Trojan.Generic.12220278 (AdAware), WormAutoItGen.YR (Lavasoft MAS)Behaviour: Trojan, Worm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: b14471f648f9710fa322c62ad8dc17f4
SHA1: e850562b06d759cdddb7418098acf2143b5d0e13
SHA256: 11419a15bd4011009e1b233baf96a89432a9c1d1b4553b965960480675b91cea
SSDeep: 393216:vONMtYgPi2RC3XozVkYrJ2NG1CTSOTXd8zXGLfYthwC3:ZYzbeVF2NG1lCdMsfYHF
Size: 13568965 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171, UPolyXv05_v6
Company: no certificate found
Created at: 2012-12-31 02:38:32
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
ASO3.exe:340
CheckUpdate.exe:516
schtasks.exe:1128
schtasks.exe:1364
regedit.exe:264
%original file name%.exe:228
The Trojan injects its code into the following process(es):
ASO3portable.exe:644
Mutexes
The following mutexes were created/opened:
ZonesLockedCacheCounterMutexZonesCacheCounterMutexZonesCounterMutexShimCacheMutex
File activity
The process ASO3.exe:340 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GDE3MT21\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CRMNWZYD\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GLSHOFWZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6RMRY1S9\desktop.ini (67 bytes)
The process CheckUpdate.exe:516 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\Systweak\ASO3\Checking for Updates\AppUpdates\LatestVersion.htm (832 bytes)
The process %original file name%.exe:228 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\Common Files\Advanced System Optimizer\App\SecureDelete.exe (10347 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\Report_header_leftText.jpg (14 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DiskOptimizer.exe (848 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Xceed.FileSystem.dll (584 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Microsoft.VC90.ATL.manifest (353 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\clamunpack\clamscan.exe (15 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\info.ico (1 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\RegClean.exe (11276 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\BackupManager.exe (18844 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SystemProtector.XmlSerializers.dll (45 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\MFC90ENU.dll (754 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DiskExplorer.exe (9732 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\sqlite3.dll (6101 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ASOHelper.dll (8600 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\GOHelper.exe (37 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\driveropt.ini (70 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Xceed.Zip.dll (1430 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\copying.txt (26 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\HookDll64.dll (395 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\VolumeControl64.exe (515 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\regclean.ini (82 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\RegistryOptimizer.exe (3599 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\sysfilebackres.ini (23 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\regopt.ini (12 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\7z.exe (267 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\vista\DriverRestore.manifest (682 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\amd64Helper\DriverUpdateHelper64.manifest (689 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\Report_header_top_middle.jpg (7 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\win7i386\DriverRestore.exe (84 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\startupman.ini (10 bytes)
%Program Files%\Common Files\Advanced System Optimizer\Portable1.reg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ScanDll.dll (64 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\amd64\DriverRestore.exe (1635 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\website.ico (1 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\secencrypt.ini (26 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\aso.ini (135 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\PTBWin7.exe (20 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\AsInvoker.exe (64 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\aspcomm.dll (2741 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\right_border.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\footer_middle.jpg (7 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\readme.txt (1 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\asodemo.exe (6577 bytes)
%Program Files%\Common Files\Advanced System Optimizer\Delete1.reg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\HookDll.dll (56 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Microsoft.VC90.MFCLOC.manifest (670 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\RequireAdministrator.exe (1846 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\BeforeUninstall.exe (13907 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\undelete.ini (28 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DriverUpdater.exe (8022 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\win7amd64\DriverRestore.manifest (682 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\aso3sys.dll (6771 bytes)
%Program Files%\Common Files\Advanced System Optimizer\Delete.reg (5 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\securedelete.ini (39 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SevenZipSharp.dll (1223 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\clamunpack\readme.txt (535 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ASEng.dll (1678 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\diskdoc.ini (32 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\atl90.dll (1395 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Advanced System Optimizer Help.url (432 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SystemCleaner.exe (17655 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\PrivacyProtector.exe (12628 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\vista\DriverRestore.exe (722 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DiskDoctor.exe (3123 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\GameOptLauncher64.exe (2512 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\XceedZip.dll (1468 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\xmllite.dll (861 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\Report_header_left_image.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\launcher.exe (47 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\backupman.ini (78 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\memopt.ini (12 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\win7i386\DriverRestore.manifest (682 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\aspsys.dll (1708 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\MemoryOptimizer.exe (2376 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\difxapi64.dll (4584 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\mfc90u.dll (34642 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\DiskOpt.ini (19 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\UndeleteDLL.dll (1415 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\HighestAvailable.exe (753 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SystemProtector.exe (38774 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\AppResource.dll (17986 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\VolumeControl.exe (49 bytes)
%Program Files%\Common Files\Advanced System Optimizer\ASO3portable.exe (697 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\asplangs\categories.ini (42 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ASO3DefragSrv64.exe (2241 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\database.dat (32 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ASO3DefragSrv.exe (3340 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ASO3.exe (27333 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\sysadvisor.ini (104 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\GameOptLauncher.exe (1922 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\newscheduler.ini (8 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\license.txt (2 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\msvcp90.dll (7063 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\checkupdate.ini (12 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Systweak Software Website.url (245 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\single_click_care.ico (15 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\gameopt.ini (8 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\clamunpack\libclamav.dll (5447 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Microsoft.VC90.MFC.manifest (349 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Undelete.exe (2603 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\NewScheduler.exe (7142 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Interop.IWshRuntimeLibrary.dll (49 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\KillASOProcesses.exe (227 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\diskexplorer.ini (21 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\client.ini (65 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragServiceManager.exe (71 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\amd64\DriverRestore.manifest (682 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\difxapi.dll (3413 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\PCFixer.exe (6753 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Microsoft.Win32.TaskScheduler.dll (1929 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\pcfixer.ini (24 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\asores.dll (65453 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\sysclean.ini (52 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\xp\DriverRestore.exe (62 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\win7amd64\DriverRestore.exe (917 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\msvcr90.dll (3847 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\asplangs\eng_asp_en.ini (101 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Xceed.Compression.dll (552 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\dupfileremover.ini (28 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\rw.dat (7386 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\GameOptimizer.exe (1948 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Downloader.dll (1425 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SystemProtector.exe.config (4 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\System.Data.SQLite.dll (6225 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SecureShell.dll (5525 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\7z.dll (8067 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Network.dll (4748 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Buy Advanced System Optimizer.url (331 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\footer_right.