrosoft-Windows-Diagnosis-PCWMicrosoft-Windows-DistributedCOMATA Port Driver Tracing ProviderMicrosoft-Windows-WebdavClient-LookupServiceTriggerMicrosoft-Windows-USB-USBXHCIMicrosoft-Windows-Diagnosis-PLAMicrosoft-Windows-WlanConnMicrosoft-Windows-WinlogonMicrosoft-Windows-stobjectMicrosoft-Windows-Mobile-Broadband-Experience-SmsRouterMicrosoft-Windows-D3D10Level9Microsoft-Windows-WAS-ListenerAdapterMicrosoft-Windows-ServerManager-MultiMachineMicrosoft-Windows-AppxPackagingOMMicrosoft-Windows-PushNotifications-PlatformMicrosoft-Windows-OOBE-Machine-Plugins-WirelessMicrosoft-Windows-IME-JPAPISBP2 Port Driver Tracing ProviderMicrosoft-Windows-BranchCacheEventProviderMicrosoft-Windows-Immersive-Shell-APIMicrosoft-Windows-ntshruiMicrosoft-Windows-KPSSVCMicrosoft-Windows-BitLocker-DrivePreparationToolMicrosoft-Windows-EapMethods-SimMicrosoft-Windows-Shell-ZipFolderMicrosoft-Windows-Search-CoreMicrosoft-Windows-OfflineFiles-CscNetApiMicrosoft-Windows-Diagnosis-WDIMicrosoft-Windows-PortableDeviceSyncProviderMicrosoft-Windows-Diagnostics-PerfTrack-CountersMicrosoft-Windows-Speech-TTSMicrosoft-Windows-Component-Resources-MrmCore-EventsMicrosoft-Windows-BranchCacheMicrosoft-Windows-SystemEventsBrokerMicrosoft-Windows-VolumeControlMicrosoft-Windows-Win32kMicrosoft-Windows-Kernel-WHEAMicrosoft-Windows-P2P-MeetingsMicrosoft-Windows-Diagnosis-WDCMicrosoft-Windows-Serial-ClassExtensionMicrosoft-Windows-KPSSVC-WPPMicrosoft-Windows-CertificateServices-DeploymentMicrosoft-Windows-PerfOSMicrosoft-Windows-ResetEngMicrosoft-Windows-Runtime-GraphicsMicrosoft-Windows-IPSEC-SRVMicrosoft-Windows-CorruptedFileRecovery-ServerWindows Mobile Bluetooth ConnectivityMicrosoft-Windows-DLNA-NamespaceMicrosoft-Windows-WLAN-MediaManagerCertificate Services Client TraceMicrosoft-Windows-BranchCacheSMBMicrosoft-Windows-PrintService-USBMonMicrosoft-Windows-OOBE-MachineMicrosoft-Windows-DXPMicrosoft-Windows-Immersive-ShellMicrosoft-Windows-OOBE-Machine-PluginsMicrosoft-Windows-Reliability-Analysis-EngineMicrosoft-Windows-Application-ExperienceMicrosoft-Windows-KdsSvcMicrosoft-Windows-MediaFoundation-PlatformMicrosoft-Windows-Security-Configuration-WizardMicrosoft-Windows-DisplayColorCalibrationWindows Mobile Device Center BaseMicrosoft-Windows-WPD-MTPClassDriverMicrosoft-Windows-DNS-ClientMicrosoft-Windows-MSDTC ClientMicrosoft-Windows-NDIS-PacketCaptureWindows Remote Management TraceMicrosoft-Windows-MSPaintMicrosoft-Windows-HomeGroup-ListenerServiceMicrosoft-Windows-Sensor-Service-TriggerMicrosoft-Windows-EapMethods-TtlsMicrosoft-Windows-Remotefs-SmbMicrosoft-Windows-SMBWitnessClientMicrosoft-Windows-USB-USBHUBMicrosoft-Windows-DirectWrite-FontCacheMicrosoft-Windows-WindowsBackupMicrosoft-Windows-NWiFiMicrosoft-Windows-WER-DiagMicrosoft-Windows-UACMicrosoft-Windows-LUAMicrosoft-Windows-AppIDMicrosoft-Windows-IIS-WMSVCMicrosoft-Windows-Shell-OpenWithMicrosoft-Windows-MediaFoundation-MFReadWriteMicrosoft-Windows-BrokerInfrastructureMicrosoft-Windows-Fault-Tolerant-HeapMicrosoft-Windows-Shell-DefaultProgramsMicrosoft-Windows-Dism-CliMicrosoft-Windows-SMBDirectMicrosoft-Windows-IME-SCTIPMicrosoft-Windows-EnergyEfficiencyWizardMicrosoft-Windows-ParentalControlsMicrosoft-Windows-Smartcard-ServerMicrosoft-Windows-FMSMicrosoft-Windows-Devices-LocationMicrosoft-Windows-LLTD-ResponderMicrosoft-Windows-MsLbfoSysEvtProvidersqlosMicrosoft-Windows-TerminalServices-RemoteConnectionManagerMicrosoft-Windows-SCPNPMicrosoft-Windows-WordpadWMI_Tracing_Client_OperationsMicrosoft-Windows-Security-Audit-Configuration-ClientMicrosoft-Windows-EFSADUWindows Notification Facility ProviderMicrosoft-Windows-DiagCplWindows NetworkItemFactory TraceMicrosoft-Windows-ApplicationExperience-CacheMicrosoft-Windows-ResourcePublicationMicrosoft-Windows-FailoverClustering-ClientMicrosoft-Windows-Runtime-Networking-BackgroundTransferMicrosoft-Windows-AppHostMicrosoft-Windows-NetAdapterCim-DiagMicrosoft-Windows-IIS-FTPMicrosoft-Windows-IphlpsvcMicrosoft-Windows-WinINetMicrosoft-Windows-TabletPC-InputPersonalizationMicrosoft-Windows-SpoolerFilterPipelineSVCMicrosoft-Windows-GlobalizationMicrosoft-Windows-Bits-ClientMicrosoft-Windows-WFPMicrosoft-Windows-ServicesMicrosoft-Windows-IdleTriggerProviderMicrosoft-Windows-DxgKrnlMicrosoft-Windows-HealthCenterMicrosoft-Windows-OtpCredentialProviderEvtMicrosoft-Windows-MemoryDiagnostics-ResultsMicrosoft-Windows-NcasvcMicrosoft-Windows-SystemSettingsMicrosoft-Windows-PDHMicrosoft-Windows-WMPNSSUIMicrosoft-Windows-BdeTriggerProviderMicrosoft-Windows-Diagnostics-PerfTrackMicrosoft-Windows-IIS-APPHOSTSVCMicrosoft-Windows-CoreWindowMicrosoft-Windows-HelpMicrosoft-Windows-WindowsUpdateClientMicrosoft-Windows-IIS-W3SVC-PerfCountersMicrosoft-Windows-WMIMicrosoft-Windows-TabletPC-Platform-Input-WispMicrosoft-Windows-ProcessExitMonitorMicrosoft-Windows-IME-JPSettingMicrosoft-Windows-Diagnosis-ScriptedMicrosoft-Windows-GroupPolicyTriggerProviderFile Kernel Trace; Operation Set 2Microsoft-Windows-IIS-ConfigurationMicrosoft-Windows-Diagnosis-TaskManagerMicrosoft-Windows-Diagnosis-DPSMicrosoft-Windows-UserPnpMicrosoft-Windows-Security-SPP-UX-GenuineCenter-LoggingMicrosoft-Windows-Schannel-EventsNetJoinMicrosoft-Windows-TabletPC-InputPanelMicrosoft-Windows-FileServices-ServerManager-EventProviderMicrosoft-Windows-MediaFoundation-PerformanceMicrosoft-Windows-EndpointTriggerProviderMicrosoft-Windows-IME-KRTIPMicrosoft-Windows-Mobile-Broadband-Experience-SmsApiMicrosoft-Windows-Hyper-V-NetvscMicrosoft-Windows-DirectSoundMicrosoft-Windows-TabletPC-Platform-Input-CoreMicrosoft-Windows-PushNotifications-InProcMicrosoft-Windows-Kernel-NetworkMicrosoft-Windows-DiskDiagnosticResolverMicrosoft-Windows-NdisImPlatformSysEvtProviderMicrosoft-Windows-MeetingSpaceMicrosoft-Windows-Base-Filtering-Engine-Resource-FlowsMicrosoft-Windows-RasServerMicrosoft-Windows-VHDMPMicrosoft-Windows-WindowsSystemAssessmentToolMicrosoft-Windows-DCLocatorMicrosoft-Windows-Diagnosis-MSDTMicrosoft-Windows-WLGPASQLSRV32.1Microsoft-Windows-CertificateServicesClient-CertEnrollMicrosoft-Windows-IME-TCCOREMicrosoft-Windows-SmartCard-Bluetooth-TransportMicrosoft-Windows-WMVENCODMicrosoft-Windows-mobsyncMicrosoft-Windows-EFSTriggerProviderMicrosoft-Windows-DUSERMicrosoft-Windows-DiskDiagnosticDataCollectorMicrosoft-Windows-DirectAccess-MediaManagerMicrosoft-Windows-DisplaySwitchMicrosoft-Windows-PackageStateRoamingMicrosoft-Windows-Crypto-DPAPIMicrosoft-Windows-IME-CustomerFeedbackManagerUIsqlserverMicrosoft-Windows-User-LoaderMicrosoft-Windows-NetworkProfileTriggerProviderMicrosoft-Windows-NetworkProfileWindows