HEUR:Trojan.Win32.Generic (Kaspersky), Gen:Variant.Kazy.1750 (B) (Emsisoft), Gen:Variant.Kazy.1750 (AdAware), ZeroAccess.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: a5f5785c10c675631715d357a5cfc858
SHA1: 7257374498e1bec5b08155dad2b3cc34bddce226
SHA256: 6ee0dcd04047b4ee72874027c8644a2cba0bf2a8730a6c34a03df1030d832bce
SSDeep: 24576:EWMl9ebI2gXNd2ih/lSY7elaMFOgIM7MFYw SNzbetmFb3EYe78OoAkdj:Z4dyC/YHaMPIM7MF51zatmx3e7Xg
Size: 1048064 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2015-02-07 11:53:36
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:1116
The Trojan injects its code into the following process(es):
fGAwoYMM.exe:172
reIEcoQI.exe:1532
NesIMIQs.exe:368
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process fGAwoYMM.exe:172 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (11518 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (7385 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (35505 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (7385 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (7433 bytes)
C:\totalcmd\TCUNINST.EXE.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (10177 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (7433 bytes)
C:\totalcmd\TCMDX32.EXE.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (7385 bytes)
C:\totalcmd\TcUsbRun.exe (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (7971 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (7385 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp (0 bytes)
C:\totalcmd\TCUNINST.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp (0 bytes)
C:\totalcmd\TCMADMIN.EXE (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg (0 bytes)
C:\totalcmd\TCMDX32.EXE (0 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg (0 bytes)
C:\totalcmd\TOTALCMD.EXE (0 bytes)
The process %original file name%.exe:1116 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (7785 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (7809 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\airappinstaller.exe (54 bytes)
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (7785 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\togwUkoI.bat (4 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\togwUkoI.bat (0 bytes)
Registry activity
The process fGAwoYMM.exe:172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 FA CB AF 43 24 8A 61 FC 37 63 11 95 D9 2F 6D"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
The process reIEcoQI.exe:1532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 59 F4 FF 79 09 64 8E 94 58 E2 B3 D6 6A 7C B7"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process %original file name%.exe:1116 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 7E 57 A2 BC D5 93 E3 39 86 B6 EC 9B EE 65 21"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
The Trojan adds the reference to itself to be executed when a user logs on:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe,%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe,"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
The process NesIMIQs.exe:368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 77 26 D0 72 F3 37 D6 96 EB 16 23 44 36 5A FD"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe"
Dropped PE files
MD5 | File path |
---|---|
489da5a9c5e7ffb24a571bf6b43a6feb | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe |
1b8541cda8c6f9099df8c615899f3610 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe |
3c5f8d07e01ecddf70e08d93ef0e00b9 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe |
12da91268c52aac7801080f40c26d5d9 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe |
0a6f7c220b70e0df25bf8df61c1ea5d5 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe |
6a37648c7025430cb61a3a21ad1f80ee | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe |
61d1a830fece3cf7bc05c96d66bfb80e | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe |
b9572630ece0a0b5d918fd4632fde019 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe |
0dbbd2dfd7972b133edf5a6ffb32ab28 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe |
de42daea27c284c1375274d39aa4433e | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe |
dec9294a97b312d41a087d96cf5c40bc | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe |
784c84d9c11601e1f96f160dc856706e | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe |
a3a45710351c55a6790aab0a46c4703e | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe |
13d518deaae4675015665c43e4fc3743 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe |
1d359cc25021875f44f00b3504a7a97c | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe |
2a46e15b25237b248d5c0174daa72a58 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe |
6bcf027bfe32fc83834cdc8c222d0ccb | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe |
e4c6f77ea5c7a8a9f0770adabbf647c9 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe |
6f1ba44e08ecd493247a987cc72bec9d | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe |
c45b1593df76ff83296f8442ef849df8 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe |
ed8135484df5f83c3939c61d66eb35f6 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe |
fe6f83cd6e1cc43acff28c45abea8270 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe |
a1a54174e9e157b9b62982833d9caee3 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe |
8ca581dbffdbfb8962b7f34f5992b18a | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe |
985946d13c06e212c1eac315f1607439 | c:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe |
4ad90f946cacf114163ed458bb09a8a0 | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe |
0f65edc5176b43dbaf6b913b2d72ccdb | c:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe |
a00a1cbd1da55715dac5800f7a33bde4 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe |
e1e1d93037e538caf8e13dcbbc698f03 | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe |
75a87a7790fc8d53a21eb13dc81f977e | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe |
932205716ea67b1ed4813b84b5ecb12e | c:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe |
3850c5442dccf1c75a74f53325d9d2b8 | c:\Documents and Settings\All Users\JuwEIgUE\reIEcoQI.exe |
f1384f94fa181755526474c9a9470a0d | c:\Documents and Settings\All Users\hcYYccwo\NesIMIQs.exe |
f1546e6359715c3a87273760a935be8d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\airappinstaller.exe |
ed6ac6ab7c1e63231fdf072b00322b7e | c:\Documents and Settings\"%CurrentUserName%"\dUskcAww\fGAwoYMM.exe |
7cb81f7d881af675f87905c1949ca1a8 | c:\Perl\eg\IEExamples\ie_animated.gif.exe |
bd3521000e7572d1dc8b84d94fe8dfe6 | c:\Perl\eg\IEExamples\psbwlogo.gif.exe |
9d2620dabcdb1d30b09317f76788b107 | c:\Perl\eg\aspSamples\ASbanner.gif.exe |
68f22c3a0438318e7e0d4a5cf70d2e71 | c:\Perl\eg\aspSamples\Main_Banner.gif.exe |
caa0e0bea0e13aa6d3cbb4d3394828c5 | c:\Perl\eg\aspSamples\psbwlogo.gif.exe |
d6eafe7685e1a45188d4c273a490d948 | c:\Perl\html\images\AS_logo.gif.exe |
c1d36ac3a0e846e37ec8465797cde33c | c:\Perl\html\images\PerlCritic_run.png.exe |
a3ceb5642d2da2d07b4a5d6ae0508c8f | c:\Perl\html\images\aslogo.gif.exe |
dba368357ec31e4a77573b23b2fdc9c3 | c:\Perl\html\images\ppm_gui.png.exe |
b3fcb0f3475b63b47b432ba6a7b97482 | c:\Perl\lib\ActivePerl\PPM\images\gecko.png.exe |
b264f8c223e4aa8d078d2c112f2357c3 | c:\Perl\lib\ActivePerl\PPM\images\perl_48x48.png.exe |
00f20961304a43cbfd7fb3efc0ad69ac | c:\Perl\lib\Devel\NYTProf\js\asc.png.exe |
4d1e75f758aab63fd9dc725797ef896d | c:\Perl\lib\Devel\NYTProf\js\bg.png.exe |
7ab9c11ad0b860849961d9e56c7f5c8e | c:\Perl\lib\Devel\NYTProf\js\desc.png.exe |
2ff43acac970fa7102feb382b4257cb4 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient.png.exe |
4176180a2dcbd812bd4a943db8985ece | c:\Perl\lib\Devel\NYTProf\js\jit\gradient20.png.exe |
10700142f48d468d8e43e1d1e3102af5 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient30.png.exe |
b2f472142085209fc7d4d29a4a1d2f30 | c:\Perl\lib\Devel\NYTProf\js\jit\gradient40.png.exe |
81821d1d423f284be829b379a9309a8c | c:\Perl\lib\Devel\NYTProf\js\jit\gradient50.png.exe |
95df8517647c7c99a79e80f98533ddf8 | c:\Perl\lib\Mozilla\CA\cacert.pem.exe |
30da4fa10afc7581e7b9ddcabc3791bb | c:\totalcmd\TCMADMIN.EXE.exe |
449c6526a840664d2cd5a10922f5b05e | c:\totalcmd\TCMDX32.EXE.exe |
7dae5a72b7e1e6cd8884daf2110a9bc5 | c:\totalcmd\TCUNINST.EXE.exe |
4b26c0b5e4ec364a8025bc8a90629abd | c:\totalcmd\TOTALCMD.EXE.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1116
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma.exe (11518 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\adm.bmp.exe (7385 bytes)
C:\totalcmd\TOTALCMD.EXE.exe (35505 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe (7385 bytes)
C:\totalcmd\TCMADMIN.EXE.exe (7433 bytes)
C:\totalcmd\TCUNINST.EXE.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\KAAo.txt (55978 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.exe (10177 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg.exe (7433 bytes)
C:\totalcmd\TCMDX32.EXE.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe (7385 bytes)
C:\totalcmd\TcUsbRun.exe (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe (7971 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe (7385 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe (7385 bytes)
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe (7785 bytes)
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe (7809 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\airappinstaller.exe (54 bytes)
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe (7785 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\togwUkoI.bat (4 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"fGAwoYMM.exe" = "%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NesIMIQs.exe" = "%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe" - Remove the references to the Trojan by modifying the following registry value(s) (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe,%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe," - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 1044480 | 1043968 | 5.4707 | 7949a0ce97ee53b66fa1692019854cac |
.rdata | 1048576 | 4096 | 512 | 2.02235 | f5342982db76db739311e8ffb70df087 |
.data | 1052672 | 5 | 512 | 0.070639 | 28cada0d81a5e8b623746c81588d56a0 |
.rsrc | 1056768 | 1372 | 1536 | 2.2015 | a877c57c2100c35dbdfe9db54083a876 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://google.com/ | 173.194.113.193 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET / HTTP/1.1
Host: google.com
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=2r4IVYTXFMOk8wfyqID4BA
Content-Length: 262
Date: Tue, 17 Mar 2015 23:55:06 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=2r4IVYTXFMOk8wfyqID4BA">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=2r4IVYTXFMOk8wfyqID4BA..Content-Length: 262..Date: Tue, 17 Mar 2015 23:55:06 GMT..Server: GFE/2.0..Alternate-Protocol: 80:quic,p=0.5..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://www.google.com.ua/?gfe_rd=cr&ei=2r4IVYTXFMOk8wfyqID4BA">here</A>...</BODY></HTML>....
GET / HTTP/1.1
Host: google.com
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=2b4IVaGLI8uk8we7tIGQAw
Content-Length: 262
Date: Tue, 17 Mar 2015 23:55:05 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=2b4IVaGLI8uk8we7tIGQAw">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Cache-Control: private..Content-Type: text/html; charset=UTF-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=2b4IVaGLI8uk8we7tIGQAw..Content-Length: 262..Date: Tue, 17 Mar 2015 23:55:05 GMT..Server: GFE/2.0..Alternate-Protocol: 80:quic,p=0.5..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://www.google.com.ua/?gfe_rd=cr&ei=2b4IVaGLI8uk8we7tIGQAw">here</A>...</BODY></HTML>....
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
fGAwoYMM.exe_172:
.text
.text
.rdata
.rdata
@.data
@.data
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
L#%C?
L#%C?
Microsoft Windows
Microsoft Windows
oleaut32.dll
oleaut32.dll
ntdll.dll
ntdll.dll
kernel32.dll
kernel32.dll
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
fGAwoYMM.exe_172_rwx_00401000_000EA000:
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
L#%C?
L#%C?
Microsoft Windows
Microsoft Windows
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
fGAwoYMM.exe_172_rwx_009A0000_00001000:
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp
NesIMIQs.exe_368:
.text
.text
.rdata
.rdata
@.data
@.data
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
.xn&)
.xn&)
x.sd6
x.sd6
Microsoft Windows
Microsoft Windows
%uNaO
%uNaO
.YtUO
.YtUO
ntdll.dll
ntdll.dll
kernel32.dll
kernel32.dll
user32.dll
user32.dll
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
reIEcoQI.exe_1532:
.text
.text
.rdata
.rdata
@.data
@.data
C{?%f{[
C{?%f{[
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
x.sd6
x.sd6
4%UMv
4%UMv
4%UEInb
4%UEInb
V0S%u};
V0S%u};
2software\microsoft\windows\currentversion\run
2software\microsoft\windows\currentversion\run
%uNaO
%uNaO
.YtUO
.YtUO
shell32.dll
shell32.dll
advapi32.dll
advapi32.dll
user32.dll
user32.dll
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
fGAwoYMM.exe_172_rwx_00A00000_00001000:
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM
fGAwoYMM.exe_172_rwx_00A10000_00001000:
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs
fGAwoYMM.exe_172_rwx_00A30000_000E9000:
C{?%f{[
C{?%f{[
7.qU6
7.qU6
TNcMdI
TNcMdI
vND.LOrg
vND.LOrg
.eH^\
.eH^\
w|.LV
w|.LV
QfC%d
QfC%d
dW0WaZ@%di
dW0WaZ@%di
O%%Sg
O%%Sg
[%dZr
[%dZr
l}9fT{
l}9fT{
E!.Lg:
E!.Lg:
\D.vY
\D.vY
m.TpM
m.TpM
.WYky?
.WYky?
?%sn6
?%sn6
.wbK3
.wbK3
Am%foEW
Am%foEW
%d[k#
%d[k#
k[w[.dx
k[w[.dx
Ho%sd^
Ho%sd^
.pgVM
.pgVM
.XU\:
.XU\:
.TU:67Y[
.TU:67Y[
mre%s
mre%s
Rx.AF{-F
Rx.AF{-F
.dA}R
.dA}R
9zE46}GF{-A}d8
9zE46}GF{-A}d8
Rx.AMb
Rx.AMb
Rx.AJ
Rx.AJ
Vy-A}y1
Vy-A}y1
]~]{:&]{>
]~]{:&]{>
Mr.0M8.wM
Mr.0M8.wM
F@%uF
F@%uF
5@.FJ
5@.FJ
r|M-
r|M-
9Q2.QD
9Q2.QD
s]{>EkAC.AZ?
s]{>EkAC.AZ?
]mYS_;-h}_/
]mYS_;-h}_/
%s>Ab
%s>Ab
GcMd
GcMd
7FZZZZ%
7FZZZZ%
&aTF{-A}d8
&aTF{-A}d8
Rx.AZu`\Vb)
Rx.AZu`\Vb)
Rx.AN~2
Rx.AN~2
Rx.AF z
Rx.AF z
x.ASs)
x.ASs)
Rx.AF{-6s z
Rx.AF{-6s z
]sc.Pu
]sc.Pu
).KQ>6V
).KQ>6V
yT%FZ
yT%FZ
d?%x1
d?%x1
u2S.cp
u2S.cp
~%m"%U
~%m"%U
R.BFX7
R.BFX7
.Cd"w
.Cd"w
/1:,*-.1
/1:,*-.1
#k%U,
#k%U,
:EW.yY
:EW.yY
%cMV=
%cMV=
hC%x}7
hC%x}7
.Gl^z
.Gl^z
>fAd:%U
>fAd:%U
.cW a
.cW a
]{.iA8
]{.iA8
8=d0,.eJ
8=d0,.eJ
KV.eb
KV.eb
.CYf?a8
.CYf?a8
=Btcp
=Btcp
x.sd6
x.sd6
4%UMv
4%UMv
4%UEInb
4%UEInb
%uNaO
%uNaO
.YtUO
.YtUO
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
Microsoft Windows eine Wiederherstellung in einem Moment beginnen.
.klicken, um zu kopieren
.klicken, um zu kopieren
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
Strafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich besch
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
ffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1
.Machen BitCoin Zahlung:2
.Machen BitCoin Zahlung:2
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5
DKlicken Sie auf "Import / Export".6
DKlicken Sie auf "Import / Export".6
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.7
8Klicken Sie auf "Sweep Key".9
8Klicken Sie auf "Sweep Key".9
.Internationale Anbieter=
.Internationale Anbieter=
WebbrowserD
WebbrowserD
&de.bitcoin.it/wiki/G
&de.bitcoin.it/wiki/G
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
Kennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f
~Microsoft Windows will begin a restoration process in a moment.
~Microsoft Windows will begin a restoration process in a moment.
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,
Enter your e-mail address(optional) and password. Make sure your password is secure.-
Enter your e-mail address(optional) and password. Make sure your password is secure.-
zSave your password safely, preferably offline(click Notepad)..
zSave your password safely, preferably offline(click Notepad)..