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\categories.ini (42 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\line3px_Blue.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\CheckUpdate.exe (27994 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\Report_header_top_right.jpg (12 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\StartupManager.exe (1706 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SysFileBakRes.exe (4335 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\UninstallManager.ini (5 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\unrar.dll (1349 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Help.ico (1 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SecureEncryptor.exe (1854 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\History.txt (29 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\System.Core.dll (8923 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\zlibwapi.dll (319 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\rw.ini (54 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Microsoft.VC90.CRT.manifest (391 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DuplicateFilesRemover.exe (460 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\amd64Helper\DriverUpdateHelper64.exe (2221 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\asohtm.dll (3901 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Xceed.Compression.Formats.dll (1916 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\privprotector.ini (44 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\footer_left.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\Portable.reg (14 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\left_border.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\UninstallManager.exe (692 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Order.ico (1 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SystemAnalyzerAndAdvisor.exe (5321 bytes)
Registry activity
The process ASO3.exe:340 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Licenses]
"{K7C0DB872A3F777C0}" = "41 22 6C 8B E1 16 1F 05 48 6E 02 90 27 91 BF 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Systweak\ASO3]
"MachineHashID" = "768429272046948335"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Licenses]
"{0F8356A249F37E323}" = "56 3E A8 0E 0B A2 A7 A6 41 06 53 98 DA A5 44 A3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCR\CLSID\{B0F3F4F9-CB76-9A52-9442-B481A5FF49D3}\InProcServer32]
"(Default)" = "%Program Files%\NetMeeting\nac.dll"
[HKCU\Software\systweak\ASO3]
"SecEncryptAppName" = "Mã hóa an toàn"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\systweak\ASO3]
"KeyExpired" = "0"
"SecDelAppName" = "Xóa vĩnh viễn"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"schtasks.exe" = "Schedule Tasks"
[HKCR\CLSID\{B0F3F4F9-CB76-9A52-9442-B481A5FF49D3}]
"(Default)" = "Microsoft NetMeeting Quality of Service"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Advanced System Optimizer\App]
"CheckUpdate.exe" = "Advanced System Optimizer - Checking for Updates"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF 55 91 60 C3 BB 91 9E 24 45 39 FA 4A F1 6E 23"
[HKCU\Software\Licenses]
"{R7C0DB872A3F777C0}" = "4A 8D 7D 4C"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Systweak\ASO3]
"KeyExpired" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Licenses]
"{IF8356A249F37E323}" = "01 00 00 00"
[HKCR\CLSID\{B0F3F4F9-CB76-9A52-9442-B481A5FF49D3}\InProcServer32]
"ThreadingModel" = "Apartment"
[HKLM\SOFTWARE\Systweak\ASO3]
"REGISTEREDVERFOUNINSTALL" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"
"AutoConfigURL"
[HKCR\CLSID\{B0F3F4F9-CB76-9A52-9442-B481A5FF49D3}]
"0"
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced System Optimizer"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced System Optimizer"
The process CheckUpdate.exe:516 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Systweak\ASO3]
"MachineHashID" = "768429272046948335"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Licenses]
"{0F8356A249F37E323}" = "5B 3E 96 0F EF 81 A3 86 00 6A 3D BA 69 DA 2F C9"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\systweak\ASO3]
"SecEncryptAppName" = "Mã hóa an toàn"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\systweak\ASO3]
"CFUHWND" = "FC 01 03 00"
"KeyExpired" = "0"
"SecDelAppName" = "Xóa vĩnh viễn"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 0B 42 80 0B 17 FB 22 77 AE 89 CC 6E 8C F5 64"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Systweak\ASO3]
"KeyExpired" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Licenses]
"{IF8356A249F37E323}" = "1B 00 00 00"
[HKLM\SOFTWARE\Systweak\ASO3]
"REGISTEREDVERFOUNINSTALL" = "1"
"G_SUPPORT_PHONE_NUM" = "(855) 716-7030"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
[HKCU\Software\systweak\ASO3]
"CFUHWND"
The process schtasks.exe:1128 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4B 20 2A F0 71 EC 0E BC C1 85 96 A5 88 8A 99 63"
The process schtasks.exe:1364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF 0D D1 45 03 54 CC 35 07 E7 BE 2E F4 A9 5C B6"
The process regedit.exe:264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"jfThumbnail" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section1]
"ie8_AddBarHistory" = "1"
[HKCU\Software\systweak\ASO3\Advanced System Optimizer\OneClick]
"chkDiskDefrag" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section3]
"winsys_dnscache" = "0"
[HKCU\Software\systweak\ASO3\LANG]
"LangID" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_adobephotoshopcss" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"iMychavoihis" = "0"
[HKCU\Software\systweak\ASO3\Advanced System Optimizer]
"FirstRunASO" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"winsys_startmenushortcuts" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_winrar" = "1"
"app_prg_regedit" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"ie8_HistoryVS" = "1"
"app_prg_mssearch" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section3]
"winsys_windowslogfiles" = "1"
"winsys_desktopshortcuts" = "0"
[HKCU\Software\systweak\ASO3\ScanStatusForLauncher\SysFileBackup]
"ErrorCount" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"jfReportLogFile" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_windowsmediaplayer" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section2]
"jfdotnet" = "1"
"jfdownloadprgfile" = "0"
[HKCU\Software\systweak\ASO3\Advanced System Optimizer\OneClick]
"chkDriverupdater" = "1"
[HKCU\Software\systweak\ASO3]
"KeyExpired" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"jfbackupcopiewin" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section2]
"jfReportLogFile" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_skype" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section1]
"googlechrome_VisitedLinks" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"mso2013MS_Excel" = "1"
[HKCU\Software\systweak\ASO3]
"cname" = "systweak"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"winsys_otherexplorermrus" = "1"
[HKCU\Software\systweak\ASO3\Scheduler\OneClick]
"chkPrivacyProtector" = "1"
[HKCU\Software\systweak\ASO3]
"SecEncryptAppName" = "Mã hóa an toàn"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"ie8_TempIntFileFolder" = "1"
[HKCU\Software\systweak\ASO3\Scheduler\OneClick]
"chkJunkFileCleaner" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"jfTempFile" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section2]
"jfbackupcopiewin" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section3]
"winsys_startmenushortcuts" = "0"
"winsys_searchautocomplete" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_mssearch" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section1]
"ie8_TempIntFileFolder" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"jfoldprefach" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"iMychavoihis" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"mso2013MS_Excel" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"mso2013MS_RecentFolder" = "1"
[HKCU\Software\systweak\ASO3]
"ASO3AFFILIATE" = ""
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"ie8_AddBarHistory" = "1"
[HKCU\Software\systweak\ASO3\Scheduler\OneClick]
"chkRegClean" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"winsys_chkdskfilefragments" = "1"
[HKCU\Software\systweak\ASO3\Advanced System Optimizer\OneClick]
"chkAntispyware" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"winsys_winerrorreporting" = "0"
"winsys_desktopshortcuts" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section3]
"winsys_networkpasswords" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions]
"StartAppli_FirstTime" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_remotedesktop" = "1"
[HKCU\Software\systweak\ASO3\Scheduler\OneClick]
"chkDiskDefrag" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_msmanagementconsole" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section3]
"winsys_chkdskfilefragments" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"mso2013MS_PowerPoint" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section1]
"ie8_HistoryVS" = "1"
[HKCU\Software\systweak\ASO3]
"RegisteredUser" = ""
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_windowsdefender" = "1"
[HKCU\Software\systweak\ASO3]
"InstalledPath" = "%Program Files%\Advanced System Optimizer 3"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_remotedesktop" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_gameexplorer" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section1]
"ie8_Cookies" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_windowsmediacenter" = "1"
"googlechrome_VisitedLinks" = "1"
"jfdotnet" = "1"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "47 6B 0D AE FC F2 21 3A 3E FE 98 1D 54 A9 33 32"
[HKCU\Software\systweak\ASO3\Scheduler\OneClick]
"ASO-OneClickCare" = "Không có lịch trình"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_regedit" = "1"
[HKCU\Software\systweak\ASO3\Scheduler\OneClick]
"chkAntispyware" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section1]
"AdobeFlashPlayer" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section3]
"winsys_winerrorreporting" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_windowsdefender" = "1"
"winsys_clipboard" = "1"
"iMycache" = "0"
[HKCU\Software\systweak\ASO3\Scheduler\OneClick]