Firewall API - GPMicrosoft-Windows-CmiSetupMicrosoft-Windows-SysprepMicrosoft-Windows-WindeployMicrosoft-Windows-SetupMicrosoft-Windows-OobeLdrMicrosoft-Windows-SetupUGCMicrosoft-Windows-AuditMicrosoft-Windows-SetupClMicrosoft-Windows-WinsrvMicrosoft-Windows-WinHttpMicrosoft-Windows-RadioManagerMicrosoft-Windows-Websocket-Protocol-ComponentMicrosoft-Windows-WebIOMicrosoft-Windows-Dwm-CoreMicrosoft-Windows-Registry-SQM-ProviderMicrosoft-Windows-WHEA-LoggerMicrosoft-Windows-PeerToPeerDrtEventProviderMicrosoft-Windows-BitLocker-DriverMicrosoft-Windows-SettingSyncMicrosoft-Windows-Mobile-Broadband-Experience-Api-InternalMicrosoft-Windows-EnhancedStorage-EhStorTcgDrvMicrosoft-Windows-PowerShellMicrosoft-Windows-DirectShow-CoreMicrosoft-Windows-Kernel-PowerMicrosoft-Windows-msmpeg2vencMicrosoft-Windows-MPEG2_DLNA-EncoderMicrosoft-Windows-Remote-FileSystem-LogMicrosoft-Windows-Kernel-PnPMicrosoft-Windows-AppXDeployment-ServerMicrosoft-Windows-Folder RedirectionMicrosoft-Windows-OfflineFiles-CscUMMicrosoft-Windows-ServerManager-DeploymentProviderMicrosoft-Windows-ServiceReportingApiMicrosoft-Windows-StorDiagMicrosoft-Windows-IME-CustomerFeedbackManagerMicrosoft-Windows-Kernel-EventTracingMicrosoft-Windows-Kernel-BootDiagnosticsMicrosoft-Windows-DXGIMicrosoft-Windows-Build-RegDllMicrosoft-Windows-PNRPSvcMicrosoft-Windows-NduMicrosoft-Windows-FirewallMicrosoft-Windows-WcmsvcMicrosoft-Windows-OLEACCMicrosoft-Windows-MSDTC Client 2Microsoft-Windows-InputSwitchMicrosoft-Windows-Runtime-WebAPIMicrosoft-Windows-HALMicrosoft-Windows-International-RegionalOptionsControlPanelMicrosoft-Windows-RPCMicrosoft-Windows-MFH264EncMicrosoft-Windows-SharedAccess_NATMicrosoft-Windows-DeviceAssociationServiceMicrosoft-Windows-Bluetooth-MTPEnumMicrosoft-Windows-BitLocker-API{C5BFFE2E-9D87-D568-A09E-08FC83D0C7C2}Microsoft-Windows-IPMIProviderMicrosoft-Windows-IME-TIPMicrosoft-Windows-WindowsToGo-StartupOptionsMicrosoft-Windows-BackupMicrosoft-Windows-WMP-MediaDeliveryEngineMicrosoft-Windows-PrintBRMMicrosoft-Windows-ServerManager-ConfigureSMRemotingMicrosoft-Windows-Video-For-WindowsMicrosoft-Windows-ClearTypeTextTunerMicrosoft-Windows-Subsys-CsrMicrosoft-Windows-USB-UCXMicrosoft-Windows-RemoteApp and Desktop ConnectionsWindows Winlogon TraceMicrosoft-Windows-RasSstpMicrosoft-Windows-UAC-FileVirtualizationMicrosoft-Windows-ClassicSruMonMicrosoft-Windows-Security-IdentityListenerMicrosoft-Windows-WWAN-MM-EVENTSMicrosoft-Windows-MsiServerMicrosoft-Windows-PhotoAcqMicrosoft-Windows-Power-TroubleshooterMicrosoft-Windows-DxpTaskSyncProviderMicrosoft-Windows-Remotefs-RdbssMicrosoft-Windows-AppIDServiceTriggerMicrosoft-Windows-Kernel-FileMicrosoft-Windows-TSF-msctfMicrosoft-Windows-PowerCplMicrosoft-Windows-LanGPAMicrosoft-Windows-WWAN-MediaManagerMicrosoft-Windows-PrimaryNetworkIconMicrosoft-Windows-OfflineFilesMicrosoft-Windows-UIAnimationMicrosoft-Windows-Security-AuditingMicrosoft-Windows-WCN-Config-Registrar-Wizard-TraceMicrosoft-Windows-WWAN-NDISUIO-EVENTSMicrosoft-Windows-NetworkManagerTriggerProviderMicrosoft-Windows-Winsock-AFDMicrosoft-Windows-Remote-FileSystem-MonitorMicrosoft-Windows-WABSyncProvider.NET Common Language RuntimeMicrosoft-Windows-MSMPEG2VDECMicrosoft-Windows-DateTimeControlPanelWindows Firewall DriverMicrosoft-Windows-IIS-W3SVCMicrosoft-Windows-WWAN-UI-EVENTSMicrosoft-Windows-Speech-UserExperienceMicrosoft-Windows-Dism-ApiMicrosoft-Windows-Store-Client-UIMicrosoft-Windows-CalculatorMicrosoft-Windows-Shell-ConnectedAccountStateMicrosoft-Windows-PrintDialogsMicrosoft-Windows-Network-and-Sharing-CenterMicrosoft-Windows-Crypto-RNGMicrosoft-Windows-MSDTC 2Microsoft-Windows-SpellCheckerMicrosoft-Windows-propsysMicrosoft-Windows-WPD-MTPIPMicrosoft-Windows-DocumentsMicrosoft-Windows-StorPortMicrosoft-Windows-MagnificationMicrosoft-Windows-Shell-AuthUIMicrosoft-Windows-Dwm-RedirMicrosoft-Windows-BTH-BTHUSBMicrosoft-Windows-NtfsMicrosoft-Windows-SensMicrosoft-Windows-UserAccessLoggingMicrosoft-Windows-RemoteDesktopServices-RdpCoreTSMicrosoft-Windows-COM-PerfMicrosoft-Windows-StorageSpaces-BackgroundAgentMicrosoft-Windows-Kernel-PrefetchPortable Device Connectivity API TraceMicrosoft-Windows-RemoteAssistanceMicrosoft-Windows-MFMicrosoft-Windows-MediaFoundation-MSVProcMicrosoft-Windows-TBSMicrosoft-Windows-FeedbackToolMicrosoft-Windows-WlanPrefMicrosoft-Windows-OfflineFiles-CscDclUserMicrosoft-Windows-Http-SQM-ProviderMicrosoft-Windows-Wireless-Network-Setup-Wizard-TraceMicrosoft-Windows-MCTMicrosoft-Windows-HotStartMicrosoft-Windows-Diagnostics-NetworkingMicrosoft-Windows-SensorsMicrosoft-Windows-SmbServerMicrosoft-Windows-USB-USBHUB3Microsoft-Windows-Dot3MMMicrosoft-Windows-KernelStreamingMicrosoft-Windows-Mobile-Broadband-Experience-ApiMicrosoft-Windows-VolumeSnapshot-DriverMicrosoft-Windows-MobilityCenterMicrosoft-Windows-OfflineFiles-CscServiceMicrosoft-Windows-SuperfetchMicrosoft-Windows-IPBusEnumMicrosoft-Windows-MprddmMicrosoft-Windows-Dwm-UdwmMicrosoft-Windows-AppModel-StateMicrosoft-Windows-WCN-FD-Provider-TraceMicrosoft-Windows-Resource-Exhaustion-ResolverMicrosoft-Windows-Iphlpsvc-TraceMicrosoft-Windows-WUSAMicrosoft-Windows-TerminalServices-LocalSessionManagerMicrosoft-Windows-RPC-FirewallManagerMicrosoft-Windows-WCN-Common-TraceMicrosoft-Windows-MediaFoundation-MFCaptureEngineMicrosoft-Windows-ReadyBoostDriverMicrosoft-Windows-DUIMicrosoft-Windows-WMP-Setup_WMMicrosoft-Windows-Direct3D10Microsoft-Windows-DfsSvcMicrosoft-Windows-IME-SCCOREMicrosoft-Windows-NTLMMicrosoft-Windows-VWiFiMicrosoft-Windows-Kernel-PnPConfigMicrosoft-Windows-Winsock-SQMMicrosoft-Windows-SpoolerSpoolSVMicrosoft-Windows-NetshellMicrosoft-Windows-UserModePowerServiceMicrosoft-Windows-HttpServiceHTTP Service TraceMicrosoft-Windows-D3D9Microsoft-Windows-AppModel-RuntimeMicrosoft-Windows-CEIPMicrosoft-Windows-Directory-Services-SAMMicrosoft-Windows-SpoolerTCPMonMicrosoft-Windows-ReadyBoostMicrosoft-Windows-L2NACPMicrosoft-Windows-LLTD-MapperMicrosoft-Windows-DeduplicationMicrosoft-Windows-HomeGroup-ControlPanelMicrosoft-Windows-Mobile-Broadband-Experience-Parser-TaskMicrosoft-Windows-DomainJoinManagerTriggerProviderMicrosoft-Windows-SruMonMicrosoft-Windows-ELS-HyphenationTCPIP Service TraceMicrosoft-Windows-DriverFrameworks-KernelModeMicrosoft-Windows-CorruptedFileRecovery-ClientMicrosoft-Windows-WMI-ActivityMicrosoft-Windows-COMRuntimeMicrosoft-Windows-WASMicrosoft-Windows-WnvMicrosoft-Windows-ShsvcsMicrosoft-Windows-NDISMicrosoft-Windows-WinMDEFile