Follow the steps prompted on the website and pay close attention to the security recommendations.1
Follow the steps prompted on the website and pay close attention to the security recommendations.1
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
tLogin to your Bitcoin wallet blockchain.info/wallet/login 5
4Click on Import / Export. 6
4Click on Import / Export. 6
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7
$Click 'Sweep Key'.9
$Click 'Sweep Key'.9
.International Exchanges=
.International Exchanges=
&en.bitcoin.it/wiki/G
&en.bitcoin.it/wiki/G
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
Know the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.J
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)
Microsoft Windows inizier
Microsoft Windows inizier
Importo:
Importo:
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo
\Registrazione di un nuovo portafoglio BitCoin:
\Registrazione di un nuovo portafoglio BitCoin:
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo password
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Salvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.7
2Fare clic su 'Sweep Key'.9
2Fare clic su 'Sweep Key'.9
&it.bitcoin.it/wiki/G
&it.bitcoin.it/wiki/G
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Conoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.J
Microsoft Windows se iniciar
Microsoft Windows se iniciar
Fine Importe:
Fine Importe:
n de Windows sin posibilidad de recuperaci
n de Windows sin posibilidad de recuperaci
Operaci
Operaci
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
n: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,
gina web y prestar mucha atenci
gina web y prestar mucha atenci
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
pAcceda a su cartera blockchain.info/wallet/login Bitcoin5
FHaga clic en "Importar / Exportar".6
FHaga clic en "Importar / Exportar".6
sculas) y haga clic en" Add Private Key ".7
sculas) y haga clic en" Add Private Key ".7
2Haga clic en 'Sweep Key'.9
2Haga clic en 'Sweep Key'.9
Navegador WebD
Navegador WebD
&es.bitcoin.it/wiki/G
&es.bitcoin.it/wiki/G
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
n de copyright. Visita copyright.gov/help/faq/faq-infringement.html para m
fGAwoYMM.exe_172_rwx_00E20000_00001000:
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.inf
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.inf
fGAwoYMM.exe_172_rwx_00E30000_00001000:
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.inf
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.inf
fGAwoYMM.exe_172_rwx_00E40000_00001000:
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe
%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exe
fGAwoYMM.exe_172_rwx_00E50000_00001000:
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe
%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exe
fGAwoYMM.exe_172_rwx_00E80000_00001000:
fGAwoYMM.exe
fGAwoYMM.exe
fGAwoYMM.exe_172_rwx_00E90000_00001000:
NesIMIQs.exe
NesIMIQs.exe
fGAwoYMM.exe_172_rwx_00EA0000_00001000:
taskkill /FI "USERNAME eq adm" /F /IM fGAwoYMM.exe
taskkill /FI "USERNAME eq adm" /F /IM fGAwoYMM.exe
fGAwoYMM.exe_172_rwx_00EB0000_00001000:
taskkill /FI "USERNAME eq adm" /F /IM NesIMIQs.exe
taskkill /FI "USERNAME eq adm" /F /IM NesIMIQs.exe
fGAwoYMM.exe_172_rwx_00EC0000_00001000:
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe
%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exe
fGAwoYMM.exe_172_rwx_00ED0000_00001000:
%Documents and Settings%\All Users\KAAo.txt
%Documents and Settings%\All Users\KAAo.txt
fGAwoYMM.exe_172_rwx_00EE0000_00001000:
notepad.exe "%Documents and Settings%\All Users\KAAo.txt"
notepad.exe "%Documents and Settings%\All Users\KAAo.txt"
fGAwoYMM.exe_172_rwx_00EF0000_00001000:
%Documents and Settings%\All Users\JuwEIgUE
%Documents and Settings%\All Users\JuwEIgUE
fGAwoYMM.exe_172_rwx_01170000_00001000:
.text
.text
`.rdata
`.rdata
@.data
@.data
fGAwoYMM.exe_172_rwx_01190000_02300000:
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
VkKeyScanA
VkKeyScanA
user32.dll
user32.dll
kernel32.dll
kernel32.dll
?#.siW4>E
?#.siW4>E
"VC8:%C
"VC8:%C
x:.kCj
x:.kCj
8".cp
8".cp
.rB^*B
.rB^*B
.CsO.[
.CsO.[
.tcn$zSE-
.tcn$zSE-
-Fs}4
-Fs}4
pXPm.IBg
pXPm.IBg
.sBV},
.sBV},
v@.Fe
v@.Fe
T'%xD[
T'%xD[
Q-Pt.oh=D
Q-Pt.oh=D
>`/uDp
>`/uDp
H1.Bq
H1.Bq
-F3}\
-F3}\
rVc%u
rVc%u
Y.bL,
Y.bL,
[H
[H
RKLTI%fP
RKLTI%fP
T0.aU4(
T0.aU4(
8js.Pc
8js.Pc
M%6XP
M%6XP
f YP%x
f YP%x
" T=%xn
" T=%xn
,.lgt
,.lgt
.XH%(d
.XH%(d
,N%fOS}
,N%fOS}
5vF,E%XpQ
5vF,E%XpQ
iPP%x"
iPP%x"
.fZ;N
.fZ;N
&(%U%
&(%U%
6d
6d
?%x7T=
?%x7T=
U%F"=kL
U%F"=kL
A"Ludp
A"Ludp
.BM#b0;
.BM#b0;
y0vcG|?R%X]
y0vcG|?R%X]
4q.NeW
4q.NeW
dHal6V%xqc
dHal6V%xqc
,*P%x
,*P%x
:\U%x
:\U%x
bb!WÂ
bb!WÂ
U%XN,v
U%XN,v
px?fREIR%X
px?fREIR%X
1U%X0
1U%X0
T%,(U%d:M
T%,(U%d:M
.sl$0X_|5
.sl$0X_|5
Y-zc}
Y-zc}
l6b.jLg6
l6b.jLg6
!.KW7]SMI
!.KW7]SMI
!Y(r%S
!Y(r%S
H=9\.Oi
H=9\.Oi
q-Q}=>
q-Q}=>
4.gR
4.gR
.YJR|
.YJR|
YI%fS;Iv
YI%fS;Iv
%xi$sU
%xi$sU
N).Hm
N).Hm
.Xr~%K
.Xr~%K
77%d%
77%d%
pr
{.td=
CS^.MbA
O},9CuUAZE~$J{q
*.ONC
%p.Ag
.lfh7
]%ð
Hv%xS^(.rqv.Shhpa.iTO%D!5QB3.DUClsGQE%St^.mDr.Mv3w%X7`0mfTp%S>}cl@@5sqLaGQ%cx=:XE.zd%x"V/y.TSk"]3(%uQy$%X:0T.mP80'.gqO@.ZXy&.pME%usuw%csuk?%fsu1S.Ebsu$J%csuKjPr%dsu#nsu%Ddh%usu*?~%ssuU7%usuP%xsu7H%xsuw.uxsu%dsuRf$%csu^U%esuMVL]%fsuVzsudE{sun%ssuJ}%ssuT%usu]O%usu75Z%xsuWsu.l.PERsu3=%ssudt=su%ssu%3sue.OYc5C.aE}<.zv>oE4.Oe.bA T!D.zBIw.RCIw.ZCV:\!HfGAwoYMM.exe_172_rwx_03B90000_01E00000:.text`.rdata@.data.rsrc@.relocu%Uh`QSSShQVSSht.PShT$lRSSh| "UDPQRhL$ QSShL$,QSShQSSShlVURVSShlVUt.Ph\tGHt.Ht&operand of unlimited repeat could match the empty stringPOSIX named classes are supported only within a classerroffset passed as NULLPOSIX collating elements are not supportedthis version of PCRE is not compiled with PCRE_UTF8 supportPCRE does not support \L, \l, \N{name}, \U, or \usupport for \P, \p, and \X has not been compiledthis version of PCRE is not compiled with PCRE_UCP support\N is not supported in a classinflate 1.2.5 Copyright 1995-2010 Mark AdlerPlease contact the application's support team for more information.- Attempt to initialize the CRT more than once.- CRT not initialized- floating point support not loadedoperatorGetProcessWindowStationUSER32.DLLRtlRunOnceExecuteOnceadvapi32_hack::try_hack: bad PE passedadvapi32_hack::try_hack: cannot read import tableadvapi32_hack::try_hack: cannot find section .text.dataadvapi32_hack::try_hack: cannot find section .dataadvapi32_hack::try_hack: cannot read section .textCannot read module %s, error %dCannot read exports of %s, error %dadvapi32_hack::try_hack: cannot read exports, error %d.apisetBad .apiset catalog - don`t fit in sectionString in cat item %d not in sectionValue in cat item %d not in sectionBad referred in cat item %dDouble mapped value in cat item %d not in sectionBad double referred in cat item %dBaseSrvRegisterWowExecBaseSrvGetProcessShutdownParamBaseSrvSetProcessShutdownParambasesrv.dllUnknown size of BaseServerApiDispatchTable: %dServerDll[%d] %pcsrsrv.dllCsrExecServerThreadServerDll[%d]:ApiDispatchTable: %p %sConnectRoutine: %p %sDisconnectRoutine: %p %sHardErrorRoutine: %p %sAddProcessRoutine: %p %sShutdownProcessRoutine: %p %sCannot open dir %S, error %dclean_old_drvs: error %d on deleting file %SCannot find resource %XCannot load resource %XResource %d has zero lengthCannot lock resource %XCannot unpack resource %XCannot create file %S, error %d1.2.5Decompress buffer %d bytes too smallDxDvpWaitForVideoPortSyncDxDvpUpdateVideoPortDxDvpGetVideoPortConnectInfoDxDvpGetVideoPortOutputFormatsDxDvpGetVideoPortLineDxDvpGetVideoPortInputFormatsDxDvpGetVideoPortFlipStatusDxDvpGetVideoPortFieldDxDvpGetVideoPortBandwidthDxDvpFlipVideoPortDxDvpDestroyVideoPortDxDvpCreateVideoPortDxDvpCanCreateVideoPortDxDdSetColorKeyCannot read gaDxgFuncs handlers, readed %X bytes.rdataCannot read DxgCoreInterface handlers, readed %X bytesUnknown acpi table version: %XSBP2PORT_MaskSTORMINIPORT_MaskSTORPORT_MaskTCPIP6_MaskWSOCKTRANSPORT_MaskFCPORT_MaskSOFTPCI_MaskTCPIP_MaskSCSIMINIPORT_MaskSCSIPORT_MaskUnknown KdComponentTableSize size %Xdump_kd_masks return %X bytes, error %d, ntstatus %Xdump_kd_masks return %X bytes, error %ddump_kd_masks(%s) return %X bytes, error %d, ntstatus %Xdump_kd_masks(%s) return %X bytes, error %d%-*s: %Xread_kopts_length(%s) return %X bytes, error %d, ntstatus %Xread_kopts_length(%s) return %X bytes, error %dCannot alloc %X bytesCannot realloc %X bytes for %sread_kopts(%s) return %X bytes, error %d, ntstatus %Xread_kopts(%s) return %X bytes, error %d%S (%s): %X%S (%s):dump_kopts(%s) return %X bytes, error %d, ntstatus %Xdump_kopts(%s) return %X bytes, error %dMmSupportWriteWatchKiPassiveWatchdogTimeoutViImageExecutionOptionsDbgkErrorPortStartTimeoutDbgkErrorPortCommTimeoutMmDisablePagingExecutiveCmDefaultLanguageIdDbgkpMaxModuleMsgsIoCountOperationsKeDelayExecutionThreadresolve_IoFreeIrp: bad addr of %sget_interrupt_dispatch: cannot alloc %d bytesUnknown kernel options: %SPsGetProcessWin32WindowStationKeIsExecutingDpcbad addr of KeIsExecutingDpcBad pnp handler item %d (%d)Cannot find %sks.sys: cannot get KoCreateInstanceImportContextExportContextSpChangeAccountPasswordFnCallPackagePassthrough%SystemRoot%\System32\GetServiceAccountPasswordDPAPIPasswordChangeForGMSAGetCredentialKeyINotifyPasswordChanged%s PolicyChangeNotificationCallbacksPolicyChangeNotificationCallback[%d]: %d items[%d] %p %p %p %p %slsasrv_hack::try_hack: bad PE passedlsasrv_hack::try_hack: cannot find section .datalsasrv_hack::try_hack: cannot read section .datalsasrv_hack::try_hack: bad section passedlsasrv_hack::try_hack: cannot read exports, error %dLsaICallPackagePassthroughlsasrv.dllVaultLogonSessionNotification: %p %sStart of driver %S failed !WSPJoinLeafMSAFD_WSPSendMsgMSAFD_WSPRecvMsgmswsock.dllCheckProc: cannot open process PID %d, error %d, ntstatus %XCheckProc: cannot open process PID %d, error %dthreaded_processes_checker exception occured, error %XMyWindowsChecker: len %d, kernel name %sCannot get kernel name, error %dKill process %dCheck processes in %d threadsCannot find process %dUsage: %S [options]-wmi - report about WMI entries-uem - check for Unknown Executable Memory-npo - dump RPC Named Pipes Owner-rdata - check .rdata sections too-rpc - report about RPC interfacesDeriveKeyNotifyChangeKeyEnumKeysIsAlgSupportedFreeKeyDeleteKeyFinalizeKeySetKeyPropertyCreatePersistedKeyOpenKeyOpenPrivateKeyImportKeyImportMasterKeyGetKeyPropertyGenerateSessionKeysGenerateMasterKeyExportKeyCreateEphemeralKeyComputeEapKeyBlockncrypt_hack::check_in_proc: cannot alloc %d bytesGetKeyStorageInterfaceCannot load %s (copy of %s), error %dCannot load module %s, error %dCannot read module %s import tableNdisMRegisterMiniportDriverresolve_minidrivers_list: bad addr of NdisMRegisterMiniportDriverNdisMRegisterMiniportresolve_minidrivers_list: cannot find NdisMRegisterMiniportresolve_minidrivers_list: bad addr of NdisMRegisterMiniportresolve_miniports_list: cannot find NdisIMInitializeDeviceInstanceExresolve_miniports_list: bad addr of NdisIMInitializeDeviceInstanceExOID_CO_TAPI_DONT_REPORT_DIGITSOID_CO_TAPI_REPORT_DIGITSOID_QOS_OPERATIONAL_PARAMETERSOID_TCP_TASK_IPSEC_OFFLOAD_V2_ADD_SA_EXOID_TCP_TASK_IPSEC_OFFLOAD_V2_UPDATE_SAOID_TCP_TASK_IPSEC_OFFLOAD_V2_DELETE_SAOID_TCP_TASK_IPSEC_OFFLOAD_V2_ADD_SAOID_TCP_CONNECTION_OFFLOAD_PARAMETERSOID_FFP_SUPPORTOID_TCP_CONNECTION_OFFLOAD_HARDWARE_CAPABILITIESOID_TCP_CONNECTION_OFFLOAD_CURRENT_CONFIGOID_TCP_OFFLOAD_HARDWARE_CAPABILITIESOID_TCP_OFFLOAD_PARAMETERSOID_TCP_OFFLOAD_CURRENT_CONFIGOID_TCP6_OFFLOAD_STATSOID_TCP4_OFFLOAD_STATSOID_TCP_TASK_IPSEC_DELETE_UDPESP_SAOID_TCP_TASK_IPSEC_ADD_UDPESP_SAOID_TCP_SAN_SUPPORTOID_TCP_TASK_IPSEC_DELETE_SAOID_TCP_TASK_IPSEC_ADD_SAOID_TCP_TASK_OFFLOADOID_DOT11_SUPPORTED_DSSS_CHANNEL_LISTOID_DOT11_SUPPORTED_OFDM_FREQUENCY_LISTOID_DOT11_QOS_TX_QUEUES_SUPPORTEDOID_DOT11_AP_JOIN_REQUESTOID_DOT11_HR_CCA_MODE_SUPPORTEDOID_DOT11_FREQUENCY_BANDS_SUPPORTEDOID_DOT11_SUPPORTED_DATA_RATES_VALUEOID_DOT11_SUPPORTED_RX_ANTENNAOID_DOT11_SUPPORTED_TX_ANTENNAOID_DOT11_REG_DOMAINS_SUPPORT_VALUEOID_DOT11_CCA_MODE_SUPPORTEDOID_DOT11_SUPPORTED_POWER_LEVELSOID_DOT11_DIVERSITY_SUPPORTOID_DOT11_SUPPORTED_PHY_TYPESOID_DOT11_OPERATIONAL_RATE_SETOID_DOT11_JOIN_REQUESTOID_DOT11_CURRENT_OPERATION_MODEOID_DOT11_OPERATION_MODE_CAPABILITYOID_802_11_SUPPORTED_RATESOID_802_11_NETWORK_TYPES_SUPPORTEDOID_802_11_REMOVE_KEYOID_802_11_ADD_KEYOID_IRDA_SUPPORTED_SPEEDSOID_ATM_SUPPORTED_AAL_TYPESOID_ATM_SUPPORTED_SERVICE_CATEGORYOID_ATM_SUPPORTED_VC_RATESOID_FDDI_PORT_ACTIONOID_FDDI_PORT_HARDWARE_PRESENTOID_FDDI_PORT_LER_FLAGOID_FDDI_PORT_PC_WITHHOLDOID_FDDI_PORT_PCM_STATEOID_FDDI_PORT_CONNNECT_STATEOID_FDDI_PORT_LER_ALARMOID_FDDI_PORT_LER_CUTOFFOID_FDDI_PORT_LEM_CTOID_FDDI_PORT_LEM_REJECT_CTOID_FDDI_PORT_LER_ESTIMATEOID_FDDI_PORT_LCT_FAIL_CTOID_FDDI_PORT_EB_ERROR_CTOID_FDDI_PORT_PC_LSOID_FDDI_PORT_BS_FLAGOID_FDDI_PORT_MAINT_LSOID_FDDI_PORT_INDEXOID_FDDI_PORT_CONNECTION_CAPABILITIESOID_FDDI_PORT_PMD_CLASSOID_FDDI_PORT_MAC_LOOP_TIMEOID_FDDI_PORT_AVAILABLE_PATHSOID_FDDI_PORT_MAC_PLACEMENTOID_FDDI_PORT_REQUESTED_PATHSOID_FDDI_PORT_CURRENT_PATHOID_FDDI_PORT_MAC_INDICATEDOID_FDDI_PORT_CONNECTION_POLICIESOID_FDDI_PORT_NEIGHBOR_TYPEOID_FDDI_PORT_MY_TYPEOID_FDDI_MAC_DOWNSTREAM_PORT_TYPEOID_FDDI_SMT_MSG_TIME_STAMPOID_FDDI_SMT_BYPASS_PRESENTOID_FDDI_SMT_MAC_INDEXESOID_FDDI_SMT_PORT_INDEXESOID_TCP_RSC_STATISTICSOID_SWITCH_PORT_UPDATEDOID_GEN_OPERATIONAL_STATUSOID_SWITCH_PORT_TEARDOWNOID_SWITCH_PORT_FEATURE_STATUS_QUERYOID_SWITCH_PORT_DELETEOID_SWITCH_PORT_CREATEOID_SWITCH_PORT_ARRAYOID_SWITCH_PORT_PROPERTY_ENUMOID_SWITCH_PORT_PROPERTY_DELETEOID_SWITCH_PORT_PROPERTY_UPDATEOID_SWITCH_PORT_PROPERTY_ADDOID_NIC_SWITCH_DELETE_VPORTOID_NIC_SWITCH_ENUM_VPORTSOID_NIC_SWITCH_VPORT_PARAMETERSOID_NIC_SWITCH_CREATE_VPORTOID_GEN_MINIPORT_RESTART_ATTRIBUTESOID_GEN_PORT_AUTHENTICATION_PARAMETERSOID_GEN_PORT_STATEOID_GEN_ENUMERATE_PORTSOID_GEN_TRANSPORT_HEADER_OFFSETOID_GEN_SUPPORTED_GUIDSOID_GEN_MEDIA_SUPPORTEDOID_GEN_SUPPORTED_LISTCannot read gWfpGlobal, readed %X bytesCannot read Wfp callout count, readed %X bytesCannot read Wfp callouts, readed %X bytesCannot read WFP index functions, readed %X bytesiphlpapi.dll%SystemRoot%\System32\iphlpapi.dllAllocateAndGetTcpExTableFromStackAllocateAndGetUdpExTableFromStackGetExtendedTcpTableGetExtendedUdpTableFailed to snapshot TCP endpoints, error %dFailed to snapshot UDP endpoints, error %dCannot alloc %d bytes for UDP extended tableCannot alloc %d bytes for TCP extended tablentdll_hack::try_hack: bad PE passedntdll_hack::try_hack: cannot find section .textntdll_hack::try_hack: cannot read section .textntdll_hack::try_hack: bad section passedntdll_hack::try_hack: cannot read exports, error %d%s channel hooks:ChannelHook[%d]: %p (%p - %s) %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XChannelHook[%d]: %p (%p) %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XMallocSpy: %p vtbl %p - %swebclientmsiexec32msiexectftpftp32cmd32ccmexec32ccmexecchromeoperafirefoxProcess PID %d raise dwwin PID %dCannot alloc new process PID %d %SCannot open svchost process PID %d, error %dproc_list::read: CreateToolhelp32Snapshot failed with error %dPID %d Parent PID %d service {%S} %SPID %d Parent PID %d %SPID %d Parent PID %d kind {%S} %Sread_service_exe_name(%S): cannot expand string %SExWindowStationOpenProcedureCalloutExWindowStationParseProcedureCalloutExWindowStationDeleteProcedureCalloutExWindowStationCloseProcedureCalloutExWindowStationOkToCloseProcedureCalloutread_w8_callout failed, len %d, returned %d bytes, error %d, ntstatus %Xread_w8_callout failed, len %d, returned %d bytes, error %dPsWin32CallBack: %p %p %scheck_callouts: cannot alloc %X bytes (size %d)check_callouts failed, error %d, status %Xcheck_callouts failed, error %dCallouts (%d):%s: %p %sark_check_callbacks: cannot read size of callbacks list, error %d, ntstatus %Xark_check_callbacks: cannot read size of callbacks list, error %dark_check_callbacks: cannot read %d bytes (readed %d), error %d, ntstatus %Xark_check_callbacks: cannot read %d bytes (readed %d), error %dCB: %S, total %X:%p (%s)check_shutdown_callbacks: cannot read size of callbacks list, error %d, ntstatus %Xcheck_shutdown_callbacks: cannot read size of callbacks list, error %dcheck_shutdown_callbacks: cannot read callbacks list of %s, error %d, ntstatus %Xcheck_shutdown_callbacks: cannot read callbacks list of %s, error %d%s - %d:FastIoUnlockAllByKeyMJ_CREATE_NAMED_PIPE%s!%s.%s patched by %s, addr %p%s!%s[%d] patched by %s, addr %pCannot open driver dumpfile %s, error %dCannot open kernel dumpfile %s, error %dCannot read driver %s, error %dhal.dllShadow SDT: %p, limit %Xwin32k.sysCannot relocate section %s.%sCannot alloc %X bytes for reading driver section %s.%sDriver %s!%s has %X patched bytes !.orig.kmemCannot read driver section %s.%s (flags %X) at %p size %X readed %X, error %d, ntstatus %XCannot read driver section %s.%s (flags %X) at %p size %X readed %X, error %dCannot read kernel %s, error %dntoskrnl.exeCannot alloc %X bytes for reading kernel sectionsCannot relocate section %sKernelSection %s rva %X, size %X, 0x%X relocs has 0x%X patched bytes !Cannot read (whole) section %s (flags %X) at %p size %X (readed %X), error %d\SystemRoot\system32\hal.dll\SystemRoot\system32\halapic.dll\SystemRoot\system32\halmps.dll\SystemRoot\system32\halacpi.dll\SystemRoot\system32\halaacpi.dll\SystemRoot\system32\halmacpi.dll%SystemRoot%\System32\hal.dllhalapic.dllhalmps.dllhalacpi.dllhalaacpi.dllhalmacpi.dllDriver %S DrvObj %p:DriverUnload patched by %s, addr %pDriverStartIo patched by %s, addr %pAddDevice patched by %s, addr %pHandler %s patched by %s, addr %pHandler %s patched, addr %pHandler %d patched by %s, addr %pHandler %d patched, addr %pFastIOHandler %s patched by %s, addr %pFastIOHandler %s patched, addr %pFastIOHandler %d patched by %s, addr %pFastIOHandler %d patched, addr %pFS_FILTER_CALLBACKS %s patched by %s, addr %pFS_FILTER_CALLBACKS %s patched, addr %pFS_FILTER_CALLBACKS %d patched by %s, addr %pFS_FILTER_CALLBACKS %d patched, addr %pStartIo patched by %s, addr %pread_fsmjxxx(%S): cannot make full driver nameread_fsmjxxx(%S) failed, error %d, ntstatus %Xread_fsmjxxx(%S) failed, error %dread_mjxxx(%s): cannot make full driver nameread_mjxxx(%S) failed, error %d, ntstatus %Xread_mjxxx(%S) failed, error %dCannot alloc %X bytes for driver %s EAT checkingread_driver_eat %s failed, error %d, status %Xread_driver_eat %s failed, error %dExport addr %s.