"chkDriverupdater" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_skype" = "1"
"winsys_memorydumps" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_adobeair" = "0"
"mso2013MS_Word" = "1"
[HKCU\Software\systweak\ASO3]
"ASO3CAM" = "website"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_adobephotoshopcss" = "0"
"app_prg_acrobatdistiller" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_msofficepicturemanager" = "1"
[HKCU\Software\systweak\ASO3\ScanStatusForLauncher\SysFileBackup]
"LastScanDateTime" = "10/21/2014 2:12:47 PM"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section2]
"jfoldprefach" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_utorrent" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"jflogfileactive" = "1"
[HKCU\Software\systweak\ASO3\OneClickCure\SysFileBackup]
"CLEANFINISHED" = "1"
[HKCU\Software\systweak\ASO3\OneclickLastScanDetailsPath]
"SystemCleaner.exe" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section3]
"winsys_taskbarjumplists" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_winrar" = "1"
"app_prg_utorrent" = "1"
"app_prg_gameexplorer" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section3]
"winsys_otherexplorermrus" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_windowsmediaplayer" = "1"
[HKCU\Software\systweak\ASO3\ScanStatusForLauncher\SysFileBackup]
"iconStatus" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"mso2013MS_Access" = "1"
"app_prg_msofficepicturemanager" = "1"
[HKCU\Software\systweak\ASO3\ScanStatusForLauncher\SysFileBackup]
"MSGOnHome" = ""
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"googlechrome_Cookies" = "1"
"jfrecentprgdocset" = "0"
"winsys_windowslogfiles" = "1"
"winsys_taskbarjumplists" = "1"
[HKCU\Software\systweak\ASO3\Advanced System Optimizer\OneClick]
"chkPrivacyProtector" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_microsoftsilverlight" = "1"
"app_prg_msmanagementconsole" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_adobeacrobat" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_acrobatdistiller" = "1"
"iMycache" = "0"
[HKCU\Software\systweak\ASO3\Advanced System Optimizer\OneClick]
"chkJunkFileCleaner" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section1]
"googlechrome_Cache" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"winsys_networkpasswords" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section2]
"jfrecentprgdocset" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section3]
"winsys_clipboard" = "1"
[HKCU\Software\systweak\ASO3]
"ASOBUILDFOR" = "systweak"
[HKCU\Software\systweak\ASO3\Advanced System Optimizer\OneClick]
"chkRegClean" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_adobeair" = "0"
"googlechrome_History" = "1"
"mso2013MS_RecentFolder" = "1"
[HKCU\Software\systweak\ASO3\Scheduler\OneClick]
"(Default)" = "Scan Not Scheduled"
"chkRegOptimizer" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"mso2013MS_PowerPoint" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_malwarebytesantimalware" = "0"
"jfdownloadprgfile" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section3]
"winsys_memorydumps" = "1"
[HKCU\Software\systweak\ASO3\LAST_CALL_TIME]
"LastGVTime" = "DF 07 01 00 06 00 0A 00 02 00 28 00 10 00 B2 02"
[HKCU\Software\systweak\ASO3\Advanced System Optimizer\OneClick]
"chkRegOptimizer" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section2]
"jfThumbnail" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"AdobeFlashPlayer" = "0"
"msofficeothertool_2013" = "1"
"gchromeoptdatabases" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section1]
"gchromeoptdatabases" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"app_prg_microsoftsilverlight" = "1"
"winsys_dnscache" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section2]
"jfTempFile" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section1]
"googlechrome_History" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section2]
"jfwpffont" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"googlechrome_Cache" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"app_prg_windowsmediacenter" = "1"
[HKCU\Software\systweak\ASO3]
"SecDelAppName" = "Xóa vĩnh viễn"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"winsys_searchautocomplete" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"mso2013MS_Access" = "1"
"app_prg_malwarebytesantimalware" = "0"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section2]
"jflogfileactive" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"jfwpffont" = "0"
[HKCU\Software\systweak\ASO3]
"RegisteredPass" = "00JJY7-WTAY0J-K146RX-84C8TJ"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section1]
"googlechrome_Cookies" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"ie8_Cookies" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\Section4]
"msofficeothertool_2013" = "1"
"app_prg_adobeacrobat" = "1"
[HKCU\Software\systweak\ASO3\System Cleaner\PPOptions\RegularSystemCleanerSPC]
"mso2013MS_Word" = "1"
[HKCU\Software\systweak\ASO3\ScanStatusForLauncher\SysFileBackup]
"msg" = "Last backup taken on:Tue. October 21, 2014. 02:12 PM"
The process %original file name%.exe:228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Favorites" = "%Documents and Settings%\All Users\Favorites"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"NetHood" = "%Documents and Settings%\%current user%\NetHood"
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Common Files\Advanced System Optimizer]
"ASO3portable.exe" = "ASO3portable"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"PrintHood" = "%Documents and Settings%\%current user%\PrintHood"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools" = "%Documents and Settings%\All Users\Start Menu\Programs\Administrative Tools"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Templates" = "%Documents and Settings%\All Users\Templates"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Administrative Tools" = ""
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"SendTo" = "%Documents and Settings%\%current user%\SendTo"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 D1 7F 0D 2B F9 9A 32 8D 1D 7F 86 D9 1E 2B CD"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CD Burning" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\CD Burning"
"Recent" = "%Documents and Settings%\%current user%\Recent"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process ASO3portable.exe:644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC 07 42 E9 1A B9 4F AF 06 7E F2 8C 52 46 BC E7"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
Dropped PE files
| MD5 | File path |
|---|---|
| 5aaef929e3a558b37f6d1051e5601dc4 | c:\Program Files\Common Files\Advanced System Optimizer\ASO3portable.exe |
| b77141a7e264541e3d24fac13232bb48 | c:\Program Files\Common Files\Advanced System Optimizer\App\ASEng.dll |
| daac23be5dcf0c0421eacd9e49ec8da1 | c:\Program Files\Common Files\Advanced System Optimizer\App\ASO3.exe |
| 4e95dfb0e61d468f3ae1c8867547a001 | c:\Program Files\Common Files\Advanced System Optimizer\App\ASO3DefragSrv.exe |
| 644e03d595d83adbd23bf09c6ca9f06b | c:\Program Files\Common Files\Advanced System Optimizer\App\ASO3DefragSrv64.exe |
| 23f573befc557b61c66e682463ba4c5f | c:\Program Files\Common Files\Advanced System Optimizer\App\ASOHelper.dll |
| 44eb05fcfc115ad4e3e62951b3bca0a1 | c:\Program Files\Common Files\Advanced System Optimizer\App\AppResource.dll |
| c2faf254cc84d9046d6cd182a1612ff6 | c:\Program Files\Common Files\Advanced System Optimizer\App\AsInvoker.exe |
| 7ad0a2b5eedef906a920ad6184009b25 | c:\Program Files\Common Files\Advanced System Optimizer\App\BackupManager.exe |
| 3b177a43390f2818f2d9b313fcf15cab | c:\Program Files\Common Files\Advanced System Optimizer\App\BeforeUninstall.exe |
| 162515fbb69263bd123b419b7e8cfd1f | c:\Program Files\Common Files\Advanced System Optimizer\App\CheckUpdate.exe |
| 1353efe21ef7810bf5dff59624ee50d7 | c:\Program Files\Common Files\Advanced System Optimizer\App\DefragServiceManager.exe |
| 7644f527364fe352628b221f0c58131f | c:\Program Files\Common Files\Advanced System Optimizer\App\DiskDoctor.exe |
| 949ca435c3315f43def341fb971d5d2e | c:\Program Files\Common Files\Advanced System Optimizer\App\DiskExplorer.exe |
| 1e40b0580cd8e473396525c5db54f286 | c:\Program Files\Common Files\Advanced System Optimizer\App\DiskOptimizer.exe |
| 8fae0e1ff85f5e0151d50d32a9e977e0 | c:\Program Files\Common Files\Advanced System Optimizer\App\Downloader.dll |
| 6e7f1b9b84a980e6800da912ac1022b7 | c:\Program Files\Common Files\Advanced System Optimizer\App\DriverUpdater.exe |
| 704d3abd5b8a851c31071cdc551cb8ff | c:\Program Files\Common Files\Advanced System Optimizer\App\DuplicateFilesRemover.exe |
| 88ca1ba1d436a38e1c467f3180143e53 | c:\Program Files\Common Files\Advanced System Optimizer\App\GOHelper.exe |
| bb8bfd65b50a71143c7db630e0fc3326 | c:\Program Files\Common Files\Advanced System Optimizer\App\GameOptLauncher.exe |
| 00de2a32220d5b1e7045b5fb0e14d05f | c:\Program Files\Common Files\Advanced System Optimizer\App\GameOptLauncher64.exe |
| 1674545957e74382d5ee242e7e7aec8c | c:\Program Files\Common Files\Advanced System Optimizer\App\GameOptimizer.exe |
| 6773b1263f2f73f671a26872e8a27366 | c:\Program Files\Common Files\Advanced System Optimizer\App\HighestAvailable.exe |
| 19567cf3b5e386d4d82b216fe0bfb036 | c:\Program Files\Common Files\Advanced System Optimizer\App\HookDll.dll |
| d1c3b96e0d0df71d197d2a7c1bdf4cf4 | c:\Program Files\Common Files\Advanced System Optimizer\App\HookDll64.dll |
| 44cc83891dcee9cb4b5e813411e5f118 | c:\Program Files\Common Files\Advanced System Optimizer\App\Interop.IWshRuntimeLibrary.dll |
| 7c4798a1f682703e1ef5b6264f4fde4d | c:\Program Files\Common Files\Advanced System Optimizer\App\KillASOProcesses.exe |
| 2229324ce0374811ca64a19ee62f130b | c:\Program Files\Common Files\Advanced System Optimizer\App\MFC90ENU.dll |
| 4031c546092925f6f59448d7c8a5c663 | c:\Program Files\Common Files\Advanced System Optimizer\App\MemoryOptimizer.exe |
| c757150e058428e2a0757701930c223c | c:\Program Files\Common Files\Advanced System Optimizer\App\Microsoft.Win32.TaskScheduler.dll |
| a41c452bc2a72c6dccb00ab7188b91ed | c:\Program Files\Common Files\Advanced System Optimizer\App\Network.dll |
| c001999e8b902a67c0c850d84b8fd9cb | c:\Program Files\Common Files\Advanced System Optimizer\App\NewScheduler.exe |
| 504b39ada690135ad94f2e92fbc0132a | c:\Program Files\Common Files\Advanced System Optimizer\App\PCFixer.exe |
| 36b04c851aa990b1f17f5a5210c265fc | c:\Program Files\Common Files\Advanced System Optimizer\App\PTBWin7.exe |
| 1883e8b1030e0f57b779df42a951cbc6 | c:\Program Files\Common Files\Advanced System Optimizer\App\PrivacyProtector.exe |
| 17196301c272764aa7f888d6d0728151 | c:\Program Files\Common Files\Advanced System Optimizer\App\RegClean.exe |
| a4cf9afc61a959fec15e1fdb119a6475 | c:\Program Files\Common Files\Advanced System Optimizer\App\RegistryOptimizer.exe |