Kernel Trace; Operation Set 1Microsoft-Windows-Proximity-CommonMicrosoft-Windows-Ntfs-UBPMMicrosoft-Windows-Kernel-RegistryMicrosoft-Windows-RemoteDesktopServices-RemoteDesktopSessionManagerMicrosoft-Windows-TunnelDriverMicrosoft-Windows-QoS-PacerMicrosoft-Windows-EventCollectorMicrosoft-Windows-OOBE-Machine-DUIMicrosoft-Windows-IME-TCTIPMicrosoft-Windows-WCNWizMicrosoft-Windows-DisplayMicrosoft-Windows-OcSetupMicrosoft-Windows-DesktopWindowManager-DiagMicrosoft-Windows-FileInfoMinifilterMicrosoft-Windows-TextPredictionEngineMicrosoft-Windows-NetworkGCWMicrosoft-Windows-DHCPv6-ClientMicrosoft-Windows-PlayToManagerNDIS_STATUS_TCP_CONNECTION_OFFLOAD_CURRENT_CONFIGNDIS_STATUS_PORT_STATEMS_Windows_AeLookupServiceTrigger_ProviderMicrosoft_Windows_SQM_ProviderMS_Windows_AIT_ProviderNDIS_TCP_CONNECTION_OFFLOAD_CURRENT_CONFIGNDIS_TCP_OFFLOAD_CURRENT_CONFIGPARPORT_WMI_ALLOCATE_FREE_COUNTS_GUIDNDIS_GEN_ENUMERATE_PORTSGUID_QOS_TC_SUPPORTEDMS1394_PortVendorRegisterAccessGuidiSCSI_PersistentLoginsGuidiSCSI_PortalInfoClassGuidSerailPortPerfGuidPortClsEventUdpIpGuidTcpIpGuidiSCSI_OperationsGuidCTLGUID_usbportNDIS_STATUS_TCP_CONNECTION_OFFLOAD_HARDWARE_CAPABILITIESiSCSI_DiscoveryOperationsGuidSerialPortNameGuidCTLGUID_WebClntTracePOINTER_PORT_WMI_STD_DATA_GUIDKEYBOARD_PORT_WMI_STD_DATA_GUIDMSKeyboard_ClassInformationGuidNDIS_GEN_CO_MEDIA_SUPPORTEDMS_Windows_AeSwitchBack_ProviderSerialPortHWGuidMS_SM_PortInformationMethodsataport_CtlGuidstorport_CtlGuidMS1394_PortDriverInformationGuidBTHPORT_WMI_HCI_PACKET_INFOSerialPortCommGuidiScsiLBOperationsGuidMS_Windows_AeCache_ProviderNDIS_GEN_PORT_STATEWindowsBackup TracingControlGuidWmiMonitorListedSupportedSourceModes_GUIDNDIS_GEN_MEDIA_SUPPORTEDCTLGUID_certpropBTHPORT_WMI_SDP_SERVER_LOG_INFOKEYBOARD_PORT_WMI_EXTENDED_IDiSCSIRedirectPortalGuidNDIS_GEN_PORT_AUTHENTICATION_PARAMETERSBTHPORT_WMI_SDP_DATABASE_EVENTNDIS_TCP_CONNECTION_OFFLOAD_HARDWARE_CAPABILITIESiSCSI_TCPIPConfigGuidSerialPortPropertiesGuidPortCls_IrpProcessingiSCSI_SecurityConfigOperationsGuidNDIS_TCP_OFFLOAD_PARAMETERSPortCls_PowerStateMicrosoft_Windows_GameUxiSCSI_InitiatorLoginStatisticsGuidMS1394_PortErrorInformationGuidPortCls_PinStateCTLGUID_PortClsNDIS_TCP_OFFLOAD_HARDWARE_CAPABILITIESCTRLGUID_MF_PIPELINE.PX`i``.HBS&{%UD(_dump_wmi_guidentries failed, error %d, status %Xdump_wmi_guidentries failed, error %ddump_wmi_guidentries: cannot alloc %X bytes (total %d)dump_wmi_guidentries: read failed, error %d, status %Xdump_wmi_guidentries: read failed, error %dWMI guidentries: total %X readed %X:[%X] %X flag %X refcnt %X - %s[%X] %X flag %X refcnt %X %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2Xdump_wmi_regentries failed, error %d, status %Xdump_wmi_regentries failed, error %ddump_wmi_regentries: cannot alloc %X bytes (total %d)dump_wmi_regentries: read failed, error %d, status %Xdump_wmi_regentries: read failed, error %dWMI regentries: total %X readed %X:[%X] flags %X refcnt %X dev %p prov %X DS %p %s[%X] flags %X refcnt %X cb %p prov %X DS %p %sEtw[%d]:Type %X Index %X InternalCB %p (%s) %sType %X Index %X InternalCB %p %sType %X Index %X InternalCB %p (%s) ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XType %X Index %X InternalCB %p ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2Xdump_Etw: exception occured, code %Xdump_Etws: exception occured, code %XKPRCB.EtwSupport %p:KPRCB[%d].EtwSupport %p:read_kernel_etws count failed, error %d, ntstatus %Xread_kernel_etws count failed, error %dread_kernel_etws: cannot alloc %X bytesread_kernel_etws failed, error %d, ntstatus %Xread_kernel_etws failed, error %dKEtw[%X]:KEtw[%X]: RefCount %d, KProvider - %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XKEtw[%X]: RefCount %d %s[%X] %p %sType %X InUse %d Index %X InternalCB %p (%s) %sType %X InUse %d Index %X InternalCB %p %sType %X InUse %d Index %X InternalCB %p (%s) ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XType %X InUse %d Index %X InternalCB %p ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XEtwCallback[%d] %p %s:EtwCallback[%d]:EtwTrace[%d] %p Ctx %p %s:EtwTrace[%d] %p Ctx %p %s - %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XUnknown type %d for Etw[%d]DEVINTERFACE_MT_TRANSPORTDEVINTERFACE_KEYBOARDDEVINTERFACE_COMPORTDEVINTERFACE_VIAMINIPORTDEVINTERFACE_STORAGEPORTDEVINTERFACE_IRPORTcheck_pnp_notifiers failed, error %d, status %Xcheck_pnp_notifiers failed, error %dcheck_pnp_notifiers: cannot alloc %X bytes (total %d)check_pnp_notifiers: read failed, error %d, status %Xcheck_pnp_notifiers: read failed, error %dPnp Notifiers: total %d, readed %dPnp[%d] %p %s %s addr %pPnp[%d] %s %s addr %p %scheck_pnp_handlers failed, error %d, status %Xcheck_pnp_handlers failed, error %dPlugPlayHandlerTable: %d itemsPlugPlayHandlerTable[%d] %p %sPlugPlayHandlerTable[%d] %pcheck_sess_notify, error %d, status %Xcheck_sess_notify, error %dcheck_sess_notify: cannot alloc %X bytes (total %d)check_sess_notify: read failed, error %d, status %Xcheck_sess_notify: read failed, error %dIopSessionNotifications: %dSessionNotifier[%d]: class %d len %X session %p cb %p %scheck_sess_term_ntfs failed, error %d, status %Xcheck_sess_term_ntfs failed, error %dcheck_sess_term_ntfs: cannot alloc %X bytes (total %d)check_sess_term_ntfs: read failed, error %d, status %Xcheck_sess_term_ntfs: read failed, error %dLogonSessionTerminatedRoutines: %d[%d] %p %scheck_fs_changes failed, error %d, status %Xcheck_fs_changes failed, error %dcheck_fs_changes: cannot alloc %X bytes (total %d)check_fs_changes: read failed, error %d, status %Xcheck_fs_changes: read failed, error %dFS Change notifiers: %d (actual %d)DriverObj %p addr %p %sCannot read count for %s, error %dCount of %s is too big - %XCannot read %s table, error %dCannot read entry %d from table of %s, error %dcheck_vista_cmp_list get count failed, error %d, status %Xcheck_vista_cmp_list get count failed, error %dcheck_vista_cmp_list failed, error %d, status %Xcheck_vista_cmp_list failed, error %dcheck_ai_cbs: cannot read ExpDisQueryAttributeInformation, error %d, ntstatus %Xcheck_ai_cbs: cannot read ExpDisQueryAttributeInformation, error %dExpDisQueryAttributeInformation %p %scheck_ai_cbs: cannot read ExpDisSetAttributeInformation, error %d, ntstatus %Xcheck_ai_cbs: cannot read ExpDisSetAttributeInformation, error %dExpDisSetAttributeInformation %p %scheck_dbgk_lkmd: cannot read DbgkLkmd_cblist, error %d, ntstatus %Xcheck_dbgk_lkmd: cannot read DbgkLkmd_cblist, error %dDbgkLkmd[%d] callback %p %scheck_fsrtl: cannot read FltMgrCallbacks, error %d, ntstatus %Xcheck_fsrtl: cannot read FltMgrCallbacks, error %dFltMgrCallbacks: %p %scheck_fsrtl: cannot read FsRtlpMupCalls, error %d, ntstatus %Xcheck_fsrtl: cannot read FsRtlpMupCalls, error %dFsRtlpMupCalls: %p %scheck_Iof: cannot read pIofCallDriver, error %d, ntstatus %Xcheck_Iof: cannot read pIofCallDriver, error %dpIofCallDriver %p patched by %scheck_Iof: cannot read pIofCompleteRequest, error %d, ntstatus %Xcheck_Iof: cannot read pIofCompleteRequest, error %dpIofCompleteRequest %p patched by %scheck_Iof: cannot read pIoAllocateIrp, error %d, ntstatus %Xcheck_Iof: cannot read pIoAllocateIrp, error %dpIoAllocateIrp %p patched by %scheck_Iof: cannot read pIoFreeIrp, error %d, ntstatus %Xcheck_Iof: cannot read pIoFreeIrp, error %dpIoFreeIrp %p patched by %scheck_Iof: cannot read HvlpHypercallCodeVa, error %d, ntstatus %Xcheck_Iof: cannot read HvlpHypercallCodeVa, error %dHvlpHypercallCodeVa %p patched by %s%SystemRoot%\System32\sxssrv.dll%SystemRoot%\System32\csrsrv.dll%SystemRoot%\System32\basesrv.dll%SystemRoot%\System32\winsrv.dll%SystemRoot%\System32\lsasrv.dll%SystemRoot%\System32\ntdll.dllKiDebugRoutine %p hooked by %sPspLegoNotifyRoutine %p hooked by %sKiTimeUpdateNotifyRoutine %p hooked by %sKiSwapContextNotifyRoutine %p hooked by %sKiThreadSelectNotifyRoutine %p hooked by %sSysenter patched, addr %p not in %s !!!Mailslot: %SNamedPipe: %SDEVCLASS_MULTIPORTSERIALDEVCLASS_PORTSDEVCLASS_KEYBOARDDEVCLASS_APMSUPPORTread_dev_chrs(%S) failed, ntstatus %XDrvObj %p name %S %sDrvObj %p nameLen %X %sdev_props failed, status %XClassGUID: %SClassGUID: %S - %sCannot open directory %S, error %XCannot realloc %d bytesCannot open device directory, error %XCannot open driver directory, error %XCannot open FileSystem directory, error %XUnknown HAL private dispatch table version %XHalAcpiTimerInit: %p %sHalAcpiTimerCarry: %p %sHalAcpiMachineStateInit: %p %sHalAcpiQueryFlags: %p %sHalAcpiPicStateIntact: %p %sHalRestoreInterruptControllerState: %p %sHalPciInterfaceReadConfig: %p %sHalPciInterfaceWriteConfig: %p %sHalSetVectorState: %p %sHalGetApicVersion: %p %sHalSetMaxLegacyPciBusNumber: %p %sHalIsVectorValid: %p %sHalAcpiGetTableDispatch: %p %sHalAcpiGetRsdpDispatch: %p %sHalAcpiGetFacsMappingDispatch: %p %sHalAcpiGetAllTablesDispatch: %p %sHalAcpiPmRegisterAvailable: %p %sHalAcpiPmRegisterRead: %p %sHalAcpiPmRegisterWrite: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sKdSetupPciDeviceForDebugging: %p %sKdReleasePciDeviceforDebugging: %p %sKdGetAcpiTablePhase0: %p %sKdCheckPowerButton: %p %sHalVectorToIDTEntry: %p %sKdMapPhysicalMemory64: %p %sKdUnmapVirtualAddress: %p %sHalMmMemoryUsage: %p %sHalAllocateMapRegisters: %p %sKdGetPciDataByOffset: %p %sKdSetPciDataByOffset: %p %sHalGetInterruptVector: %p %sHalGetVectorInput: %p %sHalLoadMicrocode: %p %sHalUnloadMicrocode: %p %sHalMcUpdatePostUpdate: %p %sHalAllocateMessageTarget: %p %sHalFreeMessageTarget: %p %sHalDpReplaceBegin: %p %sHalDpReplaceTarget: %p %sHalDpReplaceControl: %p %sHalDpReplaceEnd: %p %sHalPrepareForBugcheck: %p %sHalQueryWakeTime: %p %sHalReportIdleStateUsage: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sHalAllocateMapRegisters: %p %sKdSetupPciDeviceForDebugging: %p %sKdReleasePciDeviceforDebugging: %p %sKdGetAcpiTablePhase0: %p %sKdCheckPowerButton: %p %sHalVectorToIDTEntry: %p %sKdMapPhysicalMemory64: %p %sKdUnmapVirtualAddress: %p %sKdGetPciDataByOffset: %p %sKdSetPciDataByOffset: %p %sHalGetInterruptVector: %p %sHalGetVectorInput: %p %sHalLoadMicrocode: %p %sHalUnloadMicrocode: %p %sHalMcUpdatePostUpdate: %p %sHalAllocateMessageTarget: %p %sHalFreeMessageTarget: %p %sHalDpReplaceBegin: %p %sHalDpReplaceTarget: %p %sHalDpReplaceControl: %p %sHalDpReplaceEnd: %p %sHalPrepareForBugcheck: %p %sHalQueryWakeTime: %p %sHalReportIdleStateUsage: %p %sHalTscSynchronization: %p %sHalWheaInitProcessorGenericSection: %p %sHalStopLegacyUsbInterrupts: %p %sHalReadWheaPhysicalMemory: %p %sHalWriteWheaPhysicalMemory: %p %sHalDpMaskLevelTriggeredInterrupts: %p %sHalDpUnmaskLevelTriggeredInterrupts: %p %sHalDpGetInterruptReplayState: %p %sHalDpReplayInterrupts: %p %sHalQueryIoPortAccessSupported: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sHalAllocateMapRegisters: %p %sKdSetupPciDeviceForDebugging: %p %sKdReleasePciDeviceforDebugging: %p %sKdGetAcpiTablePhase0: %p %sKdCheckPowerButton: %p %sHalVectorToIDTEntry: %p %sKdMapPhysicalMemory64: %p %sKdUnmapVirtualAddress: %p %sKdGetPciDataByOffset: %p %sKdSetPciDataByOffset: %p %sHalGetInterruptVector: %p %sHalGetVectorInput: %p %sHalLoadMicrocode: %p %sHalUnloadMicrocode: %p %sHalMcUpdatePostUpdate: %p %sHalAllocateMessageTarget: %p %sHalFreeMessageTarget: %p %sHalDpReplaceBegin: %p %sHalDpReplaceTarget: %p %sHalDpReplaceControl: %p %sHalDpReplaceEnd: %p %sHalPrepareForBugcheck: %p %sHalQueryWakeTime: %p %sHalReportIdleStateUsage: %p %sHalTscSynchronization: %p %sHalWheaInitProcessorGenericSection: %p %sHalStopLegacyUsbInterrupts: %p %sHalReadWheaPhysicalMemory: %p %sHalWriteWheaPhysicalMemory: %p %sHalInterruptMaskLevelTriggeredLines: %p %sHalInterruptUnmaskLevelTriggeredLines: %p %sHalDpGetInterruptReplayState: %p %sHalDpReplayInterrupts: %p %sHalQueryIoPortAccessSupported: %p %sKdSetupIntegratedDeviceForDebugging: %p %sKdReleaseIntegratedDeviceForDebugging: %p %sHalEnlightenmentInitialize: %p %sHalAllocateEarlyPages: %p %sHalMapEarlyPages: %p %sHalTimerGetClockOwner: %p %sHalTimerGetClockConfiguration: %p %sHalTimerNotifyProcessorFreeze: %p %sHalTimerPrepareProcessorForIdle: %p %sHalDiagRegisterLogRoutine: %p %sHalTimerResumeProcessorFromIdle: %p %sHalTimerResetLastClockTick: %p %sHalVectorToIDTEntryEx: %p %sHalSecondaryInterruptQueryPrimaryInformation: %p %sHalMaskInterrupt: %p %sHalUnmaskInterrupt: %p %sHalIsInterruptTypeSecondary: %p %sHalAllocateGsivForSecondaryInterrupt: %p %sHalAddInterruptRemapping: %p %sHalRemoveInterruptRemapping: %p %sHalSaveAndDisableEnlightenment: %p %sHalRestoreHvEnlightenment: %p %sHalPciEarlyRestore: %p %sHalInterruptGetLocalIdentifier: %p %sHalAllocatePmcCounterSet: %p %sHalCollectPmcCounters: %p %sHalFreePmcCounterSet: %p %sHalTimerQueryCycleCounter: %p %sHalTimerGetNextTickDuration: %p %sHalPciMarkHiberPhase: %p %sHalInterruptQueryProcessorRestartEntryPoint: %p %sHalInterruptRequestSecondaryInterrupt: %p %sHalInterruptEnumerateUnmaskedInterrupts: %p %sHalBiosDisplayReset: %p %sHalGetDmaAdapter: %p %sHalCheckPowerButton: %p %sHalMapPhysicalMemoryWriteThrough64: %p %sHalUnmapVirtualAddress: %p %sHalKdReadPCIConfig: %p %sHalKdWritePCIConfig: %p %sHalTimerQueryWakeTime: %p %sHalTimerReportIdleStateUsage: %p %sHalKdEnumerateDebuggingDevices: %p %sHalFlushIoRectangleExternalCache: %p %sHalPowerEarlyRestore: %p %sHalQueryCapsuleCapabilities: %p %sHalUpdateCapsule: %p %sHalPciMultiStageResumeCapable: %p %scheck_hal_private_disp_table: cannot read table, error %d, ntstatus %Xcheck_hal_private_disp_table: cannot read table, error %dcheck_hal_disp_table: cannot read table, error %d, ntstatus %Xcheck_hal_disp_table: cannot read table, error %dHalQuerySystemInformation: %p %sHalSetSystemInformation: %p %sHalQueryBusSlots: %p %sHalExamineMBR: %p %sHalIoReadPartitionTable: %p %sHalIoSetPartitionInformation: %p %sHalIoWritePartitionTable: %p %sHalReferenceHandlerForBus %p %sHalReferenceBusHandler %p %sHalDereferenceBusHandler %p %sHalInitPnpDriver %p %sHalInitPowerManagement %p %sHalGetDmaAdapter %p %sHalGetInterruptTranslator %p %sHalStartMirroring %p %sHalEndMirroring %p %sHalMirrorPhysicalMemory %p %sHalEndOfBoot %p %sHalMirrorVerify %p %sHalGetCachedAcpiTable %p %sHalSetPciErrorHandlerCallback %p %sread_hal_apci_disp_table return %X bytes, error %d, ntstatus %Xread_hal_apci_disp_table return %X bytes, error %dBad HalAcpiDispatchTable version: %Xread_gdt_size failed, error %d, ntstatus %Xread_gdt_size failed, error %dCannot alloc %d bytes for GDT entriesread_gdt failed, error %d, ntstatus %Xread_gdt failed, error %dDescriptor[%d] %s S %d DPL %d type %X base %X limit %XWinChecker::dump_ldt failed, error %X, ntstatus %XWinChecker::dump_ldt failed, error %XWinChecker::dump_ldt: cannot alloc ldt array, size %XLdt[%d]:Base: XLimit: XAVL: %dD/B: %dDPL: %dG: %dP: %dS: %dType: %dCannot read code for kinterrupt(%X) thunk, error %dIDT patched: unknown type %X selector %X addr %p for int%XIDT patched: unknown selector %X for int%XIDT patched: int%X has unknown selector %X base %X limit %X addr %pIDT patched: int%X addr %p by module %sIDT int%X addr %p KINTERRUPT %pIDT patched: int%X addr %pInt%X: selector %X type TASK DPL %X base %X limit %XInt%X: selector %X type %X DPL %X addr %p base %X limit %XInt%X: selector %X type %X DPL %X addr %pread_idt_size failed, error %d, ntstatus %Xread_idt_size failed, error %dread_idt: cannot alloc %d bytes for IDT storageread_idt failed, error %d, ntstatus %Xread_idt failed, error %dCannot read kinterrupt (%X), error %dKInterrupt %X (%p):Size %X type %XServiceRoutine %p %sDispatchAddress %p %scheck_ob_types: cannot read size of ObTypes list, error %d, ntstatus %Xcheck_ob_types: cannot read size of ObTypes list, error %dcheck_ob_types: cannot read %d bytes (readed %d), error %d, ntstatus %Xcheck_ob_types: cannot read %d bytes (readed %d), error %dfill_ob_type: cannot read ObType %S (%X), error %dCannot read ObType %S (%X), error %dObType %S:DumpProcedure: %p %sOpenProcedure: %p %sCloseProcedure: %p %sDeleteProcedure: %p %sParseProcedure: %p %sSecurityProcedure: %p %sQueryNameProcedure: %p %sOkayToCloseProcedure: %p %sZwAlpcConnectPortExZwOpenKeyTransactedExZwOpenKeyExZwOpenKeyTransactedZwCreateKeyTransactedZwAlpcSendWaitReceivePortZwAlpcImpersonateClientOfPortZwAlpcDisconnectPortZwAlpcDeletePortSectionZwAlpcCreatePortSectionZwAlpcCreatePortZwAlpcConnectPortZwAlpcAcceptConnectPortZwUnloadKey2ZwQueryOpenSubKeysExZwLoadKeyExZwQueryPortInformationProcessZwWaitForKeyedEventZwReleaseKeyedEventZwOpenKeyedEventZwCreateKeyedEventZwUnloadKeyExZwSaveKeyExZwRenameKeyZwLockRegistryKeyZwLockProductActivationKeysZwCompressKeyZwCompactKeysZwYieldExecutionZwUnloadKeyZwSetValueKeyZwSetThreadExecutionStateZwSetInformationKeyZwSetDefaultHardErrorPortZwSecureConnectPortZwSaveMergedKeysZwSaveKeyZwRestoreKeyZwRequestWaitReplyPortZwRequestPortZwReplyWaitReplyPortZwReplyWaitReceivePortExZwReplyWaitReceivePortZwReplyPortZwReplaceKeyZwRegisterThreadTerminatePortZwQueryValueKeyZwQueryOpenSubKeysZwQueryMultipleValueKeyZwQueryKeyZwQueryInformationPortZwOpenKeyZwNotifyChangeMultipleKeysZwNotifyChangeKeyZwLoadKey2ZwLoadKeyZwListenPortZwImpersonateClientOfPortZwFlushKeyZwEnumerateValueKeyZwEnumerateKeyZwDeleteValueKeyZwDeleteKeyZwDelayExecutionZwCreateWaitablePortZwCreatePortZwCreateNamedPipeFileZwCreateKeyZwConnectPortZwCompleteConnectPortZwAcceptConnectPortFindKiServiceTable: relocation type %d found at XCannot read body of %s !Cannot extract index of %s, error %dkernel %s don`t contains KeServiceDescriptorTable function !Cannot find SDT in %sCannot read ntdll.dllCannot read body of %s!Cannot read body of ZwYieldExecution!Cannot extract index of ZwYieldExecution, error %dCannot extract index of ZwPlugPlayControl , error %d%s: %pSDT entry %X (%s) hooked %p %s!SDT entry %X hooked %p %s!Need unhook %d items in SSDTUNHOOK_ITEM: Index %X Offset %XUnhook SSDT failed, lasterror %dUnhooked %d SSDT itemsNtUserSetProcessRestrictionExemptionNtUserAcquireIAMKeyNtGdiDdDDICreateKeyedMutex2NtGdiDdDDIOpenKeyedMutex2NtGdiDdDDIAcquireKeyedMutex2NtGdiDdDDIReleaseKeyedMutex2NtUserSetTHQAPublicKeyNtGdiDdDDIReleaseKeyedMutexNtGdiDdDDIAcquireKeyedMutexNtGdiDdDDIDestroyKeyedMutexNtGdiDdDDIOpenKeyedMutexNtGdiDdDDICreateKeyedMutexNtUserEndTouchOperationNtUserSfmDxReportPendingBindingsToDwmNtGdiDDCCIGetTimingReportNtUserUnregisterSessionPortNtUserRegisterSessionPortNtUserRegisterErrorReportingDialogNtGdiSetOPMSigningKeyAndSequenceNumbersNtGdiGetCertificateSizeNtGdiGetCertificateNtUserWaitForMsgAndEventNtUserVkKeyScanExNtUserUnregisterHotKeyNtUserUnlockWindowStationNtUserUnloadKeyboardLayoutNtUserUnhookWindowsHookExNtUserSetWindowStationUserNtUserSetWindowsHookExNtUserSetWindowsHookAWNtUserSetProcessWindowStationNtUserSetKeyboardStateNtUserSetImeHotKeyNtUserSetConsoleReserveKeysNtUserRegisterHotKeyNtUserOpenWindowStationNtUserMapVirtualKeyExNtUserLockWindowStationNtUserLoadKeyboardLayoutExNtUserGetProcessWindowStationNtUserGetKeyStateNtUserGetKeyNameTextNtUserGetKeyboardStateNtUserGetKeyboardLayoutNameNtUserGetKeyboardLayoutListNtUserGetImeHotKeyNtUserGetCPDNtUserGetAsyncKeyStateNtUserCreateWindowStationNtUserCloseWindowStationNtUserCheckImeHotKeyNtUserCallMsgFilterNtUserAlterWindowStyleNtUserActivateKeyboardLayoutNtGdiScaleViewportExtExNtGdiDvpWaitForVideoPortSyncNtGdiDvpUpdateVideoPortNtGdiDvpGetVideoPortConnectInfoNtGdiDvpGetVideoPortOutputFormatsNtGdiDvpGetVideoPortLineNtGdiDvpGetVideoPortInputFormatsNtGdiDvpGetVideoPortFlipStatusNtGdiDvpGetVideoPortFieldNtGdiDvpGetVideoPortBandwidthNtGdiDvpFlipVideoPortNtGdiDvpDestroyVideoPortNtGdiDvpCreateVideoPortNtGdiDvpCanCreateVideoPortNtGdiDdSetColorKeyread_shadow_sdt