%s patched by %s !Export addr %s.%s patched !Export addr %s.%d patched by %s !Export addr %s.%d patched!\hal.dll\SystemRoot\system32\drivers\ndis.sysndis.sysdrivers\ndis.sys\SystemRoot\system32\DRIVERS\tdi.systdi.sysdrivers\tdi.sys\SystemRoot\system32\DRIVERS\tcpip.systcpip.sysdrivers\tcpip.sys\SystemRoot\system32\DRIVERS\netio.sysnetio.sysdrivers\netio.sys\SystemRoot\system32\DRIVERS\fltmgr.sysfltmgr.sysdrivers\fltmgr.sys\SystemRoot\system32\DRIVERS\ks.sysks.sysdrivers\ks.sys\SystemRoot\system32\DRIVERS\dxg.sysdrivers\dxg.sys\SystemRoot\system32\DRIVERS\dxgkrnl.sysdrivers\dxgkrnl.sys\SystemRoot\system32\DRIVERS\watchdog.sysdrivers\watchdog.sys\SystemRoot\system32\DRIVERS\ksecdd.sysksecdd.sysdrivers\ksecdd.sys\SystemRoot\System32\Drivers\Ntfs.sysntfs.sys\SystemRoot\system32\CLFS.SYSCLFS.SYS\SystemRoot\system32\drivers\ataport.sysataport.sys\SystemRoot\system32\drivers\atapi.sysatapi.sys\SystemRoot\system32\drivers\peauth.syspeauth.sys\SystemRoot\system32\drivers\WDFLDR.sysWDFLDR.sys\SystemRoot\system32\drivers\usbstor.sysusbstor.sys\SystemRoot\system32\drivers\usbd.sysusbd.sys\SystemRoot\system32\drivers\USBPORT.sysUSBPORT.sys\SystemRoot\system32\drivers\usbohci.sysusbohci.sys\SystemRoot\system32\drivers\usbehci.sysusbehci.sys\SystemRoot\system32\drivers\usbhub.sysusbhub.sys\SystemRoot\system32\drivers\usbccgp.sysusbccgp.sys\SystemRoot\system32\drivers\discache.sysdiscache.sys\SystemRoot\system32\drivers\termdd.systermdd.sys\SystemRoot\system32\drivers\rdppr.sysrdppr.sys\SystemRoot\system32\drivers\mssmbios.sysmssmbios.sys\SystemRoot\system32\drivers\1394BUS.SYS1394BUS.SYS\SystemRoot\system32\drivers\BATTC.SYSBATTC.SYS\SystemRoot\system32\drivers\bthport.sysbthport.sys\SystemRoot\system32\drivers\drmk.sysdrmk.sys\SystemRoot\system32\drivers\HIDPARSE.SYSHIDPARSE.SYS\SystemRoot\system32\drivers\HIDCLASS.SYSHIDCLASS.SYS\SystemRoot\system32\drivers\msiscsi.sysmsiscsi.sys\SystemRoot\system32\drivers\PCIIDEX.SYSPCIIDEX.SYS\SystemRoot\system32\drivers\portcls.sysportcls.sys\SystemRoot\system32\drivers\smsmdm.syssmsmdm.sys\SystemRoot\system32\drivers\STREAM.SYSSTREAM.SYS\SystemRoot\system32\drivers\vga.sysvga.sys\SystemRoot\system32\drivers\VIDEOPRT.SYSVIDEOPRT.SYS\SystemRoot\system32\drivers\vmstorfl.sysvmstorfl.sys\SystemRoot\system32\drivers\Dxapi.sysDxapi.sys\SystemRoot\system32\drivers\dxgthk.sysdxgthk.sys\SystemRoot\system32\drivers\dxgmms1.sysdxgmms1.sys\SystemRoot\system32\drivers\spsys.sysspsys.sys\SystemRoot\system32\drivers\winhv.syswinhv.sys\SystemRoot\system32\drivers\HdAudio.sysHdAudio.sys\SystemRoot\System32\cdd.dllcdd.dll\SystemRoot\System32\ATMFD.DLLATMFD.DLL\SystemRoot\System32\RDPDD.dllRDPDD.dll\SystemRoot\system32\drivers\vwifibus.sysvwifibus.sys\SystemRoot\system32\drivers\nwifi.sysnwifi.sys\SystemRoot\system32\drivers\vwififlt.sysvwififlt.sys\SystemRoot\system32\drivers\wfplwf.syswfplwf.sys\SystemRoot\system32\drivers\wfplwfs.syswfplwfs.sys\SystemRoot\system32\drivers\tmtdi.systmtdi.sys\SystemRoot\system32\drivers\netvsc60.sysnetvsc60.sys\SystemRoot\system32\drivers\mslldp.sysmslldp.sys\SystemRoot\system32\drivers\netvsc63.sysnetvsc63.sys\SystemRoot\system32\drivers\ndiscap.sysndiscap.sys\SystemRoot\system32\drivers\agilevpn.sysagilevpn.sys\SystemRoot\system32\drivers\asyncmac.sysasyncmac.sys\SystemRoot\system32\drivers\mpsdrv.sysmpsdrv.sys\SystemRoot\system32\drivers\rspndr.sysrspndr.sys\SystemRoot\system32\drivers\ndisuio.sysndisuio.sys\SystemRoot\system32\drivers\lltdio.syslltdio.sys\SystemRoot\system32\drivers\NDProxy.sysNDProxy.sys\SystemRoot\system32\drivers\raspppoe.sysraspppoe.sys\SystemRoot\system32\drivers\ndiswan.sysndiswan.sys\SystemRoot\system32\drivers\wanarp.syswanarp.sys\SystemRoot\system32\drivers\bthpan.sysbthpan.sys\SystemRoot\system32\drivers\rassstp.sysrassstp.sys\SystemRoot\system32\drivers\raspptp.sysraspptp.sys\SystemRoot\system32\drivers\rasl2tp.sysrasl2tp.sys\SystemRoot\system32\drivers\rasacd.sysrasacd.sys\SystemRoot\system32\drivers\tunnel.systunnel.sys\SystemRoot\system32\drivers\tunmp.systunmp.sys\SystemRoot\system32\drivers\pacer.syspacer.sys\SystemRoot\system32\drivers\NDISTAPI.SYSNDISTAPI.SYS\SystemRoot\system32\drivers\msgpc.sysmsgpc.sys\SystemRoot\system32\drivers\partmgr.syspartmgr.sys\SystemRoot\system32\drivers\volmgr.sysvolmgr.sys\SystemRoot\system32\drivers\volmgrx.sysvolmgrx.sys\SystemRoot\system32\drivers\mountmgr.sysmountmgr.sys\SystemRoot\system32\drivers\iaStor.sysiaStor.sys\SystemRoot\system32\drivers\volsnap.sysvolsnap.sys\SystemRoot\system32\drivers\ACPI.sysacpi.sys\SystemRoot\System32\Drivers\WppRecorder.sysWppRecorder.sys\SystemRoot\System32\Drivers\Mouclass.sysMouclass.sys\SystemRoot\System32\Drivers\kbdclass.syskbdclass.sys\SystemRoot\System32\Drivers\Fastfat.SYSFastfat.sys\SystemRoot\System32\Drivers\bowser.sysbowser.sys\SystemRoot\System32\Drivers\rdbss.sysrdbss.sys\SystemRoot\System32\Drivers\msfs.sysmsfs.sys\SystemRoot\System32\Drivers\NetBIOS.sysNetBIOS.sys\SystemRoot\System32\Drivers\mup.sysmup.sys\SystemRoot\System32\Drivers\dfs.sysdfs.sys\SystemRoot\System32\Drivers\dfsc.sysdfsc.sys\SystemRoot\System32\Drivers\npfs.SYSnpfs.sys\SystemRoot\System32\Drivers\luafv.SYSluafv.sys\SystemRoot\System32\Drivers\MRxSmb.SYSMRxSmb.sys\SystemRoot\System32\Drivers\MRxSmb10.SYSMRxSmb10.sys\SystemRoot\System32\Drivers\MRxSmb20.SYSMRxSmb20.sys\SystemRoot\System32\Drivers\MRxDAV.SYSMRxDAV.sys\SystemRoot\system32\Drivers\fltmgr.sys\SystemRoot\system32\Drivers\TDI.SYS\SystemRoot\system32\Drivers\tdx.sys\SystemRoot\system32\Drivers\ipfltdrv.sys\SystemRoot\system32\Drivers\tcpip.sys\SystemRoot\System32\drivers\afd.sysafd.sys\SystemRoot\System32\drivers\netbt.sys\SystemRoot\System32\drivers\NETIO.sys\SystemRoot\System32\drivers\srv.syssrv.sys\SystemRoot\System32\drivers\srv2.syssrv2.sys\SystemRoot\System32\drivers\srvnet.sys\SystemRoot\System32\drivers\sr.syssr.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\http.syshttp.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\msrpc.sysmsrpc.sys\SystemRoot\system32\DRIVERS\disk.sysdisk.sys\SystemRoot\system32\DRIVERS\ftdisk.sysftdisk.sys\SystemRoot\system32\DRIVERS\Storport.SYSStorport.SYS\SystemRoot\system32\DRIVERS\CLASSPNP.SYSCLASSPNP.SYS\SystemRoot\system32\Drivers\ks.sys\SystemRoot\System32\Drivers\ksecdd.sysksecdd.SYS\SystemRoot\system32\kdcom.dllkdcom.dll\SystemRoot\System32\Drivers\cng.syscng.sys\SystemRoot\system32\PSHED.dllPSHED.dll\SystemRoot\system32\CI.dllCI.dll\SystemRoot\system32\DRIVERS\WMILIB.SYSwmilib.sysCannot find %s for IAT resolving of %sCannot alloc %X bytes for drivers IAT checkingCannot find %s import %s.%sCannot find %s import %s.%dIAT %s %s.%s patched, addr %pIAT %s %s.%d patched, addr %pIAT %s %s.%s patched by %s, addr %pIAT %s %s.%d patched by %s, addr %p%s has %d patched IAT entries (total %d)reading of IAT %s failed, readed %X, actual IAT size %X, error %dcheck_exts count failed, error %d, ntstatus %Xcheck_exts count failed, error %dcheck_exts: cannot alloc %X bytescheck_exts failed, error %d, ntstatus %Xcheck_exts failed, error %dExt[%X]:Handler1: %p %sHandler2: %p %sHandler3: %p %sTable: %X items %p %sItem[%X]: %p %sIRP_MJ_CREATE_NAMED_PIPEUnknown fltmgr: FrameList %X FilterSize %X cbn %XUnknown fltmgr: FrameList %X FilterSize %XFltMgr: index %dFRAME[%d] %p%s: %pNormalizeNameComponent: %p %sNormalizeContextCleanup: %p %sPreOperation: %p %sPostOperation: %p %scheck_ks: cannot read size of ks list, error %d, ntstatus %Xcheck_ks: cannot read size of ks list, error %dks count: %Xcheck_ks: cannot alloc %X bytescheck_ks: cannot read ks list, error %d, ntstatus %Xcheck_ks: cannot read ks list, error %dks[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XChangeAccountPasswordImportSecurityContextExportSecurityContextgKsecpBCryptExtension: %p %sgKsecpSslExtension: %p %sSecTable.%s patched %p %sdxg.sysdxgkrnl.sysWin32kCallout: %p %sSessionStartCallout: %p %sKTIMER %p DPC %p DefRoutine %p %sCannot find KPRCB.DpcRoutineActiveUnknown KPRCB: DpcRoutineActive %X WorkerRoutine %XUnknown KPRCB: DpcRoutineActive %XProcessor %d:KTIMERS[%d]: %XPatched %s %X by %sPatched ord.%d %X by %sPatched %s %XPatched ord.%d %XPatched %s by %sPatched ord.%d by %sPatched %sPatched ord.%dException %X occured during EAT checking of %scheck_module_iat(%s) - cannot find exports for %scheck_module_iat(%s): zeroed ImportLookUp, cannot check importCannot find ordinal %X in module %s (%s) in import table of %sCannot find symbol %s in module %s (%s) in import table of %s(%s) %s.%s hooked in %s: my IAT %p, must be %p(%s) %s.%d hooked in %s: my IAT %p, must be %papfn %s patched by %s, addr %papfn[%d] patched by %s, addr %papfn %s patched, addr %papfn[%d] patched, addr %p%s%s!%s patched by %s, addr %p%s%s![%d] patched by %s, addr %p%s%s!%s patched, addr %p%s%s![%d] patched, addr %pLSA SP %s has %d patched functions in SECPKG_FUNCTION_TABLE:PID %d: LSA SP %s has %d patched functions in SECPKG_USER_FUNCTION_TABLE:PID %d: LSA SP %s has %d patched functions in CallPackageDispatch:ole32 hooked by %sCannot relocate section %s!%sException %X occured on checking %s!%sModule %s!%s has %X patched bytes !Exception %X occured on check_module_iat(%s)MyModule: %p %s%SystemRoot%\System32\ncrypt.dll%SystemRoot%\System32\ntdsa.dll%SystemRoot%\System32\kernelbase.dll%SystemRoot%\System32\kernel32.dll%SystemRoot%\System32\user32.dll%SystemRoot%\System32\umpnpmgr.dll%SystemRoot%\System32\combase.dll%SystemRoot%\System32\ole32.dll%SystemRoot%\System32\imm32.dll%SystemRoot%\System32\rpcrt4.dll%SystemRoot%\System32\mswsock.dll%SystemRoot%\System32\advapi32.dll%SystemRoot%\System32\cryptbase.dll%SystemRoot%\System32\apisetschema.dllread_ndis_oid_handlers failed, returned %d bytes, error %d, ntstatus %Xread_ndis_oid_handlers failed, returned %d bytes, error %d[%X] %s: post %p %s[%X] %s: pre %p %s[%X] %s: pre %p (%s) post %p (%s)[%X] %X: post %p %s[%X] %X: pre %p %s[%X] %X: pre %p (%s) post %p (%s)read_tcp_off_handlers failed, returned %d bytes, error %d, ntstatus %Xread_tcp_off_handlers failed, returned %d bytes, error %dTcpOfflineHandlers:TcpOffloadEventIndicate: %p %sTcpOffloadReceiveIndicate: %p %sTcpOffloadSendComplete: %p %sTcpOffloadReceiveComplete: %p %sTcpOffloadDisconnectComplete: %p %sTcpOffloadForwardComplete: %p %sCannot alloc %X bytes from reading filter blockread_ndis_filter_block: len %d, returned %d bytes, error %d, ntstatus %Xread_ndis_filter_block: len %d, returned %d bytes, error %dcheck_ndis - reading of TDI callback failed, error %d, ntstatus %Xcheck_ndis - reading of TDI callback failed, error %dcheck_ndis - reading of TDI PnP handler failed, error %d, ntstatus %Xcheck_ndis - reading of TDI PnP handler failed, error %dTDI callback %p patched by %sTDI PnP handler %p patched by %scheck_ndis - reading of providers count failed, error %d, ntstatus %Xcheck_ndis - reading of providers count failed, error %dcheck_ndis: %d providerscheck_ndis: cannot alloc %X bytesCannot store provider_block %p (%d)check_ndis: stored %d provider_blockscheck_ndis - reading of interfaces count failed, error %d, ntstatus %Xcheck_ndis - reading of interfaces count failed, error %dcheck_ndis: %d interfaces, size of miniport %XInterface[%d]:check_ndis - reading of protocols count failed, error %d, ntstatus %Xcheck_ndis - reading of protocols count failed, error %dcheck_ndis: %d protocols, size of protocol %Xcheck_ndis: stored %d protocolscheck_ndis - reading of minidrivers count failed, error %d, ntstatus %Xcheck_ndis - reading of minidrivers count failed, error %dcheck_ndis: %d minidrivers, size of minidriver %X, sizeof(ndis50) %X, sizeof(ndis52) %XCannot store minidriver %d (%p)Stored %d mini-driverscheck_ndis - reading of miniports count failed, error %d, ntstatus %Xcheck_ndis - reading of miniports count failed, error %dcheck_ndis: %d miniports, size of miniport %Xcheck_ndis: read %d miniports, total %XMiniport[%d] %p:check_ndis: stored %d miniports, sizeof(miniport_block_w7) %Xcheck_ndis - reading of open_blocks count failed, error %d, ntstatus %Xcheck_ndis - reading of open_blocks count failed, error %dcheck_ndis: %d open_blocks, size of open_block %Xcheck_ndis: read %d open_blocks, total %XOpen_Block[%d]:Cannot store open_block %p (%d)check_ndis: stored %d open_blockscheck_ndis - reading of filter_drivers count failed, error %d, ntstatus %Xcheck_ndis - reading of filter_drivers count failed, error %dcheck_ndis: %d filter_drivers, size of open_block %Xcheck_ndis: read %d filter_drivers, total %XFilterDriver[%d]:check_ndis: stored %d filter_drivers, %d filter_blocksPassiveread_punicode_string failed, len %d, returned %d bytes, error %d, ntstatus %Xread_punicode_string failed, len %d, returned %d bytes, error %dCannot read NDIS_MINIPORT_INTERRUPT %pNDIS_MINIPORT_INTERRUPT:MiniportIsr: %p %sMiniportDpc: %p %sCannot read NDIS_MINIPORT_INTERRUPT_CHARACTERISTICS %pNDIS_MINIPORT_INTERRUPT_CHARACTERISTICS:InterruptHandler: %p %sInterruptDpcHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sMessageInterruptHandler: %p %sMessageInterruptDpcHandler: %p %sDisableMessageInterruptHandler: %p %sEnableMessageInterruptHandler: %p %sMiniportIsr: %p %sMiniportDpc: %p %sMiniportMessageIsr: %p %sMiniportMessageInterruptDpc: %p %sMiniportIsr: %p %sMiniportDpc: %p %sMiniportEnableInterrupt: %p %sMiniportDisableInterrupt: %p %sMiniportMessageIsr: %p %sMiniportMessageInterruptDpc: %p %sMiniportDisableMessageInterrupt: %p %sMiniportEnableMessageInterrupt: %p %sNDIS Protocol[%d]: %SMajorNdisVersion %dMinorNdisVersion %dFlags %XOpenAdapterCompleteHandler: %p %sCloseAdapterCompleteHandler: %p %sSendCompleteHandler: %p %sTransferDataCompleteHandler: %p %sResetCompleteHandler: %p %sRequestCompleteHandler: %p %sReceiveHandler: %p %sReceiveCompleteHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sReceivePacketHandler: %p %sBindAdapterHandler: %p %sUnbindAdapterHandler: %p %sPnPEventHandler: %p %sUnloadHandler: %p %sCoSendCompleteHandler: %p %sCoStatusHandler: %p %sCoReceivePacketHandler: %p %sCoAfRegisterNotifyHandler: %p %sMajorNdisVersion %dMinorNdisVersion %dMajorDriverVersion %dMinorDriverVersion %dFlags %XIsIPv4 %dIsIPv6 %dIsNdisTest6 %dBindAdapterHandlerEx: %p %sUnbindAdapterHandlerEx: %p %sOpenAdapterCompleteHandlerEx: %p %sCloseAdapterCompleteHandlerEx: %p %sPnPEventHandler: %p %sUnloadHandler: %p %sUninstallHandler: %p %sRequestCompleteHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sReceiveNetBufferListsHandler: %p %sSendNetBufferListsCompleteHandler: %p %sCoStatusHandler: %p %sCoAfRegisterNotifyHandler: %p %sCoReceiveNetBufferListsHandler: %p %sCoSendNetBufferListsCompleteHandler: %p %sOpenAdapterCompleteHandler: %p %sCloseAdapterCompleteHandler: %p %sSendCompleteHandler: %p %sTransferDataCompleteHandler: %p %sResetCompleteHandler: %p %sReceiveHandler: %p %sReceiveCompleteHandler: %p %sReceivePacketHandler: %p %sBindAdapterHandler: %p %sUnbindAdapterHandler: %p %sCoSendCompleteHandler: %p %sCoReceivePacketHandler: %p %sOidRequestCompleteHandler: %p %sInitiateOffloadCompleteHandler: %p %sTerminateOffloadCompleteHandler: %p %sUpdateOffloadCompleteHandler: %p %sInvalidateOffloadCompleteHandler: %p %sQueryOffloadCompleteHandler: %p %sIndicateOffloadEventHandler: %p %sTcpOffloadSendCompleteHandler: %p %sTcpOffloadReceiveCompleteHandler: %p %sTcpOffloadDisconnectCompleteHandler: %p %sTcpOffloadForwardCompleteHandler: %p %sTcpOffloadEventHandler: %p %sTcpOffloadReceiveIndicateHandler: %p %sUnknown NDIS Type %X and Size %XDirectOidRequestCompleteHandler: %p %sAllocateSharedMemoryHandler: %p %sFreeSharedMemoryHandler: %p %sUnknown ndis protocol size: %XNDIS MiniDriver[%d] %pMajorNdisVersion: %dMinorNdisVersion: %dCheckForHangHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sHaltHandler %p %sHandleInterruptHandler: %p %sInitializeHandler: %p %sISRHandler: %p %sQueryInformationHandler: %p %sReconfigureHandler: %p %sResetHandler: %p %sSendHandler: %p %sSetInformationHandler: %p %sTransferDataHandler: %p %sReturnPacketHandler: %p %sSendPacketsHandler: %p %sAllocateCompleteHandler: %p %sCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendPacketsHandler: %p %sCoRequestHandler: %p %sCheckForHangHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sHaltHandler %p %sHandleInterruptHandler: %p %sInitializeHandler: %p %sISRHandler: %p %sQueryInformationHandler: %p %sReconfigureHandler: %p %sResetHandler: %p %sSendHandler: %p %sSetInformationHandler: %p %sTransferDataHandler: %p %sReturnPacketHandler: %p %sSendPacketsHandler: %p %sAllocateCompleteHandler: %p %sCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendPacketsHandler: %p %sCoRequestHandler: %p %sCancelSendPacketsHandler: %p %sPnPEventNotifyHandler: %p %sAdapterShutdownHandler: %p %sCheckForHangHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sHaltHandler %p %sHandleInterruptHandler: %p %sInitializeHandler: %p %sISRHandler: %p %sQueryInformationHandler: %p %sReconfigureHandler: %p %sResetHandler: %p %sSendHandler: %p %sSetInformationHandler: %p %sTransferDataHandler: %p %sReturnPacketHandler: %p %sSendPacketsHandler: %p %sAllocateCompleteHandler: %p %sCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendPacketsHandler: %p %sCoRequestHandler: %p %sCancelSendPacketsHandler: %p %sPnPEventNotifyHandler: %p %sAdapterShutdownHandler: %p %sISRHandlerEx: %p %sHandleInterruptHandlerEx: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sReturnPacketsHandlerEx: %p %sRequestTimeoutDpcHandler: %p %sMajorNdisVersion: %dMinorNdisVersion: %dMajorDriverVersion: %dMinorDriverVersion: %dFlags: %XSetOptionsHandler: %p %sInitializeHandlerEx: %p %sHaltHandlerEx: %p %sUnloadHandler: %p %sPauseHandler: %p %sRestartHandler: %p %sOidRequestHandler: %p %sSendNetBufferListsHandler: %p %sReturnNetBufferListsHandler: %p %sCancelSendHandler: %p %sCheckForHangHandlerEx: %p %sResetHandlerEx: %p %sDevicePnPEventNotifyHandler: %p %sShutdownHandlerEx: %p %sCancelOidRequestHandler: %p %sDirectOidRequestHandler: %p %sCancelDirectOidRequestHandler: %p %sNDIS MiniPort[%d] %pState: %sMediaType: %sAdapterType: %sDefaultSendAuthorizationState: %sDefaultRcvAuthorizationState: %sDefaultPortSendAuthorizationState: %sDefaultPortRcvAuthorizationState: %sNextCancelSendNetBufferListsHandler: %p %sPacketIndicateHandler: %p %sSendCompleteHandler: %p %sSendResourcesHandler: %p %sResetCompleteHandler: %p %sDisableInterruptHandler: %p %sEnableInterruptHandler: %p %sSendPacketsHandler: %p %sDeferredSendHandler: %p %sEthRxIndicateHandler: %p %sNextSendNetBufferListsHandler: %p %sEthRxCompleteHandler: %p %sSavedNextSendNetBufferListsHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sTDCompleteHandler: %p %sQueryCompleteHandler: %p %sSetCompleteHandler: %p %sWanSendCompleteHandler: %p %sWanRcvHandler: %p %sWanRcvCompleteHandler: %p %sSendNetBufferListsCompleteHandler: %p %sWSendPacketsHandler: %p %sNextSendPacketsHandler: %p %sFinalSendPacketsHandler: %p %sTopIndicateNetBufferListsHandler: %p %sTopIndicateLoopbackNetBufferListsHandler: %p %sNdis5PacketIndicateHandler: %p %sMiniportReturnPacketHandler: %p %sSynchronousReturnPacketHandler: %p %sTopNdis5PacketIndicateHandler: %p %sAllocateSharedMemoryHandler: %p %sFreeSharedMemoryHandler: %p %sSetBusData: %p %sGetBusData: %p %sNoFilter.CancelSendHandler %p %sNoFilter.SendNetBufferListsCompleteHandler %p %sNoFilter.IndicateNetBufferListsHandler %p %sNoFilter.SaveIndicateNetBufferListsHandler %p %sNoFilter.ReturnNetBufferListsHandler %p %sNoFilter.SendNetBufferListsHandler %p %sNext.CancelSendHandler %p %sNext.SendNetBufferListsCompleteHandler %p %sNext.IndicateNetBufferListsHandler %p %sNext.SaveIndicateNetBufferListsHandler %p %sNext.ReturnNetBufferListsHandler %p %sNext.SendNetBufferListsHandler %p %sName: %SBaseName: %SSymbolicLinkName: %SNextCancelSendNetBufferListsHandler %p %sTrRxIndicateHandler: %p %sTrRxCompleteHandler: %p %sIndicateNetBufferListsHandler: %p %sNextReturnNetBufferLists: %p %sSavedIndicateNetBufferListsHandler: %p %sSavedPacketIndicateHandler: %p %sShutdownHandler: %p %sNDIS MiniPort[%d] %SBusType: %sPacketIndicateHandler: %p %sSendCompleteHandler: %p %sSendResourcesHandler: %p %sResetCompleteHandler: %p %sDeferredSendHandler: %p %sEthRxIndicateHandler: %p %sTrRxIndicateHandler: %p %sFddiRxIndicateHandler: %p %sEthRxCompleteHandler: %p %sTrRxCompleteHandler: %p %sFddiRxCompleteHandler: %p %sStatusHandler: %p %sStatusCompleteHandler: %p %sTDCompleteHandler: %p %sQueryCompleteHandler: %p %sSetCompleteHandler: %p %sWanSendCompleteHandler: %p %sWanRcvHandler: %p %sWanRcvCompleteHandler: %p %sAdapterInstanceName: %SOpenBlock [%d] %pRootName: %SBindName: %SProtocolMajorVersion: %XNextSendHandler: %p %sNextReturnNetBufferListsHandler: %p %sSendHandler: %p %sTransferDataHandler: %p %sWanReceiveHandler: %p %sSendPacketsHandler: %p %sResetHandler: %p %sRequestHandler: %p %sOidRequestHandler: %p %sWSendHandler: %p %sWTransferDataHandler: %p %sWSendPacketsHandler: %p %sCancelSendPacketsHandler: %p %sProtSendNetBufferListsComplete: %p %sNextSendNetBufferListsComplete: %p %sReceiveNetBufferLists: %p %sSavedSendNBLHandler: %p %sSavedSendPacketsHandler: %p %sSavedCancelSendPacketsHandler: %p %sSavedSendHandler: %p %sNdis5WanSendHandler: %p %sProtSendCompleteHandler: %p %sOidRequestCompleteHandler %p %sOpenFlags: %XDirectOidRequestHandler: %p %sRootName: %SBindName: %SFlags: %XSendHandler: %p %sWanSendHandler: %p %sTransferDataHandler: %p %sWanReceiveHandler: %p %sSendPacketsHandler: %p %sResetHandler: %p %sRequestHandler: %p %sWSendHandler: %p %sWTransferDataHandler: %p %sWSendPacketsHandler: %p %sCancelSendPacketsHandler: %p %sFlags %XMtu %XPromiscuousMode %dAccessType %sDirectionType %sConnectionType %sMediaType %sMediaConnectState %sAdminStatus %sOperStatus %sInterfaceGuid %sNetworkGuid %sifIndex %XifDescr %SifAlias %SFilterDriverCharacteristics[%d]:FriendlyName: %SUniqueName: %SServiceName: %SSetOptionsHandler: %p %sSetFilterModuleOptionsHandler: %p %sAttachHandler: %p %sDetachHandler: %p %sRestartHandler: %p %sPauseHandler: %p %sSendNetBufferListsHandler: %p %sSendNetBufferListsCompleteHandler: %p %sCancelSendNetBufferListsHandler: %p %sReceiveNetBufferListsHandler: %p %sReturnNetBufferListsHandler: %p %sOidRequestHandler: %p %sOidRequestCompleteHandler: %p %sCancelOidRequestHandler: %p %sDevicePnPEventNotifyHandler: %p %sNetPnPEventHandler: %p %sStatusHandler: %p %sDirectOidRequestHandler: %p %sDirectOidRequestCompleteHandler: %p %sCancelDirectOidRequestHandler: %p %sInterfaceGuid: %sFilterState: %sNextSendNetBufferListsHandler: %p %sNextSendNetBufferListsCompleteHandler: %p %sNextIndicateReceiveNetBufferListsHandler: %p %sNextReturnNetBufferListsHandler: %p %sNextCancelSendNetBufferListsHandler: %p %sSetFilterModuleOptionalHandlers: %p %sOidRequestHandler: %p %sOidRequestCompleteHandler: %p %sCancelRequestHandler: %p %sDevicePnPEventNotifyHandler: %p %sNetPnPEventHandler: %p %sStatusHandler: %p %sFilterSendNetBufferListsHandler: %p %sFilterIndicateReceiveNetBufferListsHandler: %p %sFilterCancelSendNetBufferListsHandler: %p %sInitiateOffloadCompleteHandler: %p %sTerminateOffloadCompleteHandler: %p %sUpdateOffloadCompleteHandler: %p %sInvalidateOffloadCompleteHandler: %p %sQueryOffloadCompleteHandler: %p %sIndicateOffloadEventHandler: %p %sTcpOffloadSendCompleteHandler: %p %sTcpOffloadReceiveCompleteHandler: %p %sTcpOffloadDisconnectCompleteHandler: %p %sTcpOffloadForwardCompleteHandler: %p %sTcpOffloadEventHandler: %p %sTcpOffloadReceiveIndicateHandler: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sDirectOidRequestHandler: %p %sDirectOidRequestCompleteHandler: %p %sCancelDirectOidRequestHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sProvider[%d]: %pQueryObjectHandler: %p %sSetObjectHandler: %p %sFilterDriverBlock[%d]InitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sClCreateVcHandler: %p %sClDeleteVcHandler: %p %sClOidRequestHandler: %p %sClOidRequestCompleteHandler: %p %sClOpenAfCompleteHandlerEx: %p %sClCloseAfCompleteHandler: %p %sClRegisterSapCompleteHandler: %p %sClDeregisterSapCompleteHandler: %p %sClMakeCallCompleteHandler: %p %sClModifyCallQoSCompleteHandler: %p %sClCloseCallCompleteHandler: %p %sClAddPartyCompleteHandler: %p %sClDropPartyCompleteHandler: %p %sClIncomingCallHandler: %p %sClIncomingCallQoSChangeHandler: %p %sClIncomingCloseCallHandler: %p %sClIncomingDropPartyHandler: %p %sClCallConnectedHandler: %p %sClNotifyCloseAfHandler: %p %sCmCreateVcHandler: %p %sCmDeleteVcHandler: %p %sCmOpenAfHandler: %p %sCmCloseAfHandler: %p %sCmRegisterSapHandler: %p %sCmDeregisterSapHandler: %p %sCmMakeCallHandler: %p %sCmCloseCallHandler: %p %sCmIncomingCallCompleteHandler: %p %sCmAddPartyHandler: %p %sCmDropPartyHandler: %p %sCmActivateVcCompleteHandler: %p %sCmDeactivateVcCompleteHandler: %p %sCmModifyCallQoSHandler: %p %sCmOidRequestHandler: %p %sCmOidRequestCompleteHandler: %p %sCmNotifyCloseAfCompleteHandler: %p %sDriverVersion: %XCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendNetBufferListsHandler: %p %sCoRequestHandler: %p %sCoOidRequestHandler: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sAddDeviceHandler: %p %sRemoveDeviceHandler: %p %sFilterResourceRequirementsHandler: %p %sStartDeviceHandler: %p %sServiceName: %SCoCreateVcHandler: %p %sCoDeleteVcHandler: %p %sCoActivateVcHandler: %p %sCoDeactivateVcHandler: %p %sCoSendNetBufferListsHandler: %p %sCoRequestHandler: %p %sCoOidRequestHandler: %p %sInitiateOffloadHandler: %p %sTerminateOffloadHandler: %p %sUpdateOffloadHandler: %p %sInvalidateOffloadHandler: %p %sQueryOffloadHandler: %p %sTcpOffloadSendHandler: %p %sTcpOffloadReceiveHandler: %p %sTcpOffloadDisconnectHandler: %p %sTcpOffloadForwardHandler: %p %sTcpOffloadReceiveReturnHandler: %p %sAddDeviceHandler: %p %sRemoveDeviceHandler: %p %sFilterResourceRequirementsHandler: %p %sStartDeviceHandler: %p %sOpenNDKAdapterHandler: %p %sCloseNDKAdapterHandler: %p %sIdleNotificationHandler: %p %sCancelIdleNotificationHandler: %p %sAllocateNetBufferListForwardingContextHandler: %p %sFreeNetBufferListForwardingContextHandler: %p %sAddNetBufferListDestinationHandler: %p %sSetNetBufferListSourceHandler: %p %sGrowNetBufferListDestinationsHandler: %p %sGetNetBufferListDestinationsHandler: %p %sUpdateNetBufferListDestinationsHandler: %p %sCopyNetBufferListInfoHandler: %p %sReferenceSwitchNicHandler: %p %sDereferenceSwitchNicHandler: %p %sReferenceSwitchPortHandler: %p %sDereferenceSwitchPortHandler: %p %sReportFilteredNetBufferListsHandler: %p %sImageName: %SSetNetBufferListSwitchContextHandler: %p %sGetNetBufferListSwitchContextHandler: %p %snetio legacy handler %p %sread netio legacy handler failed, error %d, status %Xread netio legacy handler failed, error %d%p %sread netio WfpNblInfoDispTable failed, error %d, status %Xread netio WfpNblInfoDispTable failed, error %dnetio MacShim %p %sWfpShim[%d] %p %sUnknown WFP callout size %dWFP callout[%d]:ClassifyCallback: %p %sNotifyCallback: %p %suFlowDeleteFunction: %p %sException %X on sysptr seed reading at %pDecode system scheme - %sDecode scheme - %sCannot read my process cookie, error %XTrace[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X (%p) %sTrace[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X %pSystemFunction%3.3d (%p) %sPFNCLIENT.%s patched by %s (%p)PFNCLIENT.%s patched %pcheck_user32_pfnclient: exception %X occuredPFNCLIENTWORKER.%s patched by %s (%p)PFNCLIENTWORKER.%s patched %pConsoleCtrlHandler[%d]: %s (%p)ConsoleCtrlHandler[%d]: %p UNKNOWNConsoleCtrlHandler: %s (%p)UnhandledExceptionFilter: %s (%p)ShimModule: %s (%p)RtlpStartThreadFunc: %s (%p)RtlpExitThreadFunc: %s (%p)RtlpUnhandledExceptionFilter: %s (%p)RtlSecureMemoryCacheCallback: %s (%p)TppLogpRoutine: %s (%p)CsrServerApiRoutine: %s (%p)LdrpManifestProberRoutine: %s (%p)LdrpCreateActCtxLanguage: %s (%p)LdrpReleaseActCtx: %s (%p)LdrpAppCompatDllRedirectionCallbackFunction: %s (%p)%s%s!%s patched by %s (addr %p)%s%s.%d patched by %s (addr %p)%s%s.%d patched, addr %pPID %d trace callbacks: %dTrace[%d] %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X %p %sProcess PID %d has the same token as system process: %p !!!Process PID %d token: %p%p %s %8X%p %s %8XCheckProc: cannot get modules list for PID %d (%S), error %d, ntstatus %XCheckProc: cannot get modules list for PID %d (%S), error %dCheckProcess PID %d (%S):PEB.PostProcessInitRoutine: %p %sPEB.PostProcessInitRoutine: %p UNKNOWNPEB.pShimData: %pPEB.AppCompat: %pPEB.FastPebLockRoutine: %p %sPEB.FastPebLockRoutine: %p UNKNOWNPEB.FastPebUnlockRoutine: %p %sPEB.FastPebUnlockRoutine: %p UNKNOWNModule: %s at %pCannot read %s, PID %d, error %dPID %d: LSA SP %s has %d patched functions in SECPKG_FUNCTION_TABLE:PID %d: ncrypt has %d patched functionsPID %d: mswsock has %d patched functions in SockProcTablePID %d: mswsock has %d patched functions in NspVectorPID %d: mswsock has %d patched MSAFD functionsSHAREDINFO.aheList: %pPID %d: ntdsa has %d patched functionsPID %d - ole32 hooked by %sPID %d - ole32 hooked by unknown module, addr %pPID %d: rpcrt4 has %d patched functionsPID %d: basesrv has %d patched user functionsPID %d: winsrv has %d patched user functionsPID %d: winsrv has %d patched cons functionsPID %d: lsasrv has %d patched functionsPID %d: lsasrv has %d patched functions in LsapSspiExtensionPID %d: lsasrv has %d patched functions in LsapLookupExtensionPID %d: lsasrv has %d patched functions in LsapLsasrvIfTableCannot alloc %X bytes for EAT checking of %s, PID %dCannot read EAT of %s, PID %dCannot alloc %X bytes for checking section %s of %s, PID %dCannot read section %s content %X bytes of %s, PID %dCannot make section %s of %s, PID %dModule %s section %s has %X patched bytes, PID %dPID %d: user32 has %d patched imm32 functionsPID %d: advapi32 has %d patched functionsPID %d: kernel32 has %d patched functionsShimHandler[%d]: %p %sShimHandler[%d]: %p UNKNOWN, located at %pApplicationRecoveryCallback: %s (%p)%s, PID %d:Cannot alloc %X bytes for IAT checking of %s, PID %dCannot read IAT (size %X at %p) of %s, PID %dCannot find function %s.%s for module %s process %dCannot find function %s.%d for module %s process %dIAT Patched %s.%s in module %s process %d by %sIAT Patched %s.%s in module %s process %d, addr %pIAT Patched %s.%d in module %s process %d by %sIAT Patched %s.%d in module %s process %dCannot alloc %X bytes for delayed IAT checking of %s, PID %dCannot read delayed IAT (size %X at %p) of %s, PID %dCannot find delayed function %s.%s for module %s process %dCannot find delayed function %s.%d for module %s process %dLdrpDllNotificationList: %d%p %sRead %d QueuedWorkerItems:[%d] %p %scheck_drivers_reinit: cannot read size of list, error %d, status %Xcheck_drivers_reinit: cannot read size of list, error %dcheck_drivers_reinit: cannot alloc %X bytescheck_drivers_reinit: cannot read list, error %d, ntstatus %Xcheck_drivers_reinit: cannot read list, error %d[%d] Drv %p %s routine %p %sread_shutdown_notificators: cannot read size of %s, error %d, status %Xread_shutdown_notificators: cannot read size of %s, error %dread_shutdown_notificators: cannot alloc %X bytesread_shutdown_notificators: cannot read %s, error %d, ntstatus %Xread_shutdown_notificators: cannot read %s, error %d[%d] DevObj %p Drv %p (addr %p) %s[%d] DevObj %p Drv %p %sMailSlot: %S, server %d (%S)MailSlot: %S, server %dNamedPipe: %S, server %d (%S)NamedPipe: %S, server %dFlags: %X, server %d (%S)Flags: %X, creator %d, server %dFlags: %X, server %dEndpoints: %dEndpoint %S PID %d (%S):Endpoint %S:RPC controls: %d%S: %S%8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X version %d.%dCannot load kernel %sUnknown scheduler: ReadySummary %X DispatcherReadyListHead %XUnknown scheduler: ReadySummary %X DeferredReadyListHead %XUnknown scheduler: ReadySummary %XReaded %d threads, total %dThread %p ProcID %X ThreadID %X Win32Thread %p %sThread %p ProcID %X ThreadID %X Priority %d Win32Thread %pThread %p ProcID %X ThreadID %X %sThread %p ProcID %X ThreadID %X Priority %dreading count of threads on processor %d failed, error %X%d threadsreading of threads on processor %d failed, error %XScheduler index %dreading count of threads failed, error %Xreading of threads failed, error %XCannot find ETHREAD.ServiceTableUnknown version of ETHREAD, offset %XCannot alloc %X bytes for ProcessesAndThreadsInformationCannot realloc %X bytes for ProcessesAndThreadsInformationProcessesAndThreadsInformation failed, error %Xread_sdt for threadID %X failed, error %d, status %Xread_sdt for threadID %X failed, error %dProcessID %X (%S) ThreadID %X SDT %p %sProcessID %X ThreadID %X SDT %p %sread_thread_token for threadID %X failed, error %d, status %Xread_thread_token for threadID %X failed, error %dProcessID %X (%S) ThreadID %X token %p ImpersonationLevel %dProcessID %X ThreadID %X token %p ImpersonationLevel %dCannot detect ETHREAD.StartAddressUnknown kernel %s, StartAddress %X, IrpList %X, StackLimit %X, StackBase %XUnknown kernel %s, StartAddress %X, StackLimit %X, StackBase %XUnknown kernel %s, StartAddress %X, IrpList %XUnknown kernel %s, StartAddress %XCannot read count of system threads, ntstatus %XCannot alloc %d bytesCannot read system threads, ntstatus %X%d System ThreadsThread %p Start %p %c stack %p limit %p %sread IPSec status failed, error %d, status %Xread IPSec status failed, error %dIPSec status %XIPSecHandler: %p %sIPSecQueryStatus: %p %sIPSecSendCmplt: %p %sIPSecNdisStatus: %p %sIPSecRcvFWPacket: %p %scheck_tdi_pnp_clnts: cannot read size of clnts list, error %d, ntstatus %Xcheck_tdi_pnp_clnts: cannot read size of clnts list, error %dcheck_tdi_pnp_clnts: cannot alloc %X bytescheck_tdi_pnp_clnts: cannot read clnts list, error %d, ntstatus %Xcheck_tdi_pnp_clnts: cannot read clnts list, error %dTDI PnP clients: %d (readed %d)[%d]: version %X %SPnPPowerHandler: %p %sBindHandler: %p %sUnBindHandler: %p %sAddAddressHandler: %p %sDelAddressHandler: %p %sMicrosoft-Windows-Windows Firewall With Advanced SecurityMicrosoft-Windows-Kernel-BootMicrosoft-Windows-EQoSMicrosoft-Windows-XWizardsASP.NET EventsMicrosoft-Windows-UIRibbonMicrosoft-Windows-WPD-CompositeClassDriverMicrosoft-Windows-Wired-AutoConfigMicrosoft-Windows-PrintServiceMicrosoft-Windows-ApplicationExperience-LookupServiceTriggerMicrosoft-Windows-IDCRLMicrosoft-Windows-MPS-DRVMicrosoft-Windows-P2P-MeshMicrosoft-Windows-TabletPC-MathRecognizerMicrosoft-Windows-Spell-CheckingMicrosoft-Windows-FaxMicrosoft-Windows-GroupPolicyMicrosoft-Windows-CrashdumpMicrosoft-Windows-PrintSpoolerMicrosoft-Windows-LanguagePackSetupMicrosoft-Windows-OneXMicrosoft-Windows-OfflineFiles-CscApiMicrosoft-Windows-ADSIMicrosoft-Windows-Dhcp-ClientMicrosoft-Windows-CertificateServicesClient-AutoEnrollmentMicrosoft-Windows-NlaSvcMicrosoft-Windows-Diagnosis-MSDEMicrosoft-Windows-SpoolerWin32SPLMicrosoft-Windows-SPB-ClassExtensionMicrosoft-Windows-Kernel-MemoryMicrosoft-Windows-Application