| 75b3a51cdddd8b021f086d66943b6c53 | c:\Program Files\Common Files\Advanced System Optimizer\App\RequireAdministrator.exe |
| 3e827530ae7537febfb60bab2aaf2517 | c:\Program Files\Common Files\Advanced System Optimizer\App\ScanDll.dll |
| 5df9dd071160fff20501650c3a3198ab | c:\Program Files\Common Files\Advanced System Optimizer\App\SecureDelete.exe |
| e469b61fcc60d4c170c4a009a8e2ef92 | c:\Program Files\Common Files\Advanced System Optimizer\App\SecureEncryptor.exe |
| 02b91c2a280387456645b7c5ff0961e9 | c:\Program Files\Common Files\Advanced System Optimizer\App\SecureShell.dll |
| 4c0309576b4f66ddeabc5759133b4d86 | c:\Program Files\Common Files\Advanced System Optimizer\App\SevenZipSharp.dll |
| d22b2d6b80e11bc475ba78a46b01bf54 | c:\Program Files\Common Files\Advanced System Optimizer\App\StartupManager.exe |
| e5b29497b56985eaa5de485ba0f87e2f | c:\Program Files\Common Files\Advanced System Optimizer\App\SysFileBakRes.exe |
| e515cf797dc351ed69bef2437a7f4d87 | c:\Program Files\Common Files\Advanced System Optimizer\App\System.Core.dll |
| 9892e0d72eedf3da1cdcfdac318d556c | c:\Program Files\Common Files\Advanced System Optimizer\App\System.Data.SQLite.dll |
| dbf9622d88860a3d3e37dd20461aee0f | c:\Program Files\Common Files\Advanced System Optimizer\App\SystemAnalyzerAndAdvisor.exe |
| b8a6ff6c7f654a66f6b602906ff9b338 | c:\Program Files\Common Files\Advanced System Optimizer\App\SystemCleaner.exe |
| 1b7387124beba02e51d858d37c0e77aa | c:\Program Files\Common Files\Advanced System Optimizer\App\SystemProtector.XmlSerializers.dll |
| 63edefd10b11e945192d4f16fe48d93f | c:\Program Files\Common Files\Advanced System Optimizer\App\SystemProtector.exe |
| 96b86ff7f590360b87beebb308176648 | c:\Program Files\Common Files\Advanced System Optimizer\App\Undelete.exe |
| 80c2684509659a30833838c6d26e2c31 | c:\Program Files\Common Files\Advanced System Optimizer\App\UndeleteDLL.dll |
| d40d63ac9eb6c2148e218e3ca25217eb | c:\Program Files\Common Files\Advanced System Optimizer\App\UninstallManager.exe |
| 6e92c0d44ed109e27f6e42c8a84bc5d5 | c:\Program Files\Common Files\Advanced System Optimizer\App\VolumeControl.exe |
| 2e5da0a8298f52a8bbc1e4a2d07ee9fd | c:\Program Files\Common Files\Advanced System Optimizer\App\VolumeControl64.exe |
| f3c6318caf18c3c5027981b426a33c4d | c:\Program Files\Common Files\Advanced System Optimizer\App\Xceed.Compression.Formats.dll |
| a35a326e2e52fe01c04fac9cf8f039d2 | c:\Program Files\Common Files\Advanced System Optimizer\App\Xceed.Compression.dll |
| 6d188ac513b2efffb766a0e181e46c16 | c:\Program Files\Common Files\Advanced System Optimizer\App\Xceed.FileSystem.dll |
| 5861f0dd9a6b14a4087c2cb66b731d49 | c:\Program Files\Common Files\Advanced System Optimizer\App\Xceed.Zip.dll |
| 318caf44f4d7b7389fb34e1f22d1d852 | c:\Program Files\Common Files\Advanced System Optimizer\App\XceedZip.dll |
| 465b126f56630d3877412c8bdc574414 | c:\Program Files\Common Files\Advanced System Optimizer\App\aso3sys.dll |
| 9f230a2b21b5546c359fbeb0a38867be | c:\Program Files\Common Files\Advanced System Optimizer\App\asodemo.exe |
| 335d3a3ea2c152cde9cf3da9259e8b92 | c:\Program Files\Common Files\Advanced System Optimizer\App\asohtm.dll |
| f5b3347a9cd0d4dfbd61766c9aad3cea | c:\Program Files\Common Files\Advanced System Optimizer\App\asores.dll |
| 1895b096ea98c81146d614e121190cbd | c:\Program Files\Common Files\Advanced System Optimizer\App\aspcomm.dll |
| 4a53ada608f1470960ee2ed7ed45dfad | c:\Program Files\Common Files\Advanced System Optimizer\App\aspsys.dll |
| 47857df83c1bd9755afd1c7f0ae65465 | c:\Program Files\Common Files\Advanced System Optimizer\App\atl90.dll |
| 0dc354c787e65d69ec3a19f8b53d8dd7 | c:\Program Files\Common Files\Advanced System Optimizer\App\clamunpack\clamscan.exe |
| 1063cd2d85acbe00210a0f65b5c13a4e | c:\Program Files\Common Files\Advanced System Optimizer\App\clamunpack\libclamav.dll |
| cf73c3a03582408d422d4f7a01190d00 | c:\Program Files\Common Files\Advanced System Optimizer\App\difxapi.dll |
| 1a2e5109c2bb5c68d499e17b83acb73a | c:\Program Files\Common Files\Advanced System Optimizer\App\difxapi64.dll |
| 39038bb09f1d41b731f77a51bf19f519 | c:\Program Files\Common Files\Advanced System Optimizer\App\launcher.exe |
| a76104d8d9aba3670fd3cea603d70ada | c:\Program Files\Common Files\Advanced System Optimizer\App\mfc90u.dll |
| 871f979d70414c900b35e56222932daf | c:\Program Files\Common Files\Advanced System Optimizer\App\msvcp90.dll |
| 4d03ca609e68f4c90cf66515218017f8 | c:\Program Files\Common Files\Advanced System Optimizer\App\msvcr90.dll |
| 0834bb938f243cd146b7e84e05526d81 | c:\Program Files\Common Files\Advanced System Optimizer\App\sqlite3.dll |
| 92040a0f7f7d7a3f1e12d8bb064cb3b2 | c:\Program Files\Common Files\Advanced System Optimizer\App\unrar.dll |
| f966b2dbba84704f916540b2446203a0 | c:\Program Files\Common Files\Advanced System Optimizer\App\updater\amd64Helper\DriverUpdateHelper64.exe |
| be0f2a1fa41d92db10a80c3c58b49a7a | c:\Program Files\Common Files\Advanced System Optimizer\App\updater\amd64\DriverRestore.exe |
| ca41d56630191e61565a343c59695ca1 | c:\Program Files\Common Files\Advanced System Optimizer\App\updater\extract\7z.dll |
| f7831ac853ec186059465b2f0aa2676d | c:\Program Files\Common Files\Advanced System Optimizer\App\updater\extract\7z.exe |
| 782cc17d6398f166d544674971957e7d | c:\Program Files\Common Files\Advanced System Optimizer\App\updater\vista\DriverRestore.exe |
| ca8a74818e1f0db034151b0e4baf61a0 | c:\Program Files\Common Files\Advanced System Optimizer\App\updater\win7amd64\DriverRestore.exe |
| 3f8150764229352837f1070d2dfc8cc3 | c:\Program Files\Common Files\Advanced System Optimizer\App\updater\win7i386\DriverRestore.exe |
| 73f5f937c9651f8388b31ad1dce63ddb | c:\Program Files\Common Files\Advanced System Optimizer\App\updater\xp\DriverRestore.exe |
| 2fae9f2a922e3fc5909fcf716aae61f2 | c:\Program Files\Common Files\Advanced System Optimizer\App\xmllite.dll |
| 98d9a8402f0eb75bbbf7f49fc36688b5 | c:\Program Files\Common Files\Advanced System Optimizer\App\zlibwapi.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
ASO3.exe:340
CheckUpdate.exe:516
schtasks.exe:1128
schtasks.exe:1364
regedit.exe:264
%original file name%.exe:228 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GDE3MT21\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CRMNWZYD\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GLSHOFWZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\6RMRY1S9\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Systweak\ASO3\Checking for Updates\AppUpdates\LatestVersion.htm (832 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SecureDelete.exe (10347 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\Report_header_leftText.jpg (14 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DiskOptimizer.exe (848 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Xceed.FileSystem.dll (584 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Microsoft.VC90.ATL.manifest (353 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\clamunpack\clamscan.exe (15 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\info.ico (1 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\RegClean.exe (11276 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\BackupManager.exe (18844 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SystemProtector.XmlSerializers.dll (45 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\MFC90ENU.dll (754 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DiskExplorer.exe (9732 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\sqlite3.dll (6101 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ASOHelper.dll (8600 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\GOHelper.exe (37 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\driveropt.ini (70 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Xceed.Zip.dll (1430 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\copying.txt (26 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\HookDll64.dll (395 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\VolumeControl64.exe (515 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\regclean.ini (82 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\RegistryOptimizer.exe (3599 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\sysfilebackres.ini (23 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\regopt.ini (12 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\7z.exe (267 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\vista\DriverRestore.manifest (682 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\amd64Helper\DriverUpdateHelper64.manifest (689 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\Report_header_top_middle.jpg (7 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\win7i386\DriverRestore.exe (84 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\startupman.ini (10 bytes)
%Program Files%\Common Files\Advanced System Optimizer\Portable1.reg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ScanDll.dll (64 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\amd64\DriverRestore.exe (1635 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\website.ico (1 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\secencrypt.ini (26 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\aso.ini (135 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\PTBWin7.exe (20 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\AsInvoker.exe (64 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\aspcomm.dll (2741 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\right_border.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\footer_middle.jpg (7 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\readme.txt (1 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\asodemo.exe (6577 bytes)
%Program Files%\Common Files\Advanced System Optimizer\Delete1.reg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\HookDll.dll (56 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Microsoft.VC90.MFCLOC.manifest (670 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\RequireAdministrator.exe (1846 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\BeforeUninstall.exe (13907 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\undelete.ini (28 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DriverUpdater.exe (8022 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\win7amd64\DriverRestore.manifest (682 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\aso3sys.dll (6771 bytes)