failed, error %dcheck_win32k_sdt: cannot alloc %d bytesCannot read win32k_sdt at %p size %X, error %dwin32k_sdt[%d] (%s) hooked, addr %p %swin32k_sdt[%d] hooked, addr %p %sGetNamedPipeServerProcessIdread_kddb read %X bytes, error %dcannot read MmNonPagedPoolStart (%p), error %dcannot read MmNonPagedPoolEnd (%p), error %dcannot read MmPagedPoolStart (%p), error %dcannot read MmPagedPoolEnd (%p), error %dcannot read KernelVerifier (%p), error %dWindowsType: %SETHREAD.StartAddress %XKiProcessorBlock: %p (%X)KernelVerifier: %XKeBugCheckCallbackList: %p (%X)WorkerRoutine: %p %sIdleFunction: %p %sIdleFunction: %p %sKPRCB[%d].WorkerRoutine: %p %sKPRCB[%d].IdleFunction: %p %sKPRCB[%d].IdleFunction: %p %sread_kpcr return %X bytes, error %d, ntstatus %Xread_kpcr return %X bytes, error %dKPCR[%d] %p major %X minor %XKPCR[%d] %pget_os_info return %X bytes, error %d, ntstatus %Xget_os_info return %X bytes, error %dNtMajorVersion: %dNtMinorVersion: %dBuildNumber: %dGlobalFlag: %XProcessors: %dMmVerifierFlags %dMmSystemSize %d %sDebuggerEnabled %dDebuggerNotPresent %dSafeBootMode %dNXSupportPolicy %XCR0 %8.8X %sCR4 %8.8X %sCannot open mailslot %S, error %dget_mail_slot_owner(%S): returned %d bytes, error %d, ntstatus %Xget_mail_slot_owner(%S): returned %d bytes, error %dCannot open named pipe %S, error %dGetNamedPipeServerProcessId(%S) failed, error %dget_named_pipe_owner(%S): returned %d bytes, error %d, ntstatus %Xget_named_pipe_owner(%S): returned %d bytes, error %dread_lpc_port_chars: len %d, returned %d bytes, error %d, ntstatus %Xread_lpc_port_chars: len %d, returned %d bytes, error %dread_unicode_string: len %d, returned %d bytes, error %d, ntstatus %Xread_unicode_string: len %d, returned %d bytes, error %dread_drivers_list: cannot get size of drivers list, returned %d bytes, error %d, ntstatus %Xread_drivers_list: cannot get size of drivers list, returned %d bytes, error %dread_drivers_list: cannot alloc %X bytes for driver listread_drivers_list: cannot read drivers list, error %d, ntstatus %Xread_drivers_list: cannot read drivers list, error %d%p:%X flags %X LoadCount %d %sread_KiThreadSelectNotifyRoutine failed, error %dread_KiSwapContextNotifyRoutine failed, error %dread_KiTimeUpdateNotifyRoutine failed, error %dread_PspLegoNotifyRoutine failed, error %dread_KiDebugRoutine failed, error %dread_msrs failed, error %d, ntstatus %Xread_msrs failed, error %dIManageProcess: Cannot OpenProcess %dIManageProcess: Cannot open process %dread_win32_process for PID %X failed, error %d, status %Xread_win32_process for PID %X failed, error %dread_dword(%p, PID %d) failed, error %d, ntstatus %Xread_dword(%p, PID %d) failed, error %dread_ptr(%p, PID %d) failed, error %d, ntstatus %Xread_ptr(%p, PID %d) failed, error %drp_ReadProcessMemory(%p size %X) from %p error %dread_token for PID %X failed, error %d, status %Xread_token for PID %X failed, error %dopen_proc(%d, access %X) failed, error %d, ntstatus %Xopen_proc(%d, access %X) failed, error %drp_OpenProcess(%d, access %X) dwRet %d, error %drp_TerminateProcess(%p, %X) dwRet %d, error %dMajor %d Minor %d BuildNumber %d PlatformId %d ServicePackMajor %d ServicePackMinor %d SuiteMask %d ProductType %d CSDVersion %SProductType: %XCannot open RPC control, error %Xmsgsvcsend_ILocalObjectExporterIVsShellIWbemLoginClientIDICertProtect_IBTFTPApiEvents_s_PasswordRecoverywininet_UrlCache_IObjectExporterWMsgAPIsWMsgKAPIsINCryptKeyIsoHttpProxyMgrProviderIKeySvcRWcnTransportRpcIPortResolveIWbemLoginHelperLRpcSIDKeyISmartCardRootCertsIDebugPortSupplier2IAsyncOperationIPipelineElementOnlineProviderCertInterfaceIBackgroundCopyJobHttpOptionsHttpProxyMgrClientIStaticPortMappingCollectionIKeySvcs_WindowsShutdownIWebBrowser2IDebugPortSupplierLocale2IUPnPHttpHeaderControlWINHTTP_AUTOPROXY_SERVICEIErcLuaSupportIDebugPortSupplier3IKeySvc2BackupKeyIWerReportICertPassageIStaticPortMappingIDebugPortSupplierEx2IWbemLevel1LoginIWebBrowserAppmsgsvcIShellWindowsRpcBindingFromStringBinding(%S) failed: %dRpcMgmtInqIfIds(%S) failed: %dRpcStringBindingCompose failed: %dRpcBindingFromStringBinding failed: %dRpcMgmtInqIfIds failed: %d%8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X version %d.%d : %s%8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X version %d.%d : (%s)RpcMgmtEpEltInqBegin failed: %dCannot read npc table, readed %X bytesrpcrt4%s.AddressChangeFn: %p %srpcrt4_hack::check_myself: exception %d occuredrpcrt4_hack::try_hack: cannot find RpcServerRegisterIfExI_RpcInitNdrImportsload_driver(%S) returned %XLoaded kernel driver: %SError loading kernel driver: %ls - 0xxError loading kernel driver: %S - 0xxError loading kernel driver: %S - OpenSCManager 0xxtcpipClientImmProcessKeyfnHkOPTINLPEVENTMSGfnHkINLPMSGfnSENTDDEMSGfnDWORDOPTINLPMSGRealMsgWaitForMultipleObjectsExPEB.KernelCallbackTable patched, %puser32_hack::try_hack: bad PE passeduser32_hack::try_hack: cannot read import tablepfnWowMsgBoxIndirectCallbackUnknown apfnDispatch size: %d%s_hack::try_hack: bad PE passed%s_hack::try_hack: cannot read exports, error %d%s_hack::try_hack: cannot find section .data%s_hack::try_hack: cannot read section .data%s_hack::try_hack: cannot read section .rdata%s_hack::try_hack: cannot find section .text%s_hack::try_hack: cannot read section .textDxgkReleaseKeyedMutex2DxgkAcquireKeyedMutex2DxgkOpenKeyedMutex2DxgkCreateKeyedMutex2DxgkReleaseKeyedMutexDxgkAcquireKeyedMutexDxgkDestroyKeyedMutexDxgkOpenKeyedMutexDxgkCreateKeyedMutexCannot read gDxgkInterface, readed %X bytesWindowHasShadowDisableProcessWindowsGhostingzzzUnhookWindowsHookxxxUpdateWindowsxxxArrangeIconicWindowsSetWindowStateClearWindowStateSetMsgBoxGetKeyboardTypeGetKeyboardLayoutRemotePassthruDisablexxxRemotePassthruEnableCannot read gpsi, readed %X bytesCannot read gpsi handlers, readed %X bytesCannot read apfnSimpleCall, readed %X bytesCannot read gapfnMessageCall, readed %X bytesCannot read gapfnScSendMessage, readed %X bytesCannot read gaNewProcAddresses, readed %X bytesCannot open logfile %SCannot create stop event, error %dDriver %S loaded from %SSrvGetConsoleKeyboardLayoutNameSrvSetConsoleKeyShortcutsSrvGetConsoleAliasExesSrvGetConsoleAliasExesLengthSrvVDMConsoleOperationSrvGetLargestConsoleWindowSizeSrvExitWindowsExwinsrv.dllUnknown size of ConsoleServerApiDispatchTable: %dUnknown size of UserServerApiDispatchTable: %dCallUserpExitWindowsExGetConsoleAliasExesInternalGetConsoleAliasExesLengthInternalSetConsoleKeyShortcutsGetConsoleKeyboardLayoutNameWorkerSetConsoleOutputCPInternalGetConsoleOutputCPGetLargestConsoleWindowSizereg_ccs_services::read failed - error %dCannot open key %S, error %dSafeSecondaryLog(%d) failed, error %dSafeSecondaryLog failed, error %dSafeSendLog(%d) failed, error %dSafeSendLog failed, error %dBad memory %p len %X in dump_hex_bufferCannot alloc %d bytes for delayed importsCannot alloc %d bytes for importsread_import_safe(%s) failed %XCannot realloc %d bytes for iatread_delayed_safe(%s) failed %Xstore2md_cache: cannot alloc %d bytesstore2md_cache: cannot realloc, alloced %d byteswdigest.dlltspkg.dllschannel.dllpku2u.dllnegoexts.dllmsv1_0.dlllivessp.dllkerberos.dllumpnpmgr.dllcombase.dllntdsa.dllntdll.dllcryptbase.dllncrypt.dllrpcrt4.dllimm32.dlluser32.dllkernelbase.dllkernel32.dlladvapi32.dllole32.dllCannot alloc %X bytes for relocsSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequiredWS2_32.dllRPCRT4.dllGetProcessHeapGetWindowsDirectoryAKERNEL32.dllRegCloseKeyRegOpenKeyExWRegOpenKeyExARegCreateKeyExWADVAPI32.dllGetWindowsDirectoryWGetCPInfoRegQueryInfoKeyWRegEnumKeyWzcÃ.?AVMyWindowsChecker@@.?AV?$rpcrt4_hack@U_IMAGE_NT_HEADERS@@@@.?AVtcpip_hack@@.?AV?$import_holder@U_IMAGE_NT_HEADERS@@@CMN@@.?AVinmem_import_holder@CMN@@.?AVimport_holder_intf@CMN@@.?AVmodule_import@CMN@@aR.RnX.UJ^Aw%xyWf.Gkf%0X0m0>$?(?,?0?3&4;456?90:77g77>7[7`7|76#8*878^8~811_10#101#2020 11h1J36%7S77*717>7[8=!>&>9>>>7&7@7l7Â8N8V8z8:);4;>;\;0%0X0= >$>(>,>0>?,?4?\?|?.----/01/01/01KERNEL32.DLLmscoree.dllU%SystemRoot%\system32\svchost.exe%SystemRoot%\system32\svchostWSOCKTRANSPORTTCPIP6TCPIPSTORPORTSTORMINIPORTSOFTPCISCSIPORTSCSIMINIPORTSBP2PORTFCPORTPassiveWatchdogTimeoutsImageExecutionOptionsErrorPortStartTimeoutErrorPortCommTimeoutDisablePagingExecutiveDebuggerMaxModuleMsgsCountOperationsB\\.\Psapi.dllsWindows PowerShelltHost Process for Windows TasksWindows Problem Reporting 32 bitWindows Problem ReportingWindows Modules InstallermWindows Start-Up ApplicationtWindows Search IndexersWindows Server Initial Configuration TasksWindows Media PlayerDump Reporting ToolError ReporterrWindows Control Panel 32 bitWindows Control PanelWindows Connect Now - Config Registrar ServiceWindows Media Player Network Sharing ServiceWindows firewallWindows Error Reporting ServicetWindows DefendervError reporting serviceeWindows update serviceWindows Image AcquisitionWebClienttWindows Security Center Notification AppyWindows Based Script HostWindows installer 32 bitWindows installerWindows 16-bit Virtual MachineWindows Management InstrumentationWindows User Mode Driver ManagerMS tftpMS ftp 32 bitMS ftpMicrosoft Help and Support CenterCmd.exe 32 bitCmd.exeWindows Logon User Interface HostWindows updatetGoogle ChromerOpera Internet BrowserMozilla Thunderbird Mail and News ClientdFirefox browserServices.exe%SystemRoot%\msagent\agentsvr.exe%SystemRoot%\System32\dfrgfat.exe%SystemRoot%\System32\dfrgntfs.exe%SystemRoot%\System32\services.exe%SystemRoot%\System32\svchost.exe%SystemRoot%\System32\alg.exe%SystemRoot%\System32\spoolsv.exe%SystemRoot%\System32\net.exe%SystemRoot%\System32\net1.exe%SystemRoot%\System32\cmd.exe%SystemRoot%\System32\notepad.exe%SystemRoot%\System32\calc.exe%SystemRoot%\System32\PTF.exe%SystemRoot%\System32\tPTF.exe%SystemRoot%\System32\telnet.exe%SystemRoot%\System32\taskkill.exe%SystemRoot%\System32\ctfmon.exe%SystemRoot%\System32\wdfmgr.exe%SystemRoot%\System32\mmc.exe%SystemRoot%\System32\userinit.exe%SystemRoot%\System32\wbem\wmiprvse.exe%SystemRoot%\System32\wbem\wmiadap.exe%SystemRoot%\explorer.exe%SystemRoot%\System32\lsass.exe%SystemRoot%\System32\winlogon.exe%SystemRoot%\System32\LogonUI.exe%SystemRoot%\System32\wuauclt.exe%SystemRoot%\System32\wuauclt1.exe%SystemRoot%\System32\CCM\CcmExec.exe%SystemRoot%\System32\csrss.exe%SystemRoot%\System32\smss.exe\SystemRoot\System32\smss.exe%SystemRoot%\System32\inetsrv\w3wp.exe%SystemRoot%\System32\schtasks.exe%SystemRoot%\System32\tstheme.exe%SystemRoot%\System32\control.exe%SystemRoot%\System32\taskmgr.exe%SystemRoot%\System32\dwwin.exe%SystemRoot%\System32\drwtsn32.exe%SystemRoot%\System32\dumprep.exe%SystemRoot%\System32\dfssvc.exe%SystemRoot%\System32\dllhost.exe%SystemRoot%\System32\ntvdm.exe%SystemRoot%\System32\rundll32.exe%SystemRoot%\System32\msiexec.exe%SystemRoot%\System32\mshta.exe%SystemRoot%\System32\regsvr32.exe%SystemRoot%\System32\cscript.exe%SystemRoot%\System32\wscript.exe%SystemRoot%\System32\wscntfy.exe%SystemRoot%\System32\mstsc.exe%SystemRoot%\System32\dashost.exefar.exeFar.exeCLSID\{FC7D9E02-3F9E-11d3-93C0-00C04F72DAF7}\InprocServer32CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\LocalServer32CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32iedw.exe%SystemRoot%\System32\oobechk.exe%SystemRoot%\System32\oobe.exe%SystemRoot%\System32\psxss.exe%SystemRoot%\System32\internat.exeAcroRd32.exeexcel.exeoutlook.exewinword.exepowerpnt.exewmplayer.exefirefox.exethunderbird.exeOpera.exeWinRAR.exe%SystemRoot%\System32\wininit.exe%SystemRoot%\System32\lsm.exe%SystemRoot%\System32\dwm.exe%SystemRoot%\System32\werfault.exe%SystemRoot%\System32\taskeng.exe%SystemRoot%\System32\conime.exe%SystemRoot%\System32\wudfhost.exe%SystemRoot%\System32\taskhost.exe%SystemRoot%\System32\conhost.exe%SystemRoot%\System32\rdpclip.exe%SystemRoot%\System32\SearchFilterHost.exe%SystemRoot%\System32\SearchProtocolHost.execsrss.exesvchost.exealg.exesPptpMiniportTcpippsapi.dll127.0.0.1\\.\pipe\\\.\mailslot\SOFTWARE\Microsoft\Windows NT\CurrentVersion\\.\Pipe\\\.\Mailslot\ncacn_ip_tcp:ncadg_ip_udp:\\pipe\\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShellRemediationExeSOFTWARE\Classes\SCCM.VAppLauncher\shell\Open\commandSOFTWARE\Classes\CLSID\{00AAB372-0D6D-4976-B5F5-9BC7605E30BB}\LocalServer32SOFTWARE\Classes\CLSID\{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}\LocalServer32SOFTWARE\Classes\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}\LocalServer32SOFTWARE\Classes\CLSID\{03e64e17-b220-4052-9b9b-155f9cb8e016}\LocalServer32SOFTWARE\Classes\CLSID\{1F69F884-285E-418E-9715-B9EEE402DD5F}\LocalServer32Software\Microsoft\Windows\CurrentVersion\WINEVT\publishersWindows checker1.0.0.3432wincheck.exe0, 0, 8, 16FeEQMIQs.exe_1552_rwx_05990000_00001000:.text.rdata@.dataFeEQMIQs.exe_1552_rwx_06230000_00004000:Web Client NetworkMicrosoft Windows NetworkFeEQMIQs.exe_1552_rwx_06240000_00004000:Microsoft Windows NetworkFeEQMIQs.exe_1552_rwx_06250000_00004000:Microsoft Windows Network\\WEBHOSTjWcYYUcg.exe_524_rwx_00401000_000EA000:C{?