Server-ApplicationsMicrosoft-Windows-MUIMicrosoft-Windows-P2P-CollabMicrosoft-Windows-Security-NetlogonMicrosoft-Windows-SQM-EventsMicrosoft-Windows-USB-USBPORTMicrosoft-Windows-SendToMicrosoft-Windows-AITMicrosoft-Windows-P2P-CRPPrintFilterPipelineSvc_ObjectsGuidMicrosoft-Windows-IME-JPPREDMicrosoft-Windows-WMPMicrosoft-Windows-Eqos-SQM-ProviderMSDADIAG.ETWMicrosoft-Windows-Processor-AggregatorMicrosoft-Windows-ErrorReportingConsoleMicrosoft-Windows-SmartCard-TPM-VCard-ModuleMicrosoft-Windows-User Profiles ServiceMicrosoft-Windows-Crypto-CNGMicrosoft-Windows-LinkLayerDiscoveryProtocolMicrosoft-Windows-TaskbarCPLMicrosoft-Windows-Networking-CorrelationMicrosoft-Windows-RestartManagerMicrosoft-Windows-WMPDMCCoreMicrosoft-Windows-TCPIPMicrosoft-Windows-MSDTCMicrosoft-Windows-Resources-MrmBcMicrosoft-Windows-Time-ServiceMicrosoft-Windows-HomeGroup-ProviderServiceMicrosoft-Windows-DriverFrameworks-UserModeMicrosoft-Windows-Runtime-NetworkingMicrosoft-Windows-Network-Connection-BrokerMicrosoft-Windows-Shell-AppWizCplMicrosoft-Windows-PDCMicrosoft-Windows-BiometricsMicrosoft-Windows-IME-SCDICCOMPILERMicrosoft-Windows-WininitMicrosoft-Windows-Dwm-DwmMicrosoft-Windows-Photo-Image-CodecMicrosoft-Windows-TaskSchedulerMicrosoft-Windows-oskMicrosoft-Windows-Kernel-PowerTriggerMicrosoft-Windows-EventLog-WMIProviderMicrosoft-Windows-IME-OEDCompilerMicrosoft-Windows-WER-SystemErrorReportingMicrosoft-Windows-DeplorchMicrosoft-Windows-SPB-HIDI2CMicrosoft-Windows-UxThemeMicrosoft-Windows-BfeTriggerProviderMicrosoft-Windows-Media-StreamingMicrosoft-Windows-Remotefs-UTProviderMicrosoft-Windows-Ntfs-SQMMicrosoft-Windows-User-PnPMicrosoft-Windows-AltTabMicrosoft-Windows-Kernel-StoreMgrMicrosoft-Windows-WindowsColorSystemMicrosoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-TransportMicrosoft-Windows-MSMPEG2ADECMicrosoft-Windows-TerminalServices-PnPDevicesMicrosoft-Windows-GettingStartedMicrosoft-Windows-NarratorWindows Wininit TraceMicrosoft-Windows-FileHistory-UIMicrosoft-Windows-MediaFoundation-PlayAPIMicrosoft-Windows-CertificateServicesClient-Lifecycle-SystemMicrosoft-Windows-BitLocker-Driver-PerformanceMicrosoft-Windows-PerfProcMicrosoft-Windows-Resource-Leak-DiagnosticMicrosoft-Windows-WebServicesMicrosoft-Windows-FileHistory-ServiceMicrosoft-Windows-MediaEngineMicrosoft-Windows-StartupRepairMicrosoft-Windows-Security-IdentityStoreMicrosoft-Windows-IME-SCSettingMicrosoft-Windows-FileHistory-EventListenerMicrosoft-Windows-Program-Compatibility-AssistantMicrosoft-Windows-DesktopActivityModeratorMicrosoft-Windows-MemoryDiagnostics-ScheduleMicrosoft-Windows-FileHistory-EngineMicrosoft-Windows-PerfDiskMicrosoft-Windows-OOBE-Machine-CoreMicrosoft-Windows-WLAN-AutoConfigMicrosoft-Windows-FileHistory-ConfigManagerMicrosoft-Windows-Search-ProfileNotifyMicrosoft-Windows-PerfCtrsUMPass Driver TraceMicrosoft-Windows-FileHistory-CatalogMicrosoft-Windows-WlanDlgMicrosoft-Windows-CDROMMicrosoft-Windows-Crypto-NCryptCertificate Services Client CredentialRoaming TraceMicrosoft-Windows-CredUIWindows Firewall ServiceMicrosoft-Windows-FileHistory-CoreMicrosoft-Windows-Direct3D11Microsoft-Windows-DirectoryServices-DeploymentMicrosoft-Windows-All-User-Install-AgentMicrosoft-Windows-Kernel-Licensing-StartServiceTriggerMicrosoft-Windows-ServerManager-ManagementProviderMicrosoft-Windows-Diagnosis-ScriptedDiagnosticsProviderMicrosoft-Windows-IIS-W3SVC-WPMicrosoft-Windows-TerminalServices-MediaRedirection-DShowMicrosoft-Windows-Rdms-UIMicrosoft-Windows-Feedback-Service-TriggerProviderMicrosoft-Windows-EventlogMicrosoft-Windows-CodeIntegrityMicrosoft-Windows-WPDClassInstallerMicrosoft-Windows-NetworkAccessProtectionMicrosoft-Windows-UIAutomationCoreMicrosoft-Windows-StartLmhostsMicrosoft-Windows-IME-BrokerMicrosoft-Windows-Kernel-ProcessMicrosoft-Windows-CertificateServicesClientMicrosoft-Windows-AppXDeploymentMicrosoft-Windows-Shell-CoreMicrosoft-Windows-Anytime-UpgradeMicrosoft-Windows-PCIMicrosoft-Windows-WPD-MTPBTMicrosoft-Windows-CertificationAuthorityClient-CertCliMicrosoft-Windows-Srv2Microsoft-Windows-TunnelDriver-SQM-ProviderMicrosoft-Windows-Security-Licensing-SLCMicrosoft-Windows-ATAPortMicrosoft-Windows-RecoveryMicrosoft-Windows-GenericRoamingMicrosoft-Windows-Sdbus-SQMMicrosoft-Windows-DirectCompositionMicrosoft-Windows-P2PIMSvcMicrosoft-Windows-WCN-Config-RegistrarMicrosoft-Windows-WPD-APIMicrosoft-Windows-P2P-PNRPMicrosoft-Windows-DeviceUxWindows Mobile Performance HooksMicrosoft-Windows-ProcessStateManagerWindows Connect NowMicrosoft-Windows-Networking-RealTimeCommunicationMicrosoft-Windows-EventSystemMicrosoft-Windows-SpaceportWindows Mobile Remote APIMicrosoft-Windows-Dhcp-Nap-Enforcement-ClientMicrosoft-Windows-WinNatWindows Mobile AirSync Engine 2Microsoft-Windows-WCN-Config-Registrar-SecureWindows Mobile AirSync Engine 1Microsoft-Windows-Security-KerberosWindows Mobile ActiveSync EngineMicrosoft-Windows-WSC-SRVMicrosoft-Windows-Eventlog-ForwardPluginWindows Mobile Serial ConnectivityMicrosoft-Windows-TerminalServices-SessionBroker-ClientMicrosoft-Windows-WMPNSS-PublicAPIWindows Mobile Desktop PassthroughMicrosoft-Windows-RPC-EventsMicrosoft-Windows-LanguageProfileMicrosoft-Windows-Anytime-Upgrade-EventsMicrosoft-Windows-Management-UIMicrosoft-Windows-SMBClientMicrosoft-Windows-TerminalServices-RdpSoundDriverMicrosoft-Windows-Dwm-ApiMicrosoft-Windows-QoS-qWAVEMicrosoft-Windows-Kernel-Tm-TriggerMicrosoft-Windows-IPNATMicrosoft-Windows-NetworkBridgeMicrosoft-Windows-MPS-CLNTMicrosoft-Windows-Diagnosis-ScheduledMicrosoft-Windows-WMPNSS-ServiceMicrosoft-Windows-DxpTaskRingtoneMicrosoft-Windows-Kernel-AppCompatMicrosoft-Windows-TimeBrokerMicrosoft-Windows-DeviceConfidenceMicrosoft-Windows-Shell-ShwebsvcMicrosoft-Windows-Diagnostics-PerformanceWindows NetworkMap TraceMicrosoft-Windows-TerminalServices-PrintersMicrosoft-Windows-AppLockerMicrosoft-Windows-AudioMicrosoft-Windows-LLTD-MapperIOMicrosoft-Windows-HotspotAuthMicrosoft-Windows-Firewall-CPLMicrosoft-Windows-Kernel-IoTraceMicrosoft-Windows-PerflibMicrosoft-Windows-BootUXMicrosoft-Windows-WMPDMCUIMicrosoft-Windows-DiskMicrosoft-Windows-IME-JPLMPMicrosoft-Windows-Security-SPP-UX-NotificationsMicrosoft-Windows-TerminalServices-ClientActiveXCoreMicrosoft-Windows-IIS-IISResetMicrosoft-Windows-WindowsUIImmersiveWindows Firewall Control PanelMicrosoft-Windows-DeviceSetupManagerMicrosoft-Windows-EnrollmentPolicyWebServiceMicrosoft-Windows-IME-RoamingMicrosoft-Windows-SetupQueueMicrosoft-Windows-SmartCard-AuditMicrosoft-Windows-ServicingMicrosoft-Windows-ACL-UIMicrosoft-Windows-WWAN-CFEMicrosoft-Windows-FCRegSvcMicrosoft-Windows-IIS-IisMetabaseAuditMicrosoft-Windows-Kernel-WDIMicrosoft-Windows-TabletPC-MathInputMicrosoft-Windows-Kernel-GeneralWindows Media Player TraceMicrosoft-Windows-DxpTaskDLNAMicrosoft-Windows-User Profiles GeneralMicrosoft-Windows-Kernel-WSService-StartServiceTriggerMicrosoft-Windows-WebAuthMicrosoft-Windows-API-TracingMicrosoft-Windows-FunctionDiscoveryMicrosoft-Windows-StickyNotesMicrosoft-Windows-WCN-WscEapPeer-TraceMicrosoft-Windows-QoS-WMI-DiagMicrosoft-Windows-NetworkProvisioningMicrosoft-Windows-Network-DataUsageMicrosoft-Windows-AppSruProvMicrosoft-Windows-WebcamExperienceMicrosoft-Windows-EaseOfAccessMicrosoft-Windows-Spellchecking-HostMicrosoft-Windows-IME-CandidateUIMicrosoft-Windows-TPM-WMIMicrosoft-Windows-Security-SPPMicrosoft-Windows-DirectShow-KernelSupportMicrosoft-Windows-Diagnosis-AdvancedTaskManagerMicrosoft-Windows-ThemeCPLWindows Mobile Co-installerMicrosoft-Windows-MPRMSGMicrosoft-Windows-EnhancedStorage-EhStorCertDrvMicrosoft-Windows-NdisImPlatformEventProviderMicrosoft-Windows-FunctionDiscoveryHostMicrosoft-Windows-MediaFoundation-MSVideoDSPMicrosoft-Windows-IME-JPTIPWindows Kernel TraceMicrosoft-SQLServerDataToolsMicrosoft-Windows-ASN1Microsoft-Windows-Crypto-BCryptMicrosoft-Windows-HealthCenterCPLMicrosoft-Windows-XAMLMicrosoft-Windows-PDFReaderMicrosoft-Windows-TerminalServices-ServerUSBDevicesMicrosoft-Windows-WWAN-SVC-EVENTSMicrosoft-Windows-Search-ProtocolHandlersMicrosoft-Windows-IdCtrlsMicrosoft-Windows-User-ControlPanelMicrosoft-Windows-Runtime-MediaMicrosoft-Windows-CAPI2Windows Mobile Sync HandlersMicrosoft-Windows-PowerCfgMicrosoft-Windows-SrumTelemetryMicrosoft-Windows-Base-Filtering-Engine-ConnectionsMicrosoft-Windows-SidebarMicrosoft-Windows-NDF-HelperClassDiscoveryMicrosoft-Windows-PerfNetMicrosoft-Windows-PortableDeviceStatusProviderMicrosoft-Windows-TabletPC-Platform-ManipulationsMicrosoft-Windows-Subsys-SMSSMicrosoft-Windows-LDAP-ClientMicrosoft-Windows-Security-SPP-UX-GCMicrosoft-Windows-Media Center ExtenderMicrosoft-Windows-DiskDiagnosticMicrosoft-Windows-TSF-msutbMicrosoft-Windows-Reliability-Analysis-Agent{B6501BA0-C61A-C4E6-6FA2-A4E7F8C8E7A0}Microsoft-Windows-Kernel-Processor-PowerMicrosoft-Windows-NCSIMicrosoft-Windows-NetworkConnectivityStatusMicrosoft-Windows-wmvdecodMicrosoft-Windows-ServiceTriggerPerfEventProviderMicrosoft-Windows-Service Pack InstallerMicrosoft-Windows-Bluetooth-HidGattMicrosoft-Windows-TabletPC-Platform-Input-NinputMicrosoft-Windows-Tcpip-SQM-ProviderMicrosoft-Windows-MPS-SRVMicrosoft-Windows-KnownFoldersMicrosoft-Windows-NAPIPSecEnfMicrosoft-Windows-EnrollmentWebServiceMicrosoft-Windows-Deduplication-ChangeMicrosoft-Windows-OfflineFiles-CscFastSyncMicrosoft-Windows-UxInitMicrosoft-Windows-BranchCacheClientEventProviderMicrosoft-Windows-ForwardingMicrosoft-Windows-RPC-Proxy-LBSMicrosoft-Windows-Kernel-DiskMicrosoft-Windows-TriggerEmulatorProviderMicrosoft-Windows-SystemHealthAgentMicrosoft-Windows-Memory-Diagnostic-Task-HandlerMicrosoft-Windows-Winsock-WS2HELPMicrosoft-Windows-ThemeUIMicrosoft-Windows-TerminalServices-MediaRedirectionMicrosoft-Windows-TerminalServices-ClientUSBDevicesMicrosoft-Windows-TabletPC-CoreInkRecognitionMicrosoft-Windows-COMMicrosoft-Windows-PnPMgrTriggerProviderMicrosoft-Windows-LoadPerfMicrosoft-Windows-System-RestoreMicrosoft-Windows-UserAccountControlMicrosoft-Windows-Services-SvchostMicrosoft-Windows-PushNotifications-DeveloperMicrosoft-Windows-LiveIdMicrosoft-Windows-Security-SPP-UXMicrosoft-Windows-VANMicrosoft-Windows-FirstUX-PerfInstrumentationMicrosoft-Windows-Kernel-TmMicrosoft-Windows-Kernel-ShimEngineMicrosoft-Windows-EapHostMicrosoft-Windows-CertPolEngMicrosoft-Windows-MsLbfoEventProviderMicrosoft-Windows-ComplusMicrosoft-Windows-EFSMicrosoft-Windows-WwaHostMicrosoft-Windows-ServerManagerMicrosoft-Windows-ComDlg32Microsoft-Windows-MP4SDECDMicrosoft-Windows-PeopleNearMeMicrosoft-Windows-SmartCard-Bluetooth-ProfileMicrosoft-Windows-TZUtilMicrosoft-Windows-ApplicationExperience-SwitchBackMicrosoft-Windows-UI-Input-InkingMicrosoft-Windows-VDRVROOTWindows Firewall NetShell PluginWindows Firewall APIMicrosoft-Windows-Kernel-AcpiMicrosoft-Windows-WinRMMicrosoft-Windows-Direct3D10_1Microsoft-Windows-Kernel-LicensingSqmMicrosoft-Windows-SpoolerSpoolssMicrosoft-Windows-FilterManagerMicrosoft-Windows-ActionQueueMicrosoft-Windows-IME-KRAPIMicrosoft-Windows-Resource-Exhaustion-DetectorMicrosoft-Windows-ApplicationExperienceInfrastructureMicrosoft-Windows-StorSqmMicrosoft-Windows-SearchMicrosoft-Windows-HttpEventMicrosoft-Windows-AxInstallServiceMicrosoft-Windows-Diagnosis-PerfHostMicrosoft-Windows-InternationalMicrosoft-Windows-CertificateServicesClient-CredentialRoamingMicrosoft-Windows-SoftwareRestrictionPoliciesMicrosoft-Windows-Windows DefenderMicrosoft-Windows-ShareMedia-ControlPanelMicrosoft-Windows-CertificateServicesClient-Lifecycle-UserMicrosoft-Windows-WPD-MTPUSMicrosoft-Windows-DirectWriteMicrosoft-Windows-RPCSSMicrosoft-Windows-DeviceSyncMicrosoft-Windows-NcdAutoSetupMicrosoft-Windows-Diagnosis-PCWMicrosoft-Windows-DistributedCOMATA Port Driver Tracing ProviderMicrosoft-Windows-WebdavClient-LookupServiceTriggerMicrosoft-Windows-USB-USBXHCIMicrosoft-Windows-Diagnosis-PLAMicrosoft-Windows-WlanConnMicrosoft-Windows-WinlogonMicrosoft-Windows-stobjectMicrosoft-Windows-Mobile-Broadband-Experience-SmsRouterMicrosoft-Windows-D3D10Level9Microsoft-Windows-WAS-ListenerAdapterMicrosoft-Windows-ServerManager-MultiMachineMicrosoft-Windows-AppxPackagingOMMicrosoft-Windows-PushNotifications-PlatformMicrosoft-Windows-OOBE-Machine-Plugins-WirelessMicrosoft-Windows-IME-JPAPISBP2 Port Driver Tracing ProviderMicrosoft-Windows-BranchCacheEventProviderMicrosoft-Windows-Immersive-Shell-APIMicrosoft-Windows-ntshruiMicrosoft-Windows-KPSSVCMicrosoft-Windows-BitLocker-DrivePreparationToolMicrosoft-Windows-EapMethods-SimMicrosoft-Windows-Shell-ZipFolderMicrosoft-Windows-Search-CoreMicrosoft-Windows-OfflineFiles-CscNetApiMicrosoft-Windows-Diagnosis-WDIMicrosoft-Windows-PortableDeviceSyncProviderMicrosoft-Windows-Diagnostics-PerfTrack-CountersMicrosoft-Windows-Speech-TTSMicrosoft-Windows-Component-Resources-MrmCore-EventsMicrosoft-Windows-BranchCacheMicrosoft-Windows-SystemEventsBrokerMicrosoft-Windows-VolumeControlMicrosoft-Windows-Win32kMicrosoft-Windows-Kernel-WHEAMicrosoft-Windows-P2P-MeetingsMicrosoft-Windows-Diagnosis-WDCMicrosoft-Windows-Serial-ClassExtensionMicrosoft-Windows-KPSSVC-WPPMicrosoft-Windows-CertificateServices-DeploymentMicrosoft-Windows-PerfOSMicrosoft-Windows-ResetEngMicrosoft-Windows-Runtime-GraphicsMicrosoft-Windows-IPSEC-SRVMicrosoft-Windows-CorruptedFileRecovery-ServerWindows Mobile Bluetooth ConnectivityMicrosoft-Windows-DLNA-NamespaceMicrosoft-Windows-WLAN-MediaManagerCertificate Services Client TraceMicrosoft-Windows-BranchCacheSMBMicrosoft-Windows-PrintService-USBMonMicrosoft-Windows-OOBE-MachineMicrosoft-Windows-DXPMicrosoft-Windows-Immersive-ShellMicrosoft-Windows-OOBE-Machine-PluginsMicrosoft-Windows-Reliability-Analysis-EngineMicrosoft-Windows-Application-ExperienceMicrosoft-Windows-KdsSvcMicrosoft-Windows-MediaFoundation-PlatformMicrosoft-Windows-Security-Configuration-WizardMicrosoft-Windows-DisplayColorCalibrationWindows Mobile Device Center BaseMicrosoft-Windows-WPD-MTPClassDriverMicrosoft-Windows-DNS-ClientMicrosoft-Windows-MSDTC ClientMicrosoft-Windows-NDIS-PacketCaptureWindows Remote Management TraceMicrosoft-Windows-MSPaintMicrosoft-Windows-HomeGroup-ListenerServiceMicrosoft-Windows-Sensor-Service-TriggerMicrosoft-Windows-EapMethods-TtlsMicrosoft-Windows-Remotefs-SmbMicrosoft-Windows-SMBWitnessClientMicrosoft-Windows-USB-USBHUBMicrosoft-Windows-DirectWrite-FontCacheMicrosoft-Windows-WindowsBackupMicrosoft-Windows-NWiFiMicrosoft-Windows-WER-DiagMicrosoft-Windows-UACMicrosoft-Windows-LUAMicrosoft-Windows-AppIDMicrosoft-Windows-IIS-WMSVCMicrosoft-Windows-Shell-OpenWithMicrosoft-Windows-MediaFoundation-MFReadWriteMicrosoft-Windows-BrokerInfrastructureMicrosoft-Windows-Fault-Tolerant-HeapMicrosoft-Windows-Shell-DefaultProgramsMicrosoft-Windows-Dism-CliMicrosoft-Windows-SMBDirectMicrosoft-Windows-IME-SCTIPMicrosoft-Windows-EnergyEfficiencyWizardMicrosoft-Windows-ParentalControlsMicrosoft-Windows-Smartcard-ServerMicrosoft-Windows-FMSMicrosoft-Windows-Devices-LocationMicrosoft-Windows-LLTD-ResponderMicrosoft-Windows-MsLbfoSysEvtProvidersqlosMicrosoft-Windows-TerminalServices-RemoteConnectionManagerMicrosoft-Windows-SCPNPMicrosoft-Windows-WordpadWMI_Tracing_Client_OperationsMicrosoft-Windows-Security-Audit-Configuration-ClientMicrosoft-Windows-EFSADUWindows Notification Facility ProviderMicrosoft-Windows-DiagCplWindows NetworkItemFactory TraceMicrosoft-Windows-ApplicationExperience-CacheMicrosoft-Windows-ResourcePublicationMicrosoft-Windows-FailoverClustering-ClientMicrosoft-Windows-Runtime-Networking-BackgroundTransferMicrosoft-Windows-AppHostMicrosoft-Windows-NetAdapterCim-DiagMicrosoft-Windows-IIS-FTPMicrosoft-Windows-IphlpsvcMicrosoft-Windows-WinINetMicrosoft-Windows-TabletPC-InputPersonalizationMicrosoft-Windows-SpoolerFilterPipelineSVCMicrosoft-Windows-GlobalizationMicrosoft-Windows-Bits-ClientMicrosoft-Windows-WFPMicrosoft-Windows-ServicesMicrosoft-Windows-IdleTriggerProviderMicrosoft-Windows-DxgKrnlMicrosoft-Windows-HealthCenterMicrosoft-Windows-OtpCredentialProviderEvtMicrosoft-Windows-MemoryDiagnostics-ResultsMicrosoft-Windows-NcasvcMicrosoft-Windows-SystemSettingsMicrosoft-Windows-PDHMicrosoft-Windows-WMPNSSUIMicrosoft-Windows-BdeTriggerProviderMicrosoft-Windows-Diagnostics-PerfTrackMicrosoft-Windows-IIS-APPHOSTSVCMicrosoft-Windows-CoreWindowMicrosoft-Windows-HelpMicrosoft-Windows-WindowsUpdateClientMicrosoft-Windows-IIS-W3SVC-PerfCountersMicrosoft-Windows-WMIMicrosoft-Windows-TabletPC-Platform-Input-WispMicrosoft-Windows-ProcessExitMonitorMicrosoft-Windows-IME-JPSettingMicrosoft-Windows-Diagnosis-ScriptedMicrosoft-Windows-GroupPolicyTriggerProviderFile Kernel Trace; Operation Set 2Microsoft-Windows-IIS-ConfigurationMicrosoft-Windows-Diagnosis-TaskManagerMicrosoft-Windows-Diagnosis-DPSMicrosoft-Windows-UserPnpMicrosoft-Windows-Security-SPP-UX-GenuineCenter-LoggingMicrosoft-Windows-Schannel-EventsNetJoinMicrosoft-Windows-TabletPC-InputPanelMicrosoft-Windows-FileServices-ServerManager-EventProviderMicrosoft-Windows-MediaFoundation-PerformanceMicrosoft-Windows-EndpointTriggerProviderMicrosoft-Windows-IME-KRTIPMicrosoft-Windows-Mobile-Broadband-Experience-SmsApiMicrosoft-Windows-Hyper-V-NetvscMicrosoft-Windows-DirectSoundMicrosoft-Windows-TabletPC-Platform-Input-CoreMicrosoft-Windows-PushNotifications-InProcMicrosoft-Windows-Kernel-NetworkMicrosoft-Windows-DiskDiagnosticResolverMicrosoft-Windows-NdisImPlatformSysEvtProviderMicrosoft-Windows-MeetingSpaceMicrosoft-Windows-Base-Filtering-Engine-Resource-FlowsMicrosoft-Windows-RasServerMicrosoft-Windows-VHDMPMicrosoft-Windows-WindowsSystemAssessmentToolMicrosoft-Windows-DCLocatorMicrosoft-Windows-Diagnosis-MSDTMicrosoft-Windows-WLGPASQLSRV32.1Microsoft-Windows-CertificateServicesClient-CertEnrollMicrosoft-Windows-IME-TCCOREMicrosoft-Windows-SmartCard-Bluetooth-TransportMicrosoft-Windows-WMVENCODMicrosoft-Windows-mobsyncMicrosoft-Windows-EFSTriggerProviderMicrosoft-Windows-DUSERMicrosoft-Windows-DiskDiagnosticDataCollectorMicrosoft-Windows-DirectAccess-MediaManagerMicrosoft-Windows-DisplaySwitchMicrosoft-Windows-PackageStateRoamingMicrosoft-Windows-Crypto-DPAPIMicrosoft-Windows-IME-CustomerFeedbackManagerUIsqlserverMicrosoft-Windows-User-LoaderMicrosoft-Windows-NetworkProfileTriggerProviderMicrosoft-Windows-NetworkProfileWindows