%Program Files%\Common Files\Advanced System Optimizer\Delete.reg (5 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\securedelete.ini (39 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SevenZipSharp.dll (1223 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\clamunpack\readme.txt (535 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ASEng.dll (1678 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\diskdoc.ini (32 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\atl90.dll (1395 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Advanced System Optimizer Help.url (432 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SystemCleaner.exe (17655 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\PrivacyProtector.exe (12628 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\vista\DriverRestore.exe (722 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DiskDoctor.exe (3123 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\GameOptLauncher64.exe (2512 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\XceedZip.dll (1468 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\xmllite.dll (861 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\Report_header_left_image.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\launcher.exe (47 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\backupman.ini (78 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\memopt.ini (12 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\win7i386\DriverRestore.manifest (682 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\aspsys.dll (1708 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\MemoryOptimizer.exe (2376 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\difxapi64.dll (4584 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\mfc90u.dll (34642 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\DiskOpt.ini (19 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\UndeleteDLL.dll (1415 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\HighestAvailable.exe (753 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SystemProtector.exe (38774 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\AppResource.dll (17986 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\VolumeControl.exe (49 bytes)
%Program Files%\Common Files\Advanced System Optimizer\ASO3portable.exe (697 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\asplangs\categories.ini (42 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ASO3DefragSrv64.exe (2241 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\database.dat (32 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ASO3DefragSrv.exe (3340 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\ASO3.exe (27333 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\sysadvisor.ini (104 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\GameOptLauncher.exe (1922 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\newscheduler.ini (8 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\license.txt (2 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\msvcp90.dll (7063 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\checkupdate.ini (12 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Systweak Software Website.url (245 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\single_click_care.ico (15 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\gameopt.ini (8 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\clamunpack\libclamav.dll (5447 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Microsoft.VC90.MFC.manifest (349 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Undelete.exe (2603 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\NewScheduler.exe (7142 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Interop.IWshRuntimeLibrary.dll (49 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\KillASOProcesses.exe (227 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\diskexplorer.ini (21 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\client.ini (65 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragServiceManager.exe (71 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\amd64\DriverRestore.manifest (682 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\difxapi.dll (3413 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\PCFixer.exe (6753 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Microsoft.Win32.TaskScheduler.dll (1929 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\pcfixer.ini (24 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\asores.dll (65453 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\sysclean.ini (52 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\xp\DriverRestore.exe (62 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\win7amd64\DriverRestore.exe (917 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\msvcr90.dll (3847 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\asplangs\eng_asp_en.ini (101 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Xceed.Compression.dll (552 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\dupfileremover.ini (28 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\rw.dat (7386 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\GameOptimizer.exe (1948 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Downloader.dll (1425 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SystemProtector.exe.config (4 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\System.Data.SQLite.dll (6225 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SecureShell.dll (5525 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\7z.dll (8067 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Network.dll (4748 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Buy Advanced System Optimizer.url (331 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\footer_right.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\categories.ini (42 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\line3px_Blue.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\CheckUpdate.exe (27994 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\Report_header_top_right.jpg (12 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\StartupManager.exe (1706 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SysFileBakRes.exe (4335 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\UninstallManager.ini (5 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\unrar.dll (1349 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Help.ico (1 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SecureEncryptor.exe (1854 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\extract\History.txt (29 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\System.Core.dll (8923 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\zlibwapi.dll (319 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\rw.ini (54 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Microsoft.VC90.CRT.manifest (391 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DuplicateFilesRemover.exe (460 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\updater\amd64Helper\DriverUpdateHelper64.exe (2221 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\asohtm.dll (3901 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Xceed.Compression.Formats.dll (1916 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\eng\privprotector.ini (44 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\footer_left.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\Portable.reg (14 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\DefragReport\left_border.jpg (11 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\UninstallManager.exe (692 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\Order.ico (1 bytes)
%Program Files%\Common Files\Advanced System Optimizer\App\SystemAnalyzerAndAdvisor.exe (5321 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: Vietnamese by ptk911
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 3.9.1111.16526
File Description: Advanced System Optimizer
Comments:
Language: English (United States)
Company Name: Vietnamese by ptk911Product Name: Product Version: Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: 3.9.1111.16526File Description: Advanced System Optimizer Comments: Language: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 86734 | 87040 | 4.60473 | 2e42313f3fc3e4989aab7b05c9410cfb |
| .rdata | 94208 | 14650 | 14848 | 3.94375 | 728782433047ac51db0416723bf6117d |
| .data | 110592 | 19564 | 2560 | 2.99063 | 78722c0b942b18d90bd9fea6bed3e5ba |
| .rsrc | 131072 | 7532 | 7680 | 3.21054 | 17cbc2a5d9e365b65e0b61b6737766d4 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://www.systweak.com/activationcheck/checkactivation.asp?ActivationKey=00JJY7-WTAY0J-K146RX-84C8TJ | 164.177.138.158 |
| hxxp://systweak.vo.llnwd.net/asoupdates/update.aspx?productname=aso¤tapplicationid=3.9.1111.16526¤tdbversionid=0®ver=1&machineid=768429272046948335&key=00JJY7-WTAY0J-K146RX-84C8TJ&username=&daysleft=0&cname=&TELNO=(855) 716-7030&TELNOFR= | |
| hxxp://updates3.systweak.com/asoupdates/update.aspx?productname=aso¤tapplicationid=3.9.1111.16526¤tdbversionid=0®ver=1&machineid=768429272046948335&key=00JJY7-WTAY0J-K146RX-84C8TJ&username=&daysleft=0&cname=&TELNO=(855) 716-7030&TELNOFR= | 87.248.217.253 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /asoupdates/update.aspx?productname=aso¤tapplicationid=3.9.1111.16526¤tdbversionid=0®ver=1&machineid=768429272046948335&key=00JJY7-WTAY0J-K146RX-84C8TJ&username=&daysleft=0&cname=&TELNO=(855) 716-7030&TELNOFR= HTTP/1.1
Accept: */*
Range: bytes=0-416
User-Agent: ISX Download DLL
Host: updates3.systweak.com
HTTP/1.1 206 Partial Content
Server: nginx/1.0.12
Date: Wed, 14 Jan 2015 14:10:53 GMT
Content-Type: application/octet-stream
Last-Modified: Tue, 16 Dec 2014 12:24:19 GMT
Accept-Ranges: bytes
X-Agile-Checksum: ee66ea91c242c9ae2edeb334317715c8dd73c3c69de8f10beba4e62dd4af1da0
Content-Range: bytes 0-415/416
Content-Length: 416
Connection: keep-alive
[Application]..PROGRAM_VERSION=3.9.1111.0..PROGRAM_URL=hXXp://cdn.systweak.com/asoupdates/updates/aso_updatestub.exe..PROGRAM_SIZE=627024..Open_Browser=0..Description=..Key=aso_updatestub.exe..Hash=757a290af9cd154fd5482a89fe8f3b3dde1ac726..IS_MANDATORY=0..TELNO=(855) 716-7030..TELNOFR=..[TELNOLIST]..1=(800) 871-7918:(855) 716-7030..2=(800) 983-7054:(855) 716-7030..3=(855) 765-6710:(855) 716-7030........HTTP/1.1 206 Partial Content..Server: nginx/1.0.12..Date: Wed, 14 Jan 2015 14:10:53 GMT..Content-Type: application/octet-stream..Last-Modified: Tue, 16 Dec 2014 12:24:19 GMT..Accept-Ranges: bytes..X-Agile-Checksum: ee66ea91c242c9ae2edeb334317715c8dd73c3c69de8f10beba4e62dd4af1da0..Content-Range: bytes 0-415/416..Content-Length: 416..Connection: keep-alive..[Application]..PROGRAM_VERSION=3.9.1111.0..PROGRAM_URL=hXXp://cdn.systweak.com/asoupdates/updates/aso_updatestub.exe..PROGRAM_SIZE=627024..Open_Browser=0..Description=..Key=aso_updatestub.exe..Hash=757a290af9cd154fd5482a89fe8f3b3dde1ac726..IS_MANDATORY=0..TELNO=(855) 716-7030..TELNOFR=..[TELNOLIST]..1=(800) 871-7918:(855) 716-7030..2=(800) 983-7054:(855) 716-7030..3=(855) 765-6710:(855) 716-7030..