%f{[7.qU6TNcMdIvND.LOrg.eH^\w|.LVQfC%ddW0WaZ@%diO%%Sg[%dZrl}9fT{E!.Lg:\D.vYm.TpM.WYky??%sn6.wbK3Am%foEW%d[k#k[w[.dxHo%sd^.pgVM.XU\:.TU:67Y[mre%sRx.AF{-F.dA}R9zE46}GF{-A}d8Rx.AMbRx.AJVy-A}y1]~]{:&]{>Mr.0M8.wMF@%uF5@.FJr|M-9Q2.QDs]{>EkAC.AZ?]mYS_;-h}_/%s>AbGcMd7FZZZZ%&aTF{-A}d8Rx.AZu`\Vb)Rx.AN~2Rx.AF zx.ASs)Rx.AF{-6s z]sc.Pu).KQ>6VyT%FZd?%x1u2S.cp~%m"%UR.BFX7.Cd"w/1:,*-.1#k%U,:EW.yY%cMV=hC%x}7.Gl^z>fAd:%U.cW a]{.iA88=d0,.eJKV.eb.CYf?a8=Btcpc.lI'c.fI!x.sd64%UMv4%UEInb2software\microsoft\windows\currentversion\run%uNaO.YtUOMicrosoft Windows eine Wiederherstellung in einem Moment beginnen..klicken, um zu kopierenStrafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich beschffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1.Machen BitCoin Zahlung:2|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5DKlicken Sie auf "Import / Export".6- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.78Klicken Sie auf "Sweep Key".9.Internationale Anbieter=WebbrowserD&de.bitcoin.it/wiki/GKennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f~Microsoft Windows will begin a restoration process in a moment.Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,Enter your e-mail address(optional) and password. Make sure your password is secure.-zSave your password safely, preferably offline(click Notepad)..Follow the steps prompted on the website and pay close attention to the security recommendations.1tLogin to your Bitcoin wallet blockchain.info/wallet/login 54Click on Import / Export. 6Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7$Click 'Sweep Key'.9.International Exchanges=&en.bitcoin.it/wiki/GKnow the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.Jun reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)Microsoft Windows inizierImporto:Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo\Registrazione di un nuovo portafoglio BitCoin:Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo passwordSalvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.72Fare clic su 'Sweep Key'.9&it.bitcoin.it/wiki/GConoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.JMicrosoft Windows se iniciarFine Importe:n de Windows sin posibilidad de recuperaciOperacin: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,gina web y prestar mucha atencipAcceda a su cartera blockchain.info/wallet/login Bitcoin5FHaga clic en "Importar / Exportar".6sculas) y haga clic en" Add Private Key ".72Haga clic en 'Sweep Key'.9Navegador WebD&es.bitcoin.it/wiki/Gn de copyright. Visita copyright.gov/help/faq/faq-infringement.html para mjWcYYUcg.exe_524_rwx_00720000_00001000:%WinDir%\TEMPjWcYYUcg.exe_524_rwx_00780000_00001000:%Documents and Settings%\LocalService\NwIscAww\rSwooYMMjWcYYUcg.exe_524_rwx_00790000_00001000:%Documents and Settings%\All Users\hUEQccwo\FeEQMIQsjWcYYUcg.exe_524_rwx_007B0000_000E9000:C{?%f{[7.qU6TNcMdIvND.LOrg.eH^\w|.LVQfC%ddW0WaZ@%diO%%Sg[%dZrl}9fT{E!.Lg:\D.vYm.TpM.WYky??%sn6.wbK3Am%foEW%d[k#k[w[.dxHo%sd^.pgVM.XU\:.TU:67Y[mre%sRx.AF{-F.dA}R9zE46}GF{-A}d8Rx.AMbRx.AJVy-A}y1]~]{:&]{>Mr.0M8.wMF@%uF5@.FJr|M-9Q2.QDs]{>EkAC.AZ?]mYS_;-h}_/%s>AbGcMd7FZZZZ%&aTF{-A}d8Rx.AZu`\Vb)Rx.AN~2Rx.AF zx.ASs)Rx.AF{-6s z]sc.Pu).KQ>6VyT%FZd?%x1u2S.cp~%m"%UR.BFX7.Cd"w/1:,*-.1#k%U,:EW.yY%cMV=hC%x}7.Gl^z>fAd:%U.cW a]{.iA88=d0,.eJKV.eb.CYf?a8=Btcpx.sd64%UMv4%UEInb%uNaO.YtUOMicrosoft Windows eine Wiederherstellung in einem Moment beginnen..klicken, um zu kopierenStrafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich beschffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1.Machen BitCoin Zahlung:2|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5DKlicken Sie auf "Import / Export".6- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.78Klicken Sie auf "Sweep Key".9.Internationale Anbieter=WebbrowserD&de.bitcoin.it/wiki/GKennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f~Microsoft Windows will begin a restoration process in a moment.Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,Enter your e-mail address(optional) and password. Make sure your password is secure.-zSave your password safely, preferably offline(click Notepad)..Follow the steps prompted on the website and pay close attention to the security recommendations.1tLogin to your Bitcoin wallet blockchain.info/wallet/login 54Click on Import / Export. 6Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7$Click 'Sweep Key'.9.International Exchanges=&en.bitcoin.it/wiki/GKnow the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.Jun reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)Microsoft Windows inizierImporto:Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo\Registrazione di un nuovo portafoglio BitCoin:Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo passwordSalvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.72Fare clic su 'Sweep Key'.9&it.bitcoin.it/wiki/GConoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.JMicrosoft Windows se iniciarFine Importe:n de Windows sin posibilidad de recuperaciOperacin: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,gina web y prestar mucha atencipAcceda a su cartera blockchain.info/wallet/login Bitcoin5FHaga clic en "Importar / Exportar".6sculas) y haga clic en" Add Private Key ".72Haga clic en 'Sweep Key'.9Navegador WebD&es.bitcoin.it/wiki/Gn de copyright. Visita copyright.gov/help/faq/faq-infringement.html para mjWcYYUcg.exe_524_rwx_00BA0000_00001000:%Documents and Settings%\LocalService\NwIscAww\rSwooYMM.infjWcYYUcg.exe_524_rwx_00BB0000_00001000:%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.infjWcYYUcg.exe_524_rwx_00BC0000_00001000:%Documents and Settings%\LocalService\NwIscAww\rSwooYMM.exejWcYYUcg.exe_524_rwx_00BD0000_00001000:%Documents and Settings%\All Users\hUEQccwo\FeEQMIQs.exejWcYYUcg.exe_524_rwx_00C00000_00001000:rSwooYMM.exejWcYYUcg.exe_524_rwx_00C10000_00001000:FeEQMIQs.exejWcYYUcg.exe_524_rwx_00C20000_00001000:taskkill /FI "USERNAME eq SYSTEM" /F /IM rSwooYMM.exejWcYYUcg.exe_524_rwx_00C30000_00001000:taskkill /FI "USERNAME eq SYSTEM" /F /IM FeEQMIQs.exe