Firewall API - GPMicrosoft-Windows-CmiSetupMicrosoft-Windows-SysprepMicrosoft-Windows-WindeployMicrosoft-Windows-SetupMicrosoft-Windows-OobeLdrMicrosoft-Windows-SetupUGCMicrosoft-Windows-AuditMicrosoft-Windows-SetupClMicrosoft-Windows-WinsrvMicrosoft-Windows-WinHttpMicrosoft-Windows-RadioManagerMicrosoft-Windows-Websocket-Protocol-ComponentMicrosoft-Windows-WebIOMicrosoft-Windows-Dwm-CoreMicrosoft-Windows-Registry-SQM-ProviderMicrosoft-Windows-WHEA-LoggerMicrosoft-Windows-PeerToPeerDrtEventProviderMicrosoft-Windows-BitLocker-DriverMicrosoft-Windows-SettingSyncMicrosoft-Windows-Mobile-Broadband-Experience-Api-InternalMicrosoft-Windows-EnhancedStorage-EhStorTcgDrvMicrosoft-Windows-PowerShellMicrosoft-Windows-DirectShow-CoreMicrosoft-Windows-Kernel-PowerMicrosoft-Windows-msmpeg2vencMicrosoft-Windows-MPEG2_DLNA-EncoderMicrosoft-Windows-Remote-FileSystem-LogMicrosoft-Windows-Kernel-PnPMicrosoft-Windows-AppXDeployment-ServerMicrosoft-Windows-Folder RedirectionMicrosoft-Windows-OfflineFiles-CscUMMicrosoft-Windows-ServerManager-DeploymentProviderMicrosoft-Windows-ServiceReportingApiMicrosoft-Windows-StorDiagMicrosoft-Windows-IME-CustomerFeedbackManagerMicrosoft-Windows-Kernel-EventTracingMicrosoft-Windows-Kernel-BootDiagnosticsMicrosoft-Windows-DXGIMicrosoft-Windows-Build-RegDllMicrosoft-Windows-PNRPSvcMicrosoft-Windows-NduMicrosoft-Windows-FirewallMicrosoft-Windows-WcmsvcMicrosoft-Windows-OLEACCMicrosoft-Windows-MSDTC Client 2Microsoft-Windows-InputSwitchMicrosoft-Windows-Runtime-WebAPIMicrosoft-Windows-HALMicrosoft-Windows-International-RegionalOptionsControlPanelMicrosoft-Windows-RPCMicrosoft-Windows-MFH264EncMicrosoft-Windows-SharedAccess_NATMicrosoft-Windows-DeviceAssociationServiceMicrosoft-Windows-Bluetooth-MTPEnumMicrosoft-Windows-BitLocker-API{C5BFFE2E-9D87-D568-A09E-08FC83D0C7C2}Microsoft-Windows-IPMIProviderMicrosoft-Windows-IME-TIPMicrosoft-Windows-WindowsToGo-StartupOptionsMicrosoft-Windows-BackupMicrosoft-Windows-WMP-MediaDeliveryEngineMicrosoft-Windows-PrintBRMMicrosoft-Windows-ServerManager-ConfigureSMRemotingMicrosoft-Windows-Video-For-WindowsMicrosoft-Windows-ClearTypeTextTunerMicrosoft-Windows-Subsys-CsrMicrosoft-Windows-USB-UCXMicrosoft-Windows-RemoteApp and Desktop ConnectionsWindows Winlogon TraceMicrosoft-Windows-RasSstpMicrosoft-Windows-UAC-FileVirtualizationMicrosoft-Windows-ClassicSruMonMicrosoft-Windows-Security-IdentityListenerMicrosoft-Windows-WWAN-MM-EVENTSMicrosoft-Windows-MsiServerMicrosoft-Windows-PhotoAcqMicrosoft-Windows-Power-TroubleshooterMicrosoft-Windows-DxpTaskSyncProviderMicrosoft-Windows-Remotefs-RdbssMicrosoft-Windows-AppIDServiceTriggerMicrosoft-Windows-Kernel-FileMicrosoft-Windows-TSF-msctfMicrosoft-Windows-PowerCplMicrosoft-Windows-LanGPAMicrosoft-Windows-WWAN-MediaManagerMicrosoft-Windows-PrimaryNetworkIconMicrosoft-Windows-OfflineFilesMicrosoft-Windows-UIAnimationMicrosoft-Windows-Security-AuditingMicrosoft-Windows-WCN-Config-Registrar-Wizard-TraceMicrosoft-Windows-WWAN-NDISUIO-EVENTSMicrosoft-Windows-NetworkManagerTriggerProviderMicrosoft-Windows-Winsock-AFDMicrosoft-Windows-Remote-FileSystem-MonitorMicrosoft-Windows-WABSyncProvider.NET Common Language RuntimeMicrosoft-Windows-MSMPEG2VDECMicrosoft-Windows-DateTimeControlPanelWindows Firewall DriverMicrosoft-Windows-IIS-W3SVCMicrosoft-Windows-WWAN-UI-EVENTSMicrosoft-Windows-Speech-UserExperienceMicrosoft-Windows-Dism-ApiMicrosoft-Windows-Store-Client-UIMicrosoft-Windows-CalculatorMicrosoft-Windows-Shell-ConnectedAccountStateMicrosoft-Windows-PrintDialogsMicrosoft-Windows-Network-and-Sharing-CenterMicrosoft-Windows-Crypto-RNGMicrosoft-Windows-MSDTC 2Microsoft-Windows-SpellCheckerMicrosoft-Windows-propsysMicrosoft-Windows-WPD-MTPIPMicrosoft-Windows-DocumentsMicrosoft-Windows-StorPortMicrosoft-Windows-MagnificationMicrosoft-Windows-Shell-AuthUIMicrosoft-Windows-Dwm-RedirMicrosoft-Windows-BTH-BTHUSBMicrosoft-Windows-NtfsMicrosoft-Windows-SensMicrosoft-Windows-UserAccessLoggingMicrosoft-Windows-RemoteDesktopServices-RdpCoreTSMicrosoft-Windows-COM-PerfMicrosoft-Windows-StorageSpaces-BackgroundAgentMicrosoft-Windows-Kernel-PrefetchPortable Device Connectivity API TraceMicrosoft-Windows-RemoteAssistanceMicrosoft-Windows-MFMicrosoft-Windows-MediaFoundation-MSVProcMicrosoft-Windows-TBSMicrosoft-Windows-FeedbackToolMicrosoft-Windows-WlanPrefMicrosoft-Windows-OfflineFiles-CscDclUserMicrosoft-Windows-Http-SQM-ProviderMicrosoft-Windows-Wireless-Network-Setup-Wizard-TraceMicrosoft-Windows-MCTMicrosoft-Windows-HotStartMicrosoft-Windows-Diagnostics-NetworkingMicrosoft-Windows-SensorsMicrosoft-Windows-SmbServerMicrosoft-Windows-USB-USBHUB3Microsoft-Windows-Dot3MMMicrosoft-Windows-KernelStreamingMicrosoft-Windows-Mobile-Broadband-Experience-ApiMicrosoft-Windows-VolumeSnapshot-DriverMicrosoft-Windows-MobilityCenterMicrosoft-Windows-OfflineFiles-CscServiceMicrosoft-Windows-SuperfetchMicrosoft-Windows-IPBusEnumMicrosoft-Windows-MprddmMicrosoft-Windows-Dwm-UdwmMicrosoft-Windows-AppModel-StateMicrosoft-Windows-WCN-FD-Provider-TraceMicrosoft-Windows-Resource-Exhaustion-ResolverMicrosoft-Windows-Iphlpsvc-TraceMicrosoft-Windows-WUSAMicrosoft-Windows-TerminalServices-LocalSessionManagerMicrosoft-Windows-RPC-FirewallManagerMicrosoft-Windows-WCN-Common-TraceMicrosoft-Windows-MediaFoundation-MFCaptureEngineMicrosoft-Windows-ReadyBoostDriverMicrosoft-Windows-DUIMicrosoft-Windows-WMP-Setup_WMMicrosoft-Windows-Direct3D10Microsoft-Windows-DfsSvcMicrosoft-Windows-IME-SCCOREMicrosoft-Windows-NTLMMicrosoft-Windows-VWiFiMicrosoft-Windows-Kernel-PnPConfigMicrosoft-Windows-Winsock-SQMMicrosoft-Windows-SpoolerSpoolSVMicrosoft-Windows-NetshellMicrosoft-Windows-UserModePowerServiceMicrosoft-Windows-HttpServiceHTTP Service TraceMicrosoft-Windows-D3D9Microsoft-Windows-AppModel-RuntimeMicrosoft-Windows-CEIPMicrosoft-Windows-Directory-Services-SAMMicrosoft-Windows-SpoolerTCPMonMicrosoft-Windows-ReadyBoostMicrosoft-Windows-L2NACPMicrosoft-Windows-LLTD-MapperMicrosoft-Windows-DeduplicationMicrosoft-Windows-HomeGroup-ControlPanelMicrosoft-Windows-Mobile-Broadband-Experience-Parser-TaskMicrosoft-Windows-DomainJoinManagerTriggerProviderMicrosoft-Windows-SruMonMicrosoft-Windows-ELS-HyphenationTCPIP Service TraceMicrosoft-Windows-DriverFrameworks-KernelModeMicrosoft-Windows-CorruptedFileRecovery-ClientMicrosoft-Windows-WMI-ActivityMicrosoft-Windows-COMRuntimeMicrosoft-Windows-WASMicrosoft-Windows-WnvMicrosoft-Windows-ShsvcsMicrosoft-Windows-NDISMicrosoft-Windows-WinMDEFile Kernel Trace; Operation Set 1Microsoft-Windows-Proximity-CommonMicrosoft-Windows-Ntfs-UBPMMicrosoft-Windows-Kernel-RegistryMicrosoft-Windows-RemoteDesktopServices-RemoteDesktopSessionManagerMicrosoft-Windows-TunnelDriverMicrosoft-Windows-QoS-PacerMicrosoft-Windows-EventCollectorMicrosoft-Windows-OOBE-Machine-DUIMicrosoft-Windows-IME-TCTIPMicrosoft-Windows-WCNWizMicrosoft-Windows-DisplayMicrosoft-Windows-OcSetupMicrosoft-Windows-DesktopWindowManager-DiagMicrosoft-Windows-FileInfoMinifilterMicrosoft-Windows-TextPredictionEngineMicrosoft-Windows-NetworkGCWMicrosoft-Windows-DHCPv6-ClientMicrosoft-Windows-PlayToManagerNDIS_STATUS_TCP_CONNECTION_OFFLOAD_CURRENT_CONFIGNDIS_STATUS_PORT_STATEMS_Windows_AeLookupServiceTrigger_ProviderMicrosoft_Windows_SQM_ProviderMS_Windows_AIT_ProviderNDIS_TCP_CONNECTION_OFFLOAD_CURRENT_CONFIGNDIS_TCP_OFFLOAD_CURRENT_CONFIGPARPORT_WMI_ALLOCATE_FREE_COUNTS_GUIDNDIS_GEN_ENUMERATE_PORTSGUID_QOS_TC_SUPPORTEDMS1394_PortVendorRegisterAccessGuidiSCSI_PersistentLoginsGuidiSCSI_PortalInfoClassGuidSerailPortPerfGuidPortClsEventUdpIpGuidTcpIpGuidiSCSI_OperationsGuidCTLGUID_usbportNDIS_STATUS_TCP_CONNECTION_OFFLOAD_HARDWARE_CAPABILITIESiSCSI_DiscoveryOperationsGuidSerialPortNameGuidCTLGUID_WebClntTracePOINTER_PORT_WMI_STD_DATA_GUIDKEYBOARD_PORT_WMI_STD_DATA_GUIDMSKeyboard_ClassInformationGuidNDIS_GEN_CO_MEDIA_SUPPORTEDMS_Windows_AeSwitchBack_ProviderSerialPortHWGuidMS_SM_PortInformationMethodsataport_CtlGuidstorport_CtlGuidMS1394_PortDriverInformationGuidBTHPORT_WMI_HCI_PACKET_INFOSerialPortCommGuidiScsiLBOperationsGuidMS_Windows_AeCache_ProviderNDIS_GEN_PORT_STATEWindowsBackup TracingControlGuidWmiMonitorListedSupportedSourceModes_GUIDNDIS_GEN_MEDIA_SUPPORTEDCTLGUID_certpropBTHPORT_WMI_SDP_SERVER_LOG_INFOKEYBOARD_PORT_WMI_EXTENDED_IDiSCSIRedirectPortalGuidNDIS_GEN_PORT_AUTHENTICATION_PARAMETERSBTHPORT_WMI_SDP_DATABASE_EVENTNDIS_TCP_CONNECTION_OFFLOAD_HARDWARE_CAPABILITIESiSCSI_TCPIPConfigGuidSerialPortPropertiesGuidPortCls_IrpProcessingiSCSI_SecurityConfigOperationsGuidNDIS_TCP_OFFLOAD_PARAMETERSPortCls_PowerStateMicrosoft_Windows_GameUxiSCSI_InitiatorLoginStatisticsGuidMS1394_PortErrorInformationGuidPortCls_PinStateCTLGUID_PortClsNDIS_TCP_OFFLOAD_HARDWARE_CAPABILITIESCTRLGUID_MF_PIPELINE.PX`i``.HBS&{%UD(_dump_wmi_guidentries failed, error %d, status %Xdump_wmi_guidentries failed, error %ddump_wmi_guidentries: cannot alloc %X bytes (total %d)dump_wmi_guidentries: read failed, error %d, status %Xdump_wmi_guidentries: read failed, error %dWMI guidentries: total %X readed %X:[%X] %X flag %X refcnt %X - %s[%X] %X flag %X refcnt %X %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2Xdump_wmi_regentries failed, error %d, status %Xdump_wmi_regentries failed, error %ddump_wmi_regentries: cannot alloc %X bytes (total %d)dump_wmi_regentries: read failed, error %d, status %Xdump_wmi_regentries: read failed, error %dWMI regentries: total %X readed %X:[%X] flags %X refcnt %X dev %p prov %X DS %p %s[%X] flags %X refcnt %X cb %p prov %X DS %p %sEtw[%d]:Type %X Index %X InternalCB %p (%s) %sType %X Index %X InternalCB %p %sType %X Index %X InternalCB %p (%s) ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XType %X Index %X InternalCB %p ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2Xdump_Etw: exception occured, code %Xdump_Etws: exception occured, code %XKPRCB.EtwSupport %p:KPRCB[%d].EtwSupport %p:read_kernel_etws count failed, error %d, ntstatus %Xread_kernel_etws count failed, error %dread_kernel_etws: cannot alloc %X bytesread_kernel_etws failed, error %d, ntstatus %Xread_kernel_etws failed, error %dKEtw[%X]:KEtw[%X]: RefCount %d, KProvider - %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XKEtw[%X]: RefCount %d %s[%X] %p %sType %X InUse %d Index %X InternalCB %p (%s) %sType %X InUse %d Index %X InternalCB %p %sType %X InUse %d Index %X InternalCB %p (%s) ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XType %X InUse %d Index %X InternalCB %p ProviderId: %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XEtwCallback[%d] %p %s:EtwCallback[%d]:EtwTrace[%d] %p Ctx %p %s:EtwTrace[%d] %p Ctx %p %s - %8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2XUnknown type %d for Etw[%d]DEVINTERFACE_MT_TRANSPORTDEVINTERFACE_KEYBOARDDEVINTERFACE_COMPORTDEVINTERFACE_VIAMINIPORTDEVINTERFACE_STORAGEPORTDEVINTERFACE_IRPORTcheck_pnp_notifiers failed, error %d, status %Xcheck_pnp_notifiers failed, error %dcheck_pnp_notifiers: cannot alloc %X bytes (total %d)check_pnp_notifiers: read failed, error %d, status %Xcheck_pnp_notifiers: read failed, error %dPnp Notifiers: total %d, readed %dPnp[%d] %p %s %s addr %pPnp[%d] %s %s addr %p %scheck_pnp_handlers failed, error %d, status %Xcheck_pnp_handlers failed, error %dPlugPlayHandlerTable: %d itemsPlugPlayHandlerTable[%d] %p %sPlugPlayHandlerTable[%d] %pcheck_sess_notify, error %d, status %Xcheck_sess_notify, error %dcheck_sess_notify: cannot alloc %X bytes (total %d)check_sess_notify: read failed, error %d, status %Xcheck_sess_notify: read failed, error %dIopSessionNotifications: %dSessionNotifier[%d]: class %d len %X session %p cb %p %scheck_sess_term_ntfs failed, error %d, status %Xcheck_sess_term_ntfs failed, error %dcheck_sess_term_ntfs: cannot alloc %X bytes (total %d)check_sess_term_ntfs: read failed, error %d, status %Xcheck_sess_term_ntfs: read failed, error %dLogonSessionTerminatedRoutines: %d[%d] %p %scheck_fs_changes failed, error %d, status %Xcheck_fs_changes failed, error %dcheck_fs_changes: cannot alloc %X bytes (total %d)check_fs_changes: read failed, error %d, status %Xcheck_fs_changes: read failed, error %dFS Change notifiers: %d (actual %d)DriverObj %p addr %p %sCannot read count for %s, error %dCount of %s is too big - %XCannot read %s table, error %dCannot read entry %d from table of %s, error %dcheck_vista_cmp_list get count failed, error %d, status %Xcheck_vista_cmp_list get count failed, error %dcheck_vista_cmp_list failed, error %d, status %Xcheck_vista_cmp_list failed, error %dcheck_ai_cbs: cannot read ExpDisQueryAttributeInformation, error %d, ntstatus %Xcheck_ai_cbs: cannot read ExpDisQueryAttributeInformation, error %dExpDisQueryAttributeInformation %p %scheck_ai_cbs: cannot read ExpDisSetAttributeInformation, error %d, ntstatus %Xcheck_ai_cbs: cannot read ExpDisSetAttributeInformation, error %dExpDisSetAttributeInformation %p %scheck_dbgk_lkmd: cannot read DbgkLkmd_cblist, error %d, ntstatus %Xcheck_dbgk_lkmd: cannot read DbgkLkmd_cblist, error %dDbgkLkmd[%d] callback %p %scheck_fsrtl: cannot read FltMgrCallbacks, error %d, ntstatus %Xcheck_fsrtl: cannot read FltMgrCallbacks, error %dFltMgrCallbacks: %p %scheck_fsrtl: cannot read FsRtlpMupCalls, error %d, ntstatus %Xcheck_fsrtl: cannot read FsRtlpMupCalls, error %dFsRtlpMupCalls: %p %scheck_Iof: cannot read pIofCallDriver, error %d, ntstatus %Xcheck_Iof: cannot read pIofCallDriver, error %dpIofCallDriver %p patched by %scheck_Iof: cannot read pIofCompleteRequest, error %d, ntstatus %Xcheck_Iof: cannot read pIofCompleteRequest, error %dpIofCompleteRequest %p patched by %scheck_Iof: cannot read pIoAllocateIrp, error %d, ntstatus %Xcheck_Iof: cannot read pIoAllocateIrp, error %dpIoAllocateIrp %p patched by %scheck_Iof: cannot read pIoFreeIrp, error %d, ntstatus %Xcheck_Iof: cannot read pIoFreeIrp, error %dpIoFreeIrp %p patched by %scheck_Iof: cannot read HvlpHypercallCodeVa, error %d, ntstatus %Xcheck_Iof: cannot read HvlpHypercallCodeVa, error %dHvlpHypercallCodeVa %p patched by %s%SystemRoot%\System32\sxssrv.dll%SystemRoot%\System32\csrsrv.dll%SystemRoot%\System32\basesrv.dll%SystemRoot%\System32\winsrv.dll%SystemRoot%\System32\lsasrv.dll%SystemRoot%\System32\ntdll.dllKiDebugRoutine %p hooked by %sPspLegoNotifyRoutine %p hooked by %sKiTimeUpdateNotifyRoutine %p hooked by %sKiSwapContextNotifyRoutine %p hooked by %sKiThreadSelectNotifyRoutine %p hooked by %sSysenter patched, addr %p not in %s !!!Mailslot: %SNamedPipe: %SDEVCLASS_MULTIPORTSERIALDEVCLASS_PORTSDEVCLASS_KEYBOARDDEVCLASS_APMSUPPORTread_dev_chrs(%S) failed, ntstatus %XDrvObj %p name %S %sDrvObj %p nameLen %X %sdev_props failed, status %XClassGUID: %SClassGUID: %S - %sCannot open directory %S, error %XCannot realloc %d bytesCannot open device directory, error %XCannot open driver directory, error %XCannot open FileSystem directory, error %XUnknown HAL private dispatch table version %XHalAcpiTimerInit: %p %sHalAcpiTimerCarry: %p %sHalAcpiMachineStateInit: %p %sHalAcpiQueryFlags: %p %sHalAcpiPicStateIntact: %p %sHalRestoreInterruptControllerState: %p %sHalPciInterfaceReadConfig: %p %sHalPciInterfaceWriteConfig: %p %sHalSetVectorState: %p %sHalGetApicVersion: %p %sHalSetMaxLegacyPciBusNumber: %p %sHalIsVectorValid: %p %sHalAcpiGetTableDispatch: %p %sHalAcpiGetRsdpDispatch: %p %sHalAcpiGetFacsMappingDispatch: %p %sHalAcpiGetAllTablesDispatch: %p %sHalAcpiPmRegisterAvailable: %p %sHalAcpiPmRegisterRead: %p %sHalAcpiPmRegisterWrite: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sKdSetupPciDeviceForDebugging: %p %sKdReleasePciDeviceforDebugging: %p %sKdGetAcpiTablePhase0: %p %sKdCheckPowerButton: %p %sHalVectorToIDTEntry: %p %sKdMapPhysicalMemory64: %p %sKdUnmapVirtualAddress: %p %sHalMmMemoryUsage: %p %sHalAllocateMapRegisters: %p %sKdGetPciDataByOffset: %p %sKdSetPciDataByOffset: %p %sHalGetInterruptVector: %p %sHalGetVectorInput: %p %sHalLoadMicrocode: %p %sHalUnloadMicrocode: %p %sHalMcUpdatePostUpdate: %p %sHalAllocateMessageTarget: %p %sHalFreeMessageTarget: %p %sHalDpReplaceBegin: %p %sHalDpReplaceTarget: %p %sHalDpReplaceControl: %p %sHalDpReplaceEnd: %p %sHalPrepareForBugcheck: %p %sHalQueryWakeTime: %p %sHalReportIdleStateUsage: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sHalAllocateMapRegisters: %p %sKdSetupPciDeviceForDebugging: %p %sKdReleasePciDeviceforDebugging: %p %sKdGetAcpiTablePhase0: %p %sKdCheckPowerButton: %p %sHalVectorToIDTEntry: %p %sKdMapPhysicalMemory64: %p %sKdUnmapVirtualAddress: %p %sKdGetPciDataByOffset: %p %sKdSetPciDataByOffset: %p %sHalGetInterruptVector: %p %sHalGetVectorInput: %p %sHalLoadMicrocode: %p %sHalUnloadMicrocode: %p %sHalMcUpdatePostUpdate: %p %sHalAllocateMessageTarget: %p %sHalFreeMessageTarget: %p %sHalDpReplaceBegin: %p %sHalDpReplaceTarget: %p %sHalDpReplaceControl: %p %sHalDpReplaceEnd: %p %sHalPrepareForBugcheck: %p %sHalQueryWakeTime: %p %sHalReportIdleStateUsage: %p %sHalTscSynchronization: %p %sHalWheaInitProcessorGenericSection: %p %sHalStopLegacyUsbInterrupts: %p %sHalReadWheaPhysicalMemory: %p %sHalWriteWheaPhysicalMemory: %p %sHalDpMaskLevelTriggeredInterrupts: %p %sHalDpUnmaskLevelTriggeredInterrupts: %p %sHalDpGetInterruptReplayState: %p %sHalDpReplayInterrupts: %p %sHalQueryIoPortAccessSupported: %p %sHalHandlerForBus: %p %sHalHandlerForConfigSpace: %p %sHalLocateHiberRanges: %p %sHalRegisterBusHandler: %p %sHalSetWakeEnable: %p %sHalSetWakeAlarm: %p %sHalPciTranslateBusAddress: %p %sHalPciAssignSlotResources: %p %sHalHaltSystem: %p %sHalFindBusAddressTranslation: %p %sHalResetDisplay: %p %sHalAllocateMapRegisters: %p %sKdSetupPciDeviceForDebugging: %p %sKdReleasePciDeviceforDebugging: %p %sKdGetAcpiTablePhase0: %p %sKdCheckPowerButton: %p %sHalVectorToIDTEntry: %p %sKdMapPhysicalMemory64: %p %sKdUnmapVirtualAddress: %p %sKdGetPciDataByOffset: %p %sKdSetPciDataByOffset: %p %sHalGetInterruptVector: %p %sHalGetVectorInput: %p %sHalLoadMicrocode: %p %sHalUnloadMicrocode: %p %sHalMcUpdatePostUpdate: %p %sHalAllocateMessageTarget: %p %sHalFreeMessageTarget: %p %sHalDpReplaceBegin: %p %sHalDpReplaceTarget: %p %sHalDpReplaceControl: %p %sHalDpReplaceEnd: %p %sHalPrepareForBugcheck: %p %sHalQueryWakeTime: %p %sHalReportIdleStateUsage: %p %sHalTscSynchronization: %p %sHalWheaInitProcessorGenericSection: %p %sHalStopLegacyUsbInterrupts: %p %sHalReadWheaPhysicalMemory: %p %sHalWriteWheaPhysicalMemory: %p %sHalInterruptMaskLevelTriggeredLines: %p %sHalInterruptUnmaskLevelTriggeredLines: %p %sHalDpGetInterruptReplayState: %p %sHalDpReplayInterrupts: %p %sHalQueryIoPortAccessSupported: %p %sKdSetupIntegratedDeviceForDebugging: %p %sKdReleaseIntegratedDeviceForDebugging: %p %sHalEnlightenmentInitialize: %p %sHalAllocateEarlyPages: %p %sHalMapEarlyPages: %p %sHalTimerGetClockOwner: %p %sHalTimerGetClockConfiguration: %p %sHalTimerNotifyProcessorFreeze: %p %sHalTimerPrepareProcessorForIdle: %p %sHalDiagRegisterLogRoutine: %p %sHalTimerResumeProcessorFromIdle: %p %sHalTimerResetLastClockTick: %p %sHalVectorToIDTEntryEx: %p %sHalSecondaryInterruptQueryPrimaryInformation: %p %sHalMaskInterrupt: %p %sHalUnmaskInterrupt: %p %sHalIsInterruptTypeSecondary: %p %sHalAllocateGsivForSecondaryInterrupt: %p %sHalAddInterruptRemapping: %p %sHalRemoveInterruptRemapping: %p %sHalSaveAndDisableEnlightenment: %p %sHalRestoreHvEnlightenment: %p %sHalPciEarlyRestore: %p %sHalInterruptGetLocalIdentifier: %p %sHalAllocatePmcCounterSet: %p %sHalCollectPmcCounters: %p %sHalFreePmcCounterSet: %p %sHalTimerQueryCycleCounter: %p %sHalTimerGetNextTickDuration: %p %sHalPciMarkHiberPhase: %p %sHalInterruptQueryProcessorRestartEntryPoint: %p %sHalInterruptRequestSecondaryInterrupt: %p %sHalInterruptEnumerateUnmaskedInterrupts: %p %sHalBiosDisplayReset: %p %sHalGetDmaAdapter: %p %sHalCheckPowerButton: %p %sHalMapPhysicalMemoryWriteThrough64: %p %sHalUnmapVirtualAddress: %p %sHalKdReadPCIConfig: %p %sHalKdWritePCIConfig: %p %sHalTimerQueryWakeTime: %p %sHalTimerReportIdleStateUsage: %p %sHalKdEnumerateDebuggingDevices: %p %sHalFlushIoRectangleExternalCache: %p %sHalPowerEarlyRestore: %p %sHalQueryCapsuleCapabilities: %p %sHalUpdateCapsule: %p %sHalPciMultiStageResumeCapable: %p %scheck_hal_private_disp_table: cannot read table, error %d, ntstatus %Xcheck_hal_private_disp_table: cannot read table, error %dcheck_hal_disp_table: cannot read table, error %d, ntstatus %Xcheck_hal_disp_table: cannot read table, error %dHalQuerySystemInformation: %p %sHalSetSystemInformation: %p %sHalQueryBusSlots: %p %sHalExamineMBR: %p %sHalIoReadPartitionTable: %p %sHalIoSetPartitionInformation: %p %sHalIoWritePartitionTable: %p %sHalReferenceHandlerForBus %p %sHalReferenceBusHandler %p %sHalDereferenceBusHandler %p %sHalInitPnpDriver %p %sHalInitPowerManagement %p %sHalGetDmaAdapter %p %sHalGetInterruptTranslator %p %sHalStartMirroring %p %sHalEndMirroring %p %sHalMirrorPhysicalMemory %p %sHalEndOfBoot %p %sHalMirrorVerify %p %sHalGetCachedAcpiTable %p %sHalSetPciErrorHandlerCallback %p %sread_hal_apci_disp_table return %X bytes, error %d, ntstatus %Xread_hal_apci_disp_table return %X bytes, error %dBad HalAcpiDispatchTable version: %Xread_gdt_size failed, error %d, ntstatus %Xread_gdt_size failed, error %dCannot alloc %d bytes for GDT entriesread_gdt failed, error %d, ntstatus %Xread_gdt failed, error %dDescriptor[%d] %s S %d DPL %d type %X base %X limit %XWinChecker::dump_ldt failed, error %X, ntstatus %XWinChecker::dump_ldt failed, error %XWinChecker::dump_ldt: cannot alloc ldt array, size %XLdt[%d]:Base: XLimit: XAVL: %dD/B: %dDPL: %dG: %dP: %dS: %dType: %dCannot read code for kinterrupt(%X) thunk, error %dIDT patched: unknown type %X selector %X addr %p for int%XIDT patched: unknown selector %X for int%XIDT patched: int%X has unknown selector %X base %X limit %X addr %pIDT patched: int%X addr %p by module %sIDT int%X addr %p KINTERRUPT %pIDT patched: int%X addr %pInt%X: selector %X type TASK DPL %X base %X limit %XInt%X: selector %X type %X DPL %X addr %p base %X limit %XInt%X: selector %X type %X DPL %X addr %pread_idt_size failed, error %d, ntstatus %Xread_idt_size failed, error %dread_idt: cannot alloc %d bytes for IDT storageread_idt failed, error %d, ntstatus %Xread_idt failed, error %dCannot read kinterrupt (%X), error %dKInterrupt %X (%p):Size %X type %XServiceRoutine %p %sDispatchAddress %p %scheck_ob_types: cannot read size of ObTypes list, error %d, ntstatus %Xcheck_ob_types: cannot read size of ObTypes list, error %dcheck_ob_types: cannot read %d bytes (readed %d), error %d, ntstatus %Xcheck_ob_types: cannot read %d bytes (readed %d), error %dfill_ob_type: cannot read ObType %S (%X), error %dCannot read ObType %S (%X), error %dObType %S:DumpProcedure: %p %sOpenProcedure: %p %sCloseProcedure: %p %sDeleteProcedure: %p %sParseProcedure: %p %sSecurityProcedure: %p %sQueryNameProcedure: %p %sOkayToCloseProcedure: %p %sZwAlpcConnectPortExZwOpenKeyTransactedExZwOpenKeyExZwOpenKeyTransactedZwCreateKeyTransactedZwAlpcSendWaitReceivePortZwAlpcImpersonateClientOfPortZwAlpcDisconnectPortZwAlpcDeletePortSectionZwAlpcCreatePortSectionZwAlpcCreatePortZwAlpcConnectPortZwAlpcAcceptConnectPortZwUnloadKey2ZwQueryOpenSubKeysExZwLoadKeyExZwQueryPortInformationProcessZwWaitForKeyedEventZwReleaseKeyedEventZwOpenKeyedEventZwCreateKeyedEventZwUnloadKeyExZwSaveKeyExZwRenameKeyZwLockRegistryKeyZwLockProductActivationKeysZwCompressKeyZwCompactKeysZwYieldExecutionZwUnloadKeyZwSetValueKeyZwSetThreadExecutionStateZwSetInformationKeyZwSetDefaultHardErrorPortZwSecureConnectPortZwSaveMergedKeysZwSaveKeyZwRestoreKeyZwRequestWaitReplyPortZwRequestPortZwReplyWaitReplyPortZwReplyWaitReceivePortExZwReplyWaitReceivePortZwReplyPortZwReplaceKeyZwRegisterThreadTerminatePortZwQueryValueKeyZwQueryOpenSubKeysZwQueryMultipleValueKeyZwQueryKeyZwQueryInformationPortZwOpenKeyZwNotifyChangeMultipleKeysZwNotifyChangeKeyZwLoadKey2ZwLoadKeyZwListenPortZwImpersonateClientOfPortZwFlushKeyZwEnumerateValueKeyZwEnumerateKeyZwDeleteValueKeyZwDeleteKeyZwDelayExecutionZwCreateWaitablePortZwCreatePortZwCreateNamedPipeFileZwCreateKeyZwConnectPortZwCompleteConnectPortZwAcceptConnectPortFindKiServiceTable: relocation type %d found at XCannot read body of %s !Cannot extract index of %s, error %dkernel %s don`t contains KeServiceDescriptorTable function !Cannot find SDT in %sCannot read ntdll.dllCannot read body of %s!Cannot read body of ZwYieldExecution!Cannot extract index of ZwYieldExecution, error %dCannot extract index of ZwPlugPlayControl , error %d%s: %pSDT entry %X (%s) hooked %p %s!SDT entry %X hooked %p %s!Need unhook %d items in SSDTUNHOOK_ITEM: Index %X Offset %XUnhook SSDT failed, lasterror %dUnhooked %d SSDT itemsNtUserSetProcessRestrictionExemptionNtUserAcquireIAMKeyNtGdiDdDDICreateKeyedMutex2NtGdiDdDDIOpenKeyedMutex2NtGdiDdDDIAcquireKeyedMutex2NtGdiDdDDIReleaseKeyedMutex2NtUserSetTHQAPublicKeyNtGdiDdDDIReleaseKeyedMutexNtGdiDdDDIAcquireKeyedMutexNtGdiDdDDIDestroyKeyedMutexNtGdiDdDDIOpenKeyedMutexNtGdiDdDDICreateKeyedMutexNtUserEndTouchOperationNtUserSfmDxReportPendingBindingsToDwmNtGdiDDCCIGetTimingReportNtUserUnregisterSessionPortNtUserRegisterSessionPortNtUserRegisterErrorReportingDialogNtGdiSetOPMSigningKeyAndSequenceNumbersNtGdiGetCertificateSizeNtGdiGetCertificateNtUserWaitForMsgAndEventNtUserVkKeyScanExNtUserUnregisterHotKeyNtUserUnlockWindowStationNtUserUnloadKeyboardLayoutNtUserUnhookWindowsHookExNtUserSetWindowStationUserNtUserSetWindowsHookExNtUserSetWindowsHookAWNtUserSetProcessWindowStationNtUserSetKeyboardStateNtUserSetImeHotKeyNtUserSetConsoleReserveKeysNtUserRegisterHotKeyNtUserOpenWindowStationNtUserMapVirtualKeyExNtUserLockWindowStationNtUserLoadKeyboardLayoutExNtUserGetProcessWindowStationNtUserGetKeyStateNtUserGetKeyNameTextNtUserGetKeyboardStateNtUserGetKeyboardLayoutNameNtUserGetKeyboardLayoutListNtUserGetImeHotKeyNtUserGetCPDNtUserGetAsyncKeyStateNtUserCreateWindowStationNtUserCloseWindowStationNtUserCheckImeHotKeyNtUserCallMsgFilterNtUserAlterWindowStyleNtUserActivateKeyboardLayoutNtGdiScaleViewportExtExNtGdiDvpWaitForVideoPortSyncNtGdiDvpUpdateVideoPortNtGdiDvpGetVideoPortConnectInfoNtGdiDvpGetVideoPortOutputFormatsNtGdiDvpGetVideoPortLineNtGdiDvpGetVideoPortInputFormatsNtGdiDvpGetVideoPortFlipStatusNtGdiDvpGetVideoPortFieldNtGdiDvpGetVideoPortBandwidthNtGdiDvpFlipVideoPortNtGdiDvpDestroyVideoPortNtGdiDvpCreateVideoPortNtGdiDvpCanCreateVideoPortNtGdiDdSetColorKeyread_shadow_sdt failed, error %dcheck_win32k_sdt: cannot alloc %d bytesCannot read win32k_sdt at %p size %X, error %dwin32k_sdt[%d] (%s) hooked, addr %p %swin32k_sdt[%d] hooked, addr %p %sGetNamedPipeServerProcessIdread_kddb read %X bytes, error %dcannot read MmNonPagedPoolStart (%p), error %dcannot read MmNonPagedPoolEnd (%p), error %dcannot read MmPagedPoolStart (%p), error %dcannot read MmPagedPoolEnd (%p), error %dcannot read KernelVerifier (%p), error %dWindowsType: %SETHREAD.StartAddress %XKiProcessorBlock: %p (%X)KernelVerifier: %XKeBugCheckCallbackList: %p (%X)WorkerRoutine: %p %sIdleFunction: %p %sIdleFunction: %p %sKPRCB[%d].WorkerRoutine: %p %sKPRCB[%d].IdleFunction: %p %sKPRCB[%d].IdleFunction: %p %sread_kpcr return %X bytes, error %d, ntstatus %Xread_kpcr return %X bytes, error %dKPCR[%d] %p major %X minor %XKPCR[%d] %pget_os_info return %X bytes, error %d, ntstatus %Xget_os_info return %X bytes, error %dNtMajorVersion: %dNtMinorVersion: %dBuildNumber: %dGlobalFlag: %XProcessors: %dMmVerifierFlags %dMmSystemSize %d %sDebuggerEnabled %dDebuggerNotPresent %dSafeBootMode %dNXSupportPolicy %XCR0 %8.8X %sCR4 %8.8X %sCannot open mailslot %S, error %dget_mail_slot_owner(%S): returned %d bytes, error %d, ntstatus %Xget_mail_slot_owner(%S): returned %d bytes, error %dCannot open named pipe %S, error %dGetNamedPipeServerProcessId(%S) failed, error %dget_named_pipe_owner(%S): returned %d bytes, error %d, ntstatus %Xget_named_pipe_owner(%S): returned %d bytes, error %dread_lpc_port_chars: len %d, returned %d bytes, error %d, ntstatus %Xread_lpc_port_chars: len %d, returned %d bytes, error %dread_unicode_string: len %d, returned %d bytes, error %d, ntstatus %Xread_unicode_string: len %d, returned %d bytes, error %dread_drivers_list: cannot get size of drivers list, returned %d bytes, error %d, ntstatus %Xread_drivers_list: cannot get size of drivers list, returned %d bytes, error %dread_drivers_list: cannot alloc %X bytes for driver listread_drivers_list: cannot read drivers list, error %d, ntstatus %Xread_drivers_list: cannot read drivers list, error %d%p:%X flags %X LoadCount %d %sread_KiThreadSelectNotifyRoutine failed, error %dread_KiSwapContextNotifyRoutine failed, error %dread_KiTimeUpdateNotifyRoutine failed, error %dread_PspLegoNotifyRoutine failed, error %dread_KiDebugRoutine failed, error %dread_msrs failed, error %d, ntstatus %Xread_msrs failed, error %dIManageProcess: Cannot OpenProcess %dIManageProcess: Cannot open process %dread_win32_process for PID %X failed, error %d, status %Xread_win32_process for PID %X failed, error %dread_dword(%p, PID %d) failed, error %d, ntstatus %Xread_dword(%p, PID %d) failed, error %dread_ptr(%p, PID %d) failed, error %d, ntstatus %Xread_ptr(%p, PID %d) failed, error %drp_ReadProcessMemory(%p size %X) from %p error %dread_token for PID %X failed, error %d, status %Xread_token for PID %X failed, error %dopen_proc(%d, access %X) failed, error %d, ntstatus %Xopen_proc(%d, access %X) failed, error %drp_OpenProcess(%d, access %X) dwRet %d, error %drp_TerminateProcess(%p, %X) dwRet %d, error %dMajor %d Minor %d BuildNumber %d PlatformId %d ServicePackMajor %d ServicePackMinor %d SuiteMask %d ProductType %d CSDVersion %SProductType: %XCannot open RPC control, error %Xmsgsvcsend_ILocalObjectExporterIVsShellIWbemLoginClientIDICertProtect_IBTFTPApiEvents_s_PasswordRecoverywininet_UrlCache_IObjectExporterWMsgAPIsWMsgKAPIsINCryptKeyIsoHttpProxyMgrProviderIKeySvcRWcnTransportRpcIPortResolveIWbemLoginHelperLRpcSIDKeyISmartCardRootCertsIDebugPortSupplier2IAsyncOperationIPipelineElementOnlineProviderCertInterfaceIBackgroundCopyJobHttpOptionsHttpProxyMgrClientIStaticPortMappingCollectionIKeySvcs_WindowsShutdownIWebBrowser2IDebugPortSupplierLocale2IUPnPHttpHeaderControlWINHTTP_AUTOPROXY_SERVICEIErcLuaSupportIDebugPortSupplier3IKeySvc2BackupKeyIWerReportICertPassageIStaticPortMappingIDebugPortSupplierEx2IWbemLevel1LoginIWebBrowserAppmsgsvcIShellWindowsRpcBindingFromStringBinding(%S) failed: %dRpcMgmtInqIfIds(%S) failed: %dRpcStringBindingCompose failed: %dRpcBindingFromStringBinding failed: %dRpcMgmtInqIfIds failed: %d%8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X version %d.%d : %s%8.8X-%4.4X-%4.4X-%2.2X%2.2X-%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X version %d.%d : (%s)RpcMgmtEpEltInqBegin failed: %dCannot read npc table, readed %X bytesrpcrt4%s.AddressChangeFn: %p %srpcrt4_hack::check_myself: exception %d occuredrpcrt4_hack::try_hack: cannot find RpcServerRegisterIfExI_RpcInitNdrImportsload_driver(%S) returned %XLoaded kernel driver: %SError loading kernel driver: %ls - 0xxError loading kernel driver: %S - 0xxError loading kernel driver: %S - OpenSCManager 0xxtcpipClientImmProcessKeyfnHkOPTINLPEVENTMSGfnHkINLPMSGfnSENTDDEMSGfnDWORDOPTINLPMSGRealMsgWaitForMultipleObjectsExPEB.KernelCallbackTable patched, %puser32_hack::try_hack: bad PE passeduser32_hack::try_hack: cannot read import tablepfnWowMsgBoxIndirectCallbackUnknown apfnDispatch size: %d%s_hack::try_hack: bad PE passed%s_hack::try_hack: cannot read exports, error %d%s_hack::try_hack: cannot find section .data%s_hack::try_hack: cannot read section .data%s_hack::try_hack: cannot read section .rdata%s_hack::try_hack: cannot find section .text%s_hack::try_hack: cannot read section .textDxgkReleaseKeyedMutex2DxgkAcquireKeyedMutex2DxgkOpenKeyedMutex2DxgkCreateKeyedMutex2DxgkReleaseKeyedMutexDxgkAcquireKeyedMutexDxgkDestroyKeyedMutexDxgkOpenKeyedMutexDxgkCreateKeyedMutexCannot read gDxgkInterface, readed %X bytesWindowHasShadowDisableProcessWindowsGhostingzzzUnhookWindowsHookxxxUpdateWindowsxxxArrangeIconicWindowsSetWindowStateClearWindowStateSetMsgBoxGetKeyboardTypeGetKeyboardLayoutRemotePassthruDisablexxxRemotePassthruEnableCannot read gpsi, readed %X bytesCannot read gpsi handlers, readed %X bytesCannot read apfnSimpleCall, readed %X bytesCannot read gapfnMessageCall, readed %X bytesCannot read gapfnScSendMessage, readed %X bytesCannot read gaNewProcAddresses, readed %X bytesCannot open logfile %SCannot create stop event, error %dDriver %S loaded from %SSrvGetConsoleKeyboardLayoutNameSrvSetConsoleKeyShortcutsSrvGetConsoleAliasExesSrvGetConsoleAliasExesLengthSrvVDMConsoleOperationSrvGetLargestConsoleWindowSizeSrvExitWindowsExwinsrv.dllUnknown size of ConsoleServerApiDispatchTable: %dUnknown size of UserServerApiDispatchTable: %dCallUserpExitWindowsExGetConsoleAliasExesInternalGetConsoleAliasExesLengthInternalSetConsoleKeyShortcutsGetConsoleKeyboardLayoutNameWorkerSetConsoleOutputCPInternalGetConsoleOutputCPGetLargestConsoleWindowSizereg_ccs_services::read failed - error %dCannot open key %S, error %dSafeSecondaryLog(%d) failed, error %dSafeSecondaryLog failed, error %dSafeSendLog(%d) failed, error %dSafeSendLog failed, error %dBad memory %p len %X in dump_hex_bufferCannot alloc %d bytes for delayed importsCannot alloc %d bytes for importsread_import_safe(%s) failed %XCannot realloc %d bytes for iatread_delayed_safe(%s) failed %Xstore2md_cache: cannot alloc %d bytesstore2md_cache: cannot realloc, alloced %d byteswdigest.dlltspkg.dllschannel.dllpku2u.dllnegoexts.dllmsv1_0.dlllivessp.dllkerberos.dllumpnpmgr.dllcombase.dllntdsa.dllntdll.dllcryptbase.dllncrypt.dllrpcrt4.dllimm32.dlluser32.dllkernelbase.dllkernel32.dlladvapi32.dllole32.dllCannot alloc %X bytes for relocsSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequiredWS2_32.dllRPCRT4.dllGetProcessHeapGetWindowsDirectoryAKERNEL32.dllRegCloseKeyRegOpenKeyExWRegOpenKeyExARegCreateKeyExWADVAPI32.dllGetWindowsDirectoryWGetCPInfoRegQueryInfoKeyWRegEnumKeyWzcÃ.?AVMyWindowsChecker@@.?AV?$rpcrt4_hack@U_IMAGE_NT_HEADERS@@@@.?AVtcpip_hack@@.?AV?$import_holder@U_IMAGE_NT_HEADERS@@@CMN@@.?AVinmem_import_holder@CMN@@.?AVimport_holder_intf@CMN@@.?AVmodule_import@CMN@@aR.RnX.UJ^Aw%xyWf.Gkf%0X0m0>$?(?,?0?3&4;456?90:77g77>7[7`7|76#8*878^8~811_10#101#2020 11h1J36%7S77*717>7[8=!>&>9>>>7&7@7l7Â8N8V8z8:);4;>;\;0%0X0= >$>(>,>0>?,?4?\?|?.----/01/01/01KERNEL32.DLLmscoree.dllU%SystemRoot%\system32\svchost.exe%SystemRoot%\system32\svchostWSOCKTRANSPORTTCPIP6TCPIPSTORPORTSTORMINIPORTSOFTPCISCSIPORTSCSIMINIPORTSBP2PORTFCPORTPassiveWatchdogTimeoutsImageExecutionOptionsErrorPortStartTimeoutErrorPortCommTimeoutDisablePagingExecutiveDebuggerMaxModuleMsgsCountOperationsB\\.