<<< skipped >>>
HEAD /asoupdates/update.aspx?productname=aso¤tapplicationid=3.9.1111.16526¤tdbversionid=0®ver=1&machineid=768429272046948335&key=00JJY7-WTAY0J-K146RX-84C8TJ&username=&daysleft=0&cname=&TELNO=(855) 716-7030&TELNOFR= HTTP/1.1
Accept: */*
User-Agent: ISX Download DLL
Host: updates3.systweak.com
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.0.12
Date: Wed, 14 Jan 2015 14:10:53 GMT
Content-Type: application/octet-stream
Last-Modified: Tue, 16 Dec 2014 12:24:19 GMT
Accept-Ranges: bytes
X-Agile-Checksum: ee66ea91c242c9ae2edeb334317715c8dd73c3c69de8f10beba4e62dd4af1da0
Content-Length: 416
Connection: keep-alive
HEAD /activationcheck/checkactivation.asp?ActivationKey=00JJY7-WTAY0J-K146RX-84C8TJ HTTP/1.1
Accept: */*
User-Agent: ISX Download DLL
Host: VVV.systweak.com
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDCSBDRBRA=PEAODGMCBPLNLIFMBBDOMMOB; path=/
X-Powered-By: ASP.NET
Date: Wed, 14 Jan 2015 14:10:32 GMT
....
GET /activationcheck/checkactivation.asp?ActivationKey=00JJY7-WTAY0J-K146RX-84C8TJ HTTP/1.1
Accept: */*
User-Agent: ISX Download DLL
Host: VVV.systweak.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDCSBDRBRA=PEAODGMCBPLNLIFMBBDOMMOB
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 14 Jan 2015 14:10:32 GMT
HTTP/1.1 200 OK..Cache-Control: private..Content-Length: 0..Content-Type: text/html..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Date: Wed, 14 Jan 2015 14:10:32 GMT..
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_228:
!Require Windows
!Require Windows
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
PSSSSSSh
PSSSSSSh
ttNt_Nt.Nt
ttNt_Nt.Nt
:Language:%u
:Language:%u
Enter password:
Enter password:
0xx
0xx
"%s".
"%s".
Could not overwrite file "%s".
Could not overwrite file "%s".
Could not create file "%s".
Could not create file "%s".
0xX.
0xX.
7-Zip: Internal error, code 0xX.
7-Zip: Internal error, code 0xX.
7-Zip: Internal error, code %u.
7-Zip: Internal error, code %u.
The archive is corrupted, or invalid password was entered.
The archive is corrupted, or invalid password was entered.
7-Zip: Unsupported method.
7-Zip: Unsupported method.
Error during execution "%s".
Error during execution "%s".
"setup.exe"
"setup.exe"
Could not find "setup.exe".
Could not find "setup.exe".
Could not find command for "%s".
Could not find command for "%s".
Could not delete file or folder "%s".
Could not delete file or folder "%s".
Could not create folder "%s".
Could not create folder "%s".
Error in line %d of configuration data:
Error in line %d of configuration data:
Could not open archive file "%s".
Could not open archive file "%s".
1.6.0 develop [x86]
1.6.0 develop [x86]
2712 (30
2712 (30
1.6.0 develop [x86] build 2712 (December 30, 2012)
1.6.0 develop [x86] build 2712 (December 30, 2012)
Supported methods and filters, build options:
Supported methods and filters, build options:
Sorry, this program requires Microsoft Windows 2000 or later.
Sorry, this program requires Microsoft Windows 2000 or later.
COMCTL32.dll
COMCTL32.dll
ShellExecuteExW
ShellExecuteExW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
GDI32.dll
GDI32.dll
ADVAPI32.dll
ADVAPI32.dll
GetKeyState
GetKeyState
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExW
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
CreateIoCompletionPort
CreateIoCompletionPort
KERNEL32.dll
KERNEL32.dll
MSVCRT.dll
MSVCRT.dll
_acmdln
_acmdln
1/*7;8**7
1/*7;8**7
X%cX%c
X%cX%c
SfxString%d
SfxString%d
SfxFolderd
SfxFolderd
PasswordTitle
PasswordTitle
PasswordText
PasswordText
%X - X - X - X - X
%X - X - X - X - X
7ZSfxx.cmd
7ZSfxx.cmd
setup.exe
setup.exe
7ZipSfx.x
7ZipSfx.x
SfxVarCmdLine1
SfxVarCmdLine1
SfxVarCmdLine2
SfxVarCmdLine2
SfxVarCmdLine0
SfxVarCmdLine0
@ (%d%s)
@ (%d%s)
3.9.1111.16526
3.9.1111.16526
ASO3portable.exe_644:
`.rsrc
`.rsrc
N{B%d
N{B%d
SSShh
SSShh
PSSh$
PSSh$
HHt8Ht.Ht
HHt8Ht.Ht
tUHt5Ht.Ht
tUHt5Ht.Ht
!"""#$#$%&'()*(
!"""#$#$%&'()*(
support for \P, \p, and \X has not been compiled
support for \P, \p, and \X has not been compiled
PCRE does not support \L, \l, \N, \U, or \u
PCRE does not support \L, \l, \N, \U, or \u
this version of PCRE is not compiled with PCRE_UTF8 support
this version of PCRE is not compiled with PCRE_UTF8 support
POSIX collating elements are not supported
POSIX collating elements are not supported
erroffset passed as NULL
erroffset passed as NULL
POSIX named classes are supported only within a class
POSIX named classes are supported only within a class
operand of unlimited repeat could match the empty string
operand of unlimited repeat could match the empty string
mscoree.dll
mscoree.dll
- This application cannot run using the active version of the Microsoft .NET Runtime
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
Please contact the application's support team for more information.
internal state. The program cannot safely continue execution and must
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
continue execution and must now be terminated.