\Psapi.dllsWindows PowerShelltHost Process for Windows TasksWindows Problem Reporting 32 bitWindows Problem ReportingWindows Modules InstallermWindows Start-Up ApplicationtWindows Search IndexersWindows Server Initial Configuration TasksWindows Media PlayerDump Reporting ToolError ReporterrWindows Control Panel 32 bitWindows Control PanelWindows Connect Now - Config Registrar ServiceWindows Media Player Network Sharing ServiceWindows firewallWindows Error Reporting ServicetWindows DefendervError reporting serviceeWindows update serviceWindows Image AcquisitionWebClienttWindows Security Center Notification AppyWindows Based Script HostWindows installer 32 bitWindows installerWindows 16-bit Virtual MachineWindows Management InstrumentationWindows User Mode Driver ManagerMS tftpMS ftp 32 bitMS ftpMicrosoft Help and Support CenterCmd.exe 32 bitCmd.exeWindows Logon User Interface HostWindows updatetGoogle ChromerOpera Internet BrowserMozilla Thunderbird Mail and News ClientdFirefox browserServices.exe%SystemRoot%\msagent\agentsvr.exe%SystemRoot%\System32\dfrgfat.exe%SystemRoot%\System32\dfrgntfs.exe%SystemRoot%\System32\services.exe%SystemRoot%\System32\svchost.exe%SystemRoot%\System32\alg.exe%SystemRoot%\System32\spoolsv.exe%SystemRoot%\System32\net.exe%SystemRoot%\System32\net1.exe%SystemRoot%\System32\cmd.exe%SystemRoot%\System32\notepad.exe%SystemRoot%\System32\calc.exe%SystemRoot%\System32\PTF.exe%SystemRoot%\System32\tPTF.exe%SystemRoot%\System32\telnet.exe%SystemRoot%\System32\taskkill.exe%SystemRoot%\System32\ctfmon.exe%SystemRoot%\System32\wdfmgr.exe%SystemRoot%\System32\mmc.exe%SystemRoot%\System32\userinit.exe%SystemRoot%\System32\wbem\wmiprvse.exe%SystemRoot%\System32\wbem\wmiadap.exe%SystemRoot%\explorer.exe%SystemRoot%\System32\lsass.exe%SystemRoot%\System32\winlogon.exe%SystemRoot%\System32\LogonUI.exe%SystemRoot%\System32\wuauclt.exe%SystemRoot%\System32\wuauclt1.exe%SystemRoot%\System32\CCM\CcmExec.exe%SystemRoot%\System32\csrss.exe%SystemRoot%\System32\smss.exe\SystemRoot\System32\smss.exe%SystemRoot%\System32\inetsrv\w3wp.exe%SystemRoot%\System32\schtasks.exe%SystemRoot%\System32\tstheme.exe%SystemRoot%\System32\control.exe%SystemRoot%\System32\taskmgr.exe%SystemRoot%\System32\dwwin.exe%SystemRoot%\System32\drwtsn32.exe%SystemRoot%\System32\dumprep.exe%SystemRoot%\System32\dfssvc.exe%SystemRoot%\System32\dllhost.exe%SystemRoot%\System32\ntvdm.exe%SystemRoot%\System32\rundll32.exe%SystemRoot%\System32\msiexec.exe%SystemRoot%\System32\mshta.exe%SystemRoot%\System32\regsvr32.exe%SystemRoot%\System32\cscript.exe%SystemRoot%\System32\wscript.exe%SystemRoot%\System32\wscntfy.exe%SystemRoot%\System32\mstsc.exe%SystemRoot%\System32\dashost.exefar.exeFar.exeCLSID\{FC7D9E02-3F9E-11d3-93C0-00C04F72DAF7}\InprocServer32CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\LocalServer32CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32iedw.exe%SystemRoot%\System32\oobechk.exe%SystemRoot%\System32\oobe.exe%SystemRoot%\System32\psxss.exe%SystemRoot%\System32\internat.exeAcroRd32.exeexcel.exeoutlook.exewinword.exepowerpnt.exewmplayer.exefirefox.exethunderbird.exeOpera.exeWinRAR.exe%SystemRoot%\System32\wininit.exe%SystemRoot%\System32\lsm.exe%SystemRoot%\System32\dwm.exe%SystemRoot%\System32\werfault.exe%SystemRoot%\System32\taskeng.exe%SystemRoot%\System32\conime.exe%SystemRoot%\System32\wudfhost.exe%SystemRoot%\System32\taskhost.exe%SystemRoot%\System32\conhost.exe%SystemRoot%\System32\rdpclip.exe%SystemRoot%\System32\SearchFilterHost.exe%SystemRoot%\System32\SearchProtocolHost.execsrss.exesvchost.exealg.exesPptpMiniportTcpippsapi.dll127.0.0.1\\.\pipe\\\.\mailslot\SOFTWARE\Microsoft\Windows NT\CurrentVersion\\.\Pipe\\\.\Mailslot\ncacn_ip_tcp:ncadg_ip_udp:\\pipe\\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShellRemediationExeSOFTWARE\Classes\SCCM.VAppLauncher\shell\Open\commandSOFTWARE\Classes\CLSID\{00AAB372-0D6D-4976-B5F5-9BC7605E30BB}\LocalServer32SOFTWARE\Classes\CLSID\{3C296D07-90AE-4FAC-86F9-65EAA8B82D22}\LocalServer32SOFTWARE\Classes\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}\LocalServer32SOFTWARE\Classes\CLSID\{03e64e17-b220-4052-9b9b-155f9cb8e016}\LocalServer32SOFTWARE\Classes\CLSID\{1F69F884-285E-418E-9715-B9EEE402DD5F}\LocalServer32Software\Microsoft\Windows\CurrentVersion\WINEVT\publishersWindows checker1.0.0.3432wincheck.exe0, 0, 8, 16fGAwoYMM.exe_172_rwx_05990000_00001000:.text.rdata@.datafGAwoYMM.exe_172_rwx_06230000_00004000:Web Client NetworkMicrosoft Windows NetworkfGAwoYMM.exe_172_rwx_06260000_00004000:Microsoft Windows NetworkNesIMIQs.exe_368_rwx_00401000_000EA000:7.qU6TNcMdIvND.LOrg.eH^\w|.LVQfC%ddW0WaZ@%diO%%Sg[%dZrl}9fT{E!.Lg:\D.vYm.TpM.WYky??%sn6.wbK3Am%foEW%d[k#k[w[.dxHo%sd^.pgVM.XU\:.TU:67Y[mre%sRx.AF{-F.dA}R9zE46}GF{-A}d8Rx.AMbRx.AJVy-A}y1]~]{:&]{>Mr.0M8.wMF@%uF5@.FJr|M-9Q2.QDs]{>EkAC.AZ?]mYS_;-h}_/%s>AbGcMd7FZZZZ%&aTF{-A}d8Rx.AZu`\Vb)Rx.AN~2Rx.AF zx.ASs)Rx.AF{-6s z]sc.Pu).KQ>6VyT%FZd?%x1u2S.cp~%m"%UR.BFX7.Cd"w/1:,*-.1#k%U,:EW.yY%cMV=hC%x}7.Gl^z>fAd:%U.cW a]{.iA88=d0,.eJKV.eb.CYf?a8=Btcp.xn&)x.sd6Microsoft Windows%uNaO.YtUOMicrosoft Windows eine Wiederherstellung in einem Moment beginnen..klicken, um zu kopierenStrafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich beschffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1.Machen BitCoin Zahlung:2|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5DKlicken Sie auf "Import / Export".6- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.78Klicken Sie auf "Sweep Key".9.Internationale Anbieter=WebbrowserD&de.bitcoin.it/wiki/GKennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f~Microsoft Windows will begin a restoration process in a moment.Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,Enter your e-mail address(optional) and password. Make sure your password is secure.-zSave your password safely, preferably offline(click Notepad)..Follow the steps prompted on the website and pay close attention to the security recommendations.1tLogin to your Bitcoin wallet blockchain.info/wallet/login 54Click on Import / Export. 6Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7$Click 'Sweep Key'.9.International Exchanges=&en.bitcoin.it/wiki/GKnow the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.Jun reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)Microsoft Windows inizierImporto:Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo\Registrazione di un nuovo portafoglio BitCoin:Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo passwordSalvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.72Fare clic su 'Sweep Key'.9&it.bitcoin.it/wiki/GConoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.JMicrosoft Windows se iniciarFine Importe:n de Windows sin posibilidad de recuperaciOperacin: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,gina web y prestar mucha atencipAcceda a su cartera blockchain.info/wallet/login Bitcoin5FHaga clic en "Importar / Exportar".6sculas) y haga clic en" Add Private Key ".72Haga clic en 'Sweep Key'.9Navegador WebD&es.bitcoin.it/wiki/Gn de copyright. Visita copyright.gov/help/faq/faq-infringement.html para mNesIMIQs.exe_368_rwx_009A0000_00001000:C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\TempNesIMIQs.exe_368_rwx_00A00000_00001000:%Documents and Settings%\%current user%\dUskcAww\fGAwoYMMNesIMIQs.exe_368_rwx_00A10000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQsNesIMIQs.exe_368_rwx_00A30000_000E9000:C{?%f{[7.qU6TNcMdIvND.LOrg.eH^\w|.LVQfC%ddW0WaZ@%diO%%Sg[%dZrl}9fT{E!.Lg:\D.vYm.TpM.WYky??%sn6.wbK3Am%foEW%d[k#k[w[.dxHo%sd^.pgVM.XU\:.TU:67Y[mre%sRx.AF{-F.dA}R9zE46}GF{-A}d8Rx.AMbRx.AJVy-A}y1]~]{:&]{>Mr.0M8.wMF@%uF5@.FJr|M-9Q2.QDs]{>EkAC.AZ?]mYS_;-h}_/%s>AbGcMd7FZZZZ%&aTF{-A}d8Rx.AZu`\Vb)Rx.AN~2Rx.AF zx.ASs)Rx.AF{-6s z]sc.Pu).KQ>6VyT%FZd?%x1u2S.cp~%m"%UR.BFX7.Cd"w/1:,*-.1#k%U,:EW.yY%cMV=hC%x}7.Gl^z>fAd:%U.cW a]{.iA88=d0,.eJKV.eb.CYf?a8=Btcp.xn&)x.sd64%UMv4%UEInb%uNaO.YtUOMicrosoft Windows eine Wiederherstellung in einem Moment beginnen..klicken, um zu kopierenStrafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich beschffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1.Machen BitCoin Zahlung:2|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5DKlicken Sie auf "Import / Export".6- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.78Klicken Sie auf "Sweep Key".9.Internationale Anbieter=WebbrowserD&de.bitcoin.it/wiki/GKennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f~Microsoft Windows will begin a restoration process in a moment.Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,Enter your e-mail address(optional) and password. Make sure your password is secure.-zSave your password safely, preferably offline(click Notepad)..Follow the steps prompted on the website and pay close attention to the security recommendations.1tLogin to your Bitcoin wallet blockchain.info/wallet/login 54Click on Import / Export. 6Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7$Click 'Sweep Key'.9.International Exchanges=&en.bitcoin.it/wiki/GKnow the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.Jun reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)Microsoft Windows inizierImporto:Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo\Registrazione di un nuovo portafoglio BitCoin:Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo passwordSalvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.72Fare clic su 'Sweep Key'.9&it.bitcoin.it/wiki/GConoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.JMicrosoft Windows se iniciarFine Importe:n de Windows sin posibilidad de recuperaciOperacin: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,gina web y prestar mucha atencipAcceda a su cartera blockchain.info/wallet/login Bitcoin5FHaga clic en "Importar / Exportar".6sculas) y haga clic en" Add Private Key ".72Haga clic en 'Sweep Key'.9Navegador WebD&es.bitcoin.it/wiki/Gn de copyright. Visita copyright.gov/help/faq/faq-infringement.html para mNesIMIQs.exe_368_rwx_00E20000_00001000:%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.infNesIMIQs.exe_368_rwx_00E30000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.infNesIMIQs.exe_368_rwx_00E40000_00001000:%Documents and Settings%\%current user%\dUskcAww\fGAwoYMM.exeNesIMIQs.exe_368_rwx_00E50000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exeNesIMIQs.exe_368_rwx_00E80000_00001000:fGAwoYMM.exeNesIMIQs.exe_368_rwx_00E90000_00001000:NesIMIQs.exeNesIMIQs.exe_368_rwx_00EA0000_00001000:taskkill /FI "USERNAME eq adm" /F /IM fGAwoYMM.exeNesIMIQs.exe_368_rwx_00EB0000_00001000:taskkill /FI "USERNAME eq adm" /F /IM NesIMIQs.exeNesIMIQs.exe_368_rwx_00EC0000_00001000:%Documents and Settings%\All Users\JuwEIgUE\reIEcoQI.exeNesIMIQs.exe_368_rwx_00ED0000_00001000:%Documents and Settings%\All Users\KAAo.txtNesIMIQs.exe_368_rwx_00EE0000_00001000:notepad.exe "%Documents and Settings%\All Users\KAAo.txt"NesIMIQs.exe_368_rwx_00EF0000_00001000:%Documents and Settings%\All Users\JuwEIgUEreIEcoQI.exe_1532_rwx_00401000_000EA000:C{?%f{[7.qU6TNcMdIvND.LOrg.eH^\w|.LVQfC%ddW0WaZ@%diO%%Sg[%dZrl}9fT{E!.Lg:\D.vYm.TpM.WYky??%sn6.wbK3Am%foEW%d[k#k[w[.dxHo%sd^.pgVM.XU\:.TU:67Y[mre%sRx.AF{-F.dA}R9zE46}GF{-A}d8Rx.AMbRx.AJVy-A}y1]~]{:&]{>Mr.0M8.wMF@%uF5@.FJr|M-9Q2.QDs]{>EkAC.AZ?]mYS_;-h}_/%s>AbGcMd7FZZZZ%&aTF{-A}d8Rx.AZu`\Vb)Rx.AN~2Rx.AF zx.ASs)Rx.AF{-6s z]sc.Pu).KQ>6VyT%FZd?%x1u2S.cp~%m"%UR.BFX7.Cd"w/1:,*-.1#k%U,:EW.yY%cMV=hC%x}7.Gl^z>fAd:%U.cW a]{.iA88=d0,.eJKV.eb.CYf?a8=Btcpx.sd64%UMv4%UEInbV0S%u};2software\microsoft\windows\currentversion\run%uNaO.YtUOMicrosoft Windows eine Wiederherstellung in einem Moment beginnen..klicken, um zu kopierenStrafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich beschffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1.Machen BitCoin Zahlung:2|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5DKlicken Sie auf "Import / Export".6- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.78Klicken Sie auf "Sweep Key".9.Internationale Anbieter=WebbrowserD&de.bitcoin.it/wiki/GKennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f~Microsoft Windows will begin a restoration process in a moment.Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,Enter your e-mail address(optional) and password. Make sure your password is secure.-zSave your password safely, preferably offline(click Notepad)..Follow the steps prompted on the website and pay close attention to the security recommendations.1tLogin to your Bitcoin wallet blockchain.info/wallet/login 54Click on Import / Export. 6Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7$Click 'Sweep Key'.9.International Exchanges=&en.bitcoin.it/wiki/GKnow the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.Jun reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)Microsoft Windows inizierImporto:Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo\Registrazione di un nuovo portafoglio BitCoin:Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo passwordSalvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.72Fare clic su 'Sweep Key'.9&it.bitcoin.it/wiki/GConoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.JMicrosoft Windows se iniciarFine Importe:n de Windows sin posibilidad de recuperaciOperacin: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,gina web y prestar mucha atencipAcceda a su cartera blockchain.info/wallet/login Bitcoin5FHaga clic en "Importar / Exportar".6sculas) y haga clic en" Add Private Key ".72Haga clic en 'Sweep Key'.9Navegador WebD&es.bitcoin.it/wiki/Gn de copyright. Visita copyright.gov/help/faq/faq-infringement.html para mreIEcoQI.exe_1532_rwx_00720000_00001000:%WinDir%\TEMPreIEcoQI.exe_1532_rwx_00780000_00001000:%Documents and Settings%\LocalService\dUskcAww\fGAwoYMMreIEcoQI.exe_1532_rwx_00790000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQsreIEcoQI.exe_1532_rwx_007B0000_000E9000:C{?%f{[7.qU6TNcMdIvND.LOrg.eH^\w|.LVQfC%ddW0WaZ@%diO%%Sg[%dZrl}9fT{E!.Lg:\D.vYm.TpM.WYky??%sn6.wbK3Am%foEW%d[k#k[w[.dxHo%sd^.pgVM.XU\:.TU:67Y[mre%sRx.AF{-F.dA}R9zE46}GF{-A}d8Rx.AMbRx.AJVy-A}y1]~]{:&]{>Mr.0M8.wMF@%uF5@.FJr|M-9Q2.QDs]{>EkAC.AZ?]mYS_;-h}_/%s>AbGcMd7FZZZZ%&aTF{-A}d8Rx.AZu`\Vb)Rx.AN~2Rx.AF zx.ASs)Rx.AF{-6s z]sc.Pu).KQ>6VyT%FZd?%x1u2S.cp~%m"%UR.BFX7.Cd"w/1:,*-.1#k%U,:EW.yY%cMV=hC%x}7.Gl^z>fAd:%U.cW a]{.iA88=d0,.eJKV.eb.CYf?a8=Btcpx.sd64%UMv4%UEInb%uNaO.YtUOMicrosoft Windows eine Wiederherstellung in einem Moment beginnen..klicken, um zu kopierenStrafe zahlen. Jeder Versuch, diese Nachricht zu entfernen werden die Dateien, Hardware und Windows-Installation unwiederbringlich beschffnen Sie den Internet-Browser. An die Adresse gehen: blockchain.info/wallet und klicken Sie auf 'Erstellen Sie ein neues Wallet'.,Geben Sie Ihre E-Mail-Adresse (optional) und Ihr Passwort ein. Achten Sie darauf, Ihr Passwort sicher ist.-Sparen Sie Ihr Passwort sicher, vorzugsweise offline (klicken Notepad)..Folgen Sie den Anweisungen auf der Website aufgefordert werden, und achten Sie genau auf die Sicherheitsempfehlungen.1.Machen BitCoin Zahlung:2|Anmeldung zu Ihrem Bitcoin Wallet blockchain.info/wallet/login5DKlicken Sie auf "Import / Export".6- und Kleinschreibung) indem Sie es und klicken Sie auf 'Add Private Key'.78Klicken Sie auf "Sweep Key".9.Internationale Anbieter=WebbrowserD&de.bitcoin.it/wiki/GKennen Sie die Gefahren der Verletzung des Urheberrechts. Besuchen copyright.gov/help/faq/faq-infringement.html f~Microsoft Windows will begin a restoration process in a moment.Operation Global 3 is a coordinated effort by U.S., Canadian and European law enforcement agencies targeting computers with pirated content.$Open Internet Browser. Go to the address: blockchain.info/wallet and click 'Start A New Wallet'.,Enter your e-mail address(optional) and password. Make sure your password is secure.-zSave your password safely, preferably offline(click Notepad)..Follow the steps prompted on the website and pay close attention to the security recommendations.1tLogin to your Bitcoin wallet blockchain.info/wallet/login 54Click on Import / Export. 6Enter the paper wallet's private key by typing it manually (case sensitive) and click on 'Add Private Key'.7$Click 'Sweep Key'.9.International Exchanges=&en.bitcoin.it/wiki/GKnow the dangers of copyright infringement. Visit copyright.gov/help/faq/faq-infringement.html for more information.Jun reato federale che porta pene fino a cinque anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (17 USC s.506, 18 USC s.2319)un crimine federale che comporta pene fino a quindici anni di prigione federale, 250.000 dollari di multa, confisca e la restituzione (18 USC s.2339A)Microsoft Windows inizierImporto:Qualsiasi tentativo di rimuovere questo messaggio potrebbe danneggiare il vostro file, hardware e di installazione di Windows oltre il recupero."Operazione globale III dagli Stati Uniti, Canada, Europa, Australia, Nuova Zelanda e altre forze dell'ordine di tutto il mondo\Registrazione di un nuovo portafoglio BitCoin:Aprire Internet Browser. Vai all'indirizzo: blockchain.info/wallet e cliccare su 'Crea un nuovo Portafoglio'.,Inserisci il tuo indirizzo e-mail (opzionale) e la password. Assicurati che il tuo passwordSalvare la password in modo sicuro, preferibilmente non in linea (fare clic su Notepad)..Seguire i passaggi spinto sul sito e prestare la massima attenzione alle raccomandazioni di sicurezza.1|Accedi al tuo portafoglio Bitcoin blockchain.info/wallet/login5Inserire la chiave privata 'Paper Wallet' digitando manualmente (maiuscole e minuscole) e fare clic su 'Add Private Key'.72Fare clic su 'Sweep Key'.9&it.bitcoin.it/wiki/GConoscere i pericoli di violazione del copyright. Visita copyright.gov/help/faq/faq-infringement.html per maggiori informazioni.JMicrosoft Windows se iniciarFine Importe:n de Windows sin posibilidad de recuperaciOperacin: blockchain.info/wallet y haga clic en 'Crear un nuevo monedero'.,gina web y prestar mucha atencipAcceda a su cartera blockchain.info/wallet/login Bitcoin5FHaga clic en "Importar / Exportar".6sculas) y haga clic en" Add Private Key ".72Haga clic en 'Sweep Key'.9Navegador WebD&es.bitcoin.it/wiki/Gn de copyright. Visita copyright.gov/help/faq/faq-infringement.html para mreIEcoQI.exe_1532_rwx_00BA0000_00001000:%Documents and Settings%\LocalService\dUskcAww\fGAwoYMM.infreIEcoQI.exe_1532_rwx_00BB0000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.infreIEcoQI.exe_1532_rwx_00BC0000_00001000:%Documents and Settings%\LocalService\dUskcAww\fGAwoYMM.exereIEcoQI.exe_1532_rwx_00BD0000_00001000:%Documents and Settings%\All Users\hcYYccwo\NesIMIQs.exereIEcoQI.exe_1532_rwx_00C00000_00001000:fGAwoYMM.exereIEcoQI.exe_1532_rwx_00C10000_00001000:NesIMIQs.exereIEcoQI.exe_1532_rwx_00C20000_00001000:taskkill /FI "USERNAME eq SYSTEM" /F /IM fGAwoYMM.exereIEcoQI.exe_1532_rwx_00C30000_00001000:taskkill /FI "USERNAME eq SYSTEM" /F /IM NesIMIQs.exe