GetProcessWindowStation
GetProcessWindowStation
/AutoIt3ExecuteScript
/AutoIt3ExecuteScript
/AutoIt3ExecuteLine
/AutoIt3ExecuteLine
CmdLine
CmdLine
CmdLineRaw
CmdLineRaw
user32.dll
user32.dll
%d/d/d
%d/d/d
kernel32.dll
kernel32.dll
AutoIt script files (*.au3, *.a3x)
AutoIt script files (*.au3, *.a3x)
*.au3;*.a3x
*.au3;*.a3x
All files (*.*)
All files (*.*)
ASC 0%d
ASC 0%d
APPSKEY
APPSKEY
Psapi.dll
Psapi.dll
0.0.0.0
0.0.0.0
%u.%u.%u.%u
%u.%u.%u.%u
04090000
04090000
Line %d (File "%s"):
Line %d (File "%s"):
Line %d:
Line %d:
%s (%d) : ==> %s.:
%s (%d) : ==> %s.:
%s (%d) : ==> %s:
%s (%d) : ==> %s:
FMddddd
FMddddd
URLDOWNLOADTOFILE
URLDOWNLOADTOFILE
UDPSTARTUP
UDPSTARTUP
UDPSHUTDOWN
UDPSHUTDOWN
UDPSEND
UDPSEND
UDPRECV
UDPRECV
UDPOPEN
UDPOPEN
UDPCLOSESOCKET
UDPCLOSESOCKET
UDPBIND
UDPBIND
TRAYGETMSG
TRAYGETMSG
TCPSTARTUP
TCPSTARTUP
TCPSHUTDOWN
TCPSHUTDOWN
TCPSEND
TCPSEND
TCPRECV
TCPRECV
TCPNAMETOIP
TCPNAMETOIP
TCPLISTEN
TCPLISTEN
TCPCONNECT
TCPCONNECT
TCPCLOSESOCKET
TCPCLOSESOCKET
TCPACCEPT
TCPACCEPT
SHELLEXECUTEWAIT
SHELLEXECUTEWAIT
SHELLEXECUTE
SHELLEXECUTE
REGENUMKEY
REGENUMKEY
MSGBOX
MSGBOX
ISKEYWORD
ISKEYWORD
HTTPSETPROXY
HTTPSETPROXY
HOTKEYSET
HOTKEYSET
GUIREGISTERMSG
GUIREGISTERMSG
GUIGETMSG
GUIGETMSG
GUICTRLSENDMSG
GUICTRLSENDMSG
GUICTRLRECVMSG
GUICTRLRECVMSG
FTPSETPROXY
FTPSETPROXY
shell32.dll
shell32.dll
\??\%s
\??\%s
GUI_RUNDEFMSG
GUI_RUNDEFMSG
ICMP.DLL
ICMP.DLL
InternetCrackUrlA
InternetCrackUrlA
FtpGetFileSize
FtpGetFileSize
FtpOpenFileA
FtpOpenFileA
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
InternetOpenUrlA
InternetOpenUrlA
Wininet.dll
Wininet.dll
AutoItCallVariable%d
AutoItCallVariable%d
TCPTimeout
TCPTimeout
SendKeyDownDelay
SendKeyDownDelay
SendKeyDelay
SendKeyDelay
FtpBinaryMode
FtpBinaryMode
Incorrect Object type in FOR..IN loop
Incorrect Object type in FOR..IN loop
Null Object assignment in FOR..IN loop
Null Object assignment in FOR..IN loop
AutoIt.Error
AutoIt.Error
3, 2, 2, 0
3, 2, 2, 0
.DEFAULT\Control Panel\Desktop\ResourceLocale
.DEFAULT\Control Panel\Desktop\ResourceLocale
WIN32_WINDOWS
WIN32_WINDOWS
UNKN%d
UNKN%d
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
SOFTWARE\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion
HOTKEYPRESSED
HOTKEYPRESSED
AUTOITEXE
AUTOITEXE
WINDOWSDIR
WINDOWSDIR
Advapi32.dll
Advapi32.dll
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
Use directly Windows handle
Use directly Windows handle
zcÃ
zcÃ
%Program Files%\Common Files\Advanced System Optimizer\ASO3portable.exe
%Program Files%\Common Files\Advanced System Optimizer\ASO3portable.exe
e /s Delete.reg
e /s Delete.reg
GetWindowsDirectoryA
GetWindowsDirectoryA
CreatePipe
CreatePipe
PeekNamedPipe
PeekNamedPipe
GetCPInfo
GetCPInfo
RegDeleteKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegEnumKeyExA
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
SetViewportOrgEx
SetViewportOrgEx
SHFileOperationA
SHFileOperationA
ShellExecuteA
ShellExecuteA
ShellExecuteExA
ShellExecuteExA
RegisterHotKey
RegisterHotKey
EnumWindows
EnumWindows
GetAsyncKeyState
GetAsyncKeyState
GetKeyState
GetKeyState
UnregisterHotKey
UnregisterHotKey
ExitWindowsEx
ExitWindowsEx
EnumThreadWindows
EnumThreadWindows
SetKeyboardState
SetKeyboardState
GetKeyboardState
GetKeyboardState
keybd_event
keybd_event
VkKeyScanA
VkKeyScanA
GetKeyboardLayoutNameA
GetKeyboardLayoutNameA
MapVirtualKeyA
MapVirtualKeyA
EnumChildWindows
EnumChildWindows
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
|P/'.hzyBzie
|P/'.hzyBzie
U@UdPFL
U@UdPFL
86-146
86-146
-./012345678
-./012345678
!"#$%&'()*
!"#$%&'()*
version="3.0.0.0"
version="3.0.0.0"
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
comdlg32.dll
comdlg32.dll
GDI32.dll
GDI32.dll
MPR.dll
MPR.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHELL32.dll
SHELL32.dll
USER32.dll
USER32.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
WSOCK32.dll
WSOCK32.dll
Missing operator in expression."Unbalanced brackets in expression.
Missing operator in expression."Unbalanced brackets in expression.
0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.)Array variable subscript badly formatted.'Subscript used with non-Array variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.DNo variable given for "Dim", "Local", "Global" or "Const" statement.
0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.)Array variable subscript badly formatted.'Subscript used with non-Array variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.DNo variable given for "Dim", "Local", "Global" or "Const" statement.
0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.
0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.
Unknown macro.'Unable to execute the external program.*Unable to get a list of running processes.
Unknown macro.'Unable to execute the external program.*Unable to get a list of running processes.
Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.
Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.
!Badly formated variable or macro.3This keyword cannot be used after a "Then" keyword.>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword.
!Badly formated variable or macro.3This keyword cannot be used after a "Then" keyword.>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword.
"Cannot assign values to constants..Cannot make existing variables into constants.:Only Object-type variables allowed in an "With" statement.
"Cannot assign values to constants..Cannot make existing variables into constants.:Only Object-type variables allowed in an "With" statement.
HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.
HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.
Unable to execute DLLCall.
Unable to execute DLLCall.
ASO3portable.exe_644_rwx_00401000_0007E000:
SSShh
SSShh
PSSh$
PSSh$
HHt8Ht.Ht
HHt8Ht.Ht
tUHt5Ht.Ht
tUHt5Ht.Ht
!"""#$#$%&'()*(
!"""#$#$%&'()*(
support for \P, \p, and \X has not been compiled
support for \P, \p, and \X has not been compiled
PCRE does not support \L, \l, \N, \U, or \u
PCRE does not support \L, \l, \N, \U, or \u
this version of PCRE is not compiled with PCRE_UTF8 support
this version of PCRE is not compiled with PCRE_UTF8 support
POSIX collating elements are not supported
POSIX collating elements are not supported
erroffset passed as NULL
erroffset passed as NULL
POSIX named classes are supported only within a class
POSIX named classes are supported only within a class
operand of unlimited repeat could match the empty string
operand of unlimited repeat could match the empty string
mscoree.dll
mscoree.dll
- This application cannot run using the active version of the Microsoft .NET Runtime
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
Please contact the application's support team for more information.
internal state. The program cannot safely continue execution and must
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
continue execution and must now be terminated.
GetProcessWindowStation
GetProcessWindowStation
/AutoIt3ExecuteScript
/AutoIt3ExecuteScript
/AutoIt3ExecuteLine
/AutoIt3ExecuteLine
CmdLine
CmdLine
CmdLineRaw
CmdLineRaw
user32.dll
user32.dll
%d/d/d
%d/d/d
kernel32.dll
kernel32.dll
AutoIt script files (*.au3, *.a3x)
AutoIt script files (*.au3, *.a3x)
*.au3;*.a3x
*.au3;*.a3x
All files (*.*)
All files (*.*)
ASC 0%d
ASC 0%d
APPSKEY
APPSKEY
Psapi.dll
Psapi.dll
0.0.0.0
0.0.0.0
%u.%u.%u.%u
%u.%u.%u.%u
04090000
04090000
Line %d (File "%s"):
Line %d (File "%s"):
Line %d:
Line %d:
%s (%d) : ==> %s.:
%s (%d) : ==> %s.:
%s (%d) : ==> %s:
%s (%d) : ==> %s:
FMddddd
FMddddd
URLDOWNLOADTOFILE
URLDOWNLOADTOFILE
UDPSTARTUP
UDPSTARTUP
UDPSHUTDOWN
UDPSHUTDOWN
UDPSEND
UDPSEND
UDPRECV
UDPRECV
UDPOPEN
UDPOPEN
UDPCLOSESOCKET
UDPCLOSESOCKET
UDPBIND
UDPBIND
TRAYGETMSG
TRAYGETMSG
TCPSTARTUP
TCPSTARTUP
TCPSHUTDOWN
TCPSHUTDOWN
TCPSEND
TCPSEND
TCPRECV
TCPRECV
TCPNAMETOIP
TCPNAMETOIP
TCPLISTEN
TCPLISTEN
TCPCONNECT
TCPCONNECT
TCPCLOSESOCKET
TCPCLOSESOCKET
TCPACCEPT
TCPACCEPT
SHELLEXECUTEWAIT
SHELLEXECUTEWAIT
SHELLEXECUTE
SHELLEXECUTE
REGENUMKEY
REGENUMKEY
MSGBOX
MSGBOX
ISKEYWORD
ISKEYWORD
HTTPSETPROXY
HTTPSETPROXY
HOTKEYSET
HOTKEYSET
GUIREGISTERMSG
GUIREGISTERMSG
GUIGETMSG
GUIGETMSG
GUICTRLSENDMSG
GUICTRLSENDMSG
GUICTRLRECVMSG
GUICTRLRECVMSG
FTPSETPROXY
FTPSETPROXY
shell32.dll
shell32.dll
\??\%s
\??\%s
GUI_RUNDEFMSG
GUI_RUNDEFMSG
ICMP.DLL
ICMP.DLL
InternetCrackUrlA
InternetCrackUrlA
FtpGetFileSize
FtpGetFileSize
FtpOpenFileA
FtpOpenFileA
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
InternetOpenUrlA
InternetOpenUrlA
Wininet.dll
Wininet.dll
AutoItCallVariable%d
AutoItCallVariable%d
TCPTimeout
TCPTimeout
SendKeyDownDelay
SendKeyDownDelay
SendKeyDelay
SendKeyDelay
FtpBinaryMode
FtpBinaryMode
Incorrect Object type in FOR..IN loop
Incorrect Object type in FOR..IN loop
Null Object assignment in FOR..IN loop
Null Object assignment in FOR..IN loop
AutoIt.Error
AutoIt.Error
3, 2, 2, 0
3, 2, 2, 0
.DEFAULT\Control Panel\Desktop\ResourceLocale
.DEFAULT\Control Panel\Desktop\ResourceLocale
WIN32_WINDOWS
WIN32_WINDOWS
UNKN%d
UNKN%d
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
SOFTWARE\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion
HOTKEYPRESSED
HOTKEYPRESSED
AUTOITEXE
AUTOITEXE
WINDOWSDIR
WINDOWSDIR
Advapi32.dll
Advapi32.dll
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
Use directly Windows handle
Use directly Windows handle
zcÃ
zcÃ
%Program Files%\Common Files\Advanced System Optimizer\ASO3portable.exe
%Program Files%\Common Files\Advanced System Optimizer\ASO3portable.exe
e /s Delete.reg
e /s Delete.reg
GetWindowsDirectoryA
GetWindowsDirectoryA
CreatePipe
CreatePipe
PeekNamedPipe
PeekNamedPipe
GetCPInfo
GetCPInfo
RegDeleteKeyA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegEnumKeyExA
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
SetViewportOrgEx
SetViewportOrgEx
SHFileOperationA
SHFileOperationA
ShellExecuteA
ShellExecuteA
ShellExecuteExA
ShellExecuteExA
RegisterHotKey
RegisterHotKey
EnumWindows
EnumWindows
GetAsyncKeyState
GetAsyncKeyState
GetKeyState
GetKeyState
UnregisterHotKey
UnregisterHotKey
ExitWindowsEx
ExitWindowsEx
EnumThreadWindows
EnumThreadWindows
SetKeyboardState
SetKeyboardState
GetKeyboardState
GetKeyboardState
keybd_event
keybd_event
VkKeyScanA
VkKeyScanA
GetKeyboardLayoutNameA
GetKeyboardLayoutNameA
MapVirtualKeyA
MapVirtualKeyA
EnumChildWindows
EnumChildWindows
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
Missing operator in expression."Unbalanced brackets in expression.
Missing operator in expression."Unbalanced brackets in expression.
0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.)Array variable subscript badly formatted.'Subscript used with non-Array variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.DNo variable given for "Dim", "Local", "Global" or "Const" statement.
0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.)Array variable subscript badly formatted.'Subscript used with non-Array variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.DNo variable given for "Dim", "Local", "Global" or "Const" statement.
0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.
0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.
Unknown macro.'Unable to execute the external program.*Unable to get a list of running processes.
Unknown macro.'Unable to execute the external program.*Unable to get a list of running processes.
Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.
Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.
!Badly formated variable or macro.3This keyword cannot be used after a "Then" keyword.>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword.
!Badly formated variable or macro.3This keyword cannot be used after a "Then" keyword.>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword.
"Cannot assign values to constants..Cannot make existing variables into constants.:Only Object-type variables allowed in an "With" statement.
"Cannot assign values to constants..Cannot make existing variables into constants.:Only Object-type variables allowed in an "With" statement.
HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.
HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.
Unable to execute DLLCall.
Unable to execute DLLCall.
ASO3.exe_340:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
t.Ht#
t.Ht#
t.Ht$
t.Ht$
SSShX
SSShX
{969BB502-2ABB-40c4-BF80-F1530EFEB273}
{969BB502-2ABB-40c4-BF80-F1530EFEB273}
%ls : Caption:%ls size: %d GB
%ls : Caption:%ls size: %d GB
D:\MyProjects\ASO3Rebrandings\ASO3Stable_INI_Logrus\core\bin\Win32\Release\ASO3.pdb
D:\MyProjects\ASO3Rebrandings\ASO3Stable_INI_Logrus\core\bin\Win32\Release\ASO3.pdb
?GetThisMessageMap@CDlgLeftSideChild@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CDlgLeftSideChild@@KGPBUAFX_MSGMAP@@XZ
?GetCurSelLang@@YA?AW4ASO_SUPPORTED_LANG@@XZ
?GetCurSelLang@@YA?AW4ASO_SUPPORTED_LANG@@XZ
?LoadStringW@CSystweakApp@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W0@Z
?LoadStringW@CSystweakApp@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W0@Z
?GetTextWidthAndHeightSingleLineLF@@YAHPAVCWnd@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAUtagLOGFONTW@@H@Z
?GetTextWidthAndHeightSingleLineLF@@YAHPAVCWnd@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAUtagLOGFONTW@@H@Z
?LoadBitmapW@CHoverButton@@QAE_NIIIVCSize@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?LoadBitmapW@CHoverButton@@QAE_NIIIVCSize@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ReturnAppFont@CSystweakApp@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?ReturnAppFont@CSystweakApp@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?PreTranslateMessage@CDlgBaseWnd@@UAEHPAUtagMSG@@@Z
?PreTranslateMessage@CDlgBaseWnd@@UAEHPAUtagMSG@@@Z
??0CRegistry@@QAE@ABQAUHKEY__@@@Z
??0CRegistry@@QAE@ABQAUHKEY__@@@Z
?Open@CRegistry@@QAEHPAUHKEY__@@PB_W_N@Z
?Open@CRegistry@@QAEHPAUHKEY__@@PB_W_N@Z
?GetScanStatusASP@CSystweakApp@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAK0_N1@Z
?GetScanStatusASP@CSystweakApp@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAK0_N1@Z
?GetScanStatus@CSystweakApp@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@IAAK_N1@Z
?GetScanStatus@CSystweakApp@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@IAAK_N1@Z
?GetSystweakAppKey@@YAPB_WXZ
?GetSystweakAppKey@@YAPB_WXZ
?STPathAppend@@YA?AW4PCO_ERROR_CODES@@AAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV23@@Z
?STPathAppend@@YA?AW4PCO_ERROR_CODES@@AAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV23@@Z
?ReadString@CRegistry@@QAEHPB_WAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ReadString@CRegistry@@QAEHPB_WAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetTextWidthAndHeightSingleLine@@YAHPAVCWnd@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAVCFont@@H@Z
?GetTextWidthAndHeightSingleLine@@YAHPAVCWnd@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAVCFont@@H@Z
?InitButton@CLauncherProgBtns@@QAE_NIPAUHINSTANCE__@@HV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@1W4BTN_RIGHT_SIDE_STATE@1@1@Z
?InitButton@CLauncherProgBtns@@QAE_NIPAUHINSTANCE__@@HV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@1W4BTN_RIGHT_SIDE_STATE@1@1@Z
?GetApplicationEXEName@@YAPB_WH@Z
?GetApplicationEXEName@@YAPB_WH@Z
?m_CurLoggedUser@CSystweakApp@@2W4CUR_LOGGED_IN_USER_RIGHTS@@A
?m_CurLoggedUser@CSystweakApp@@2W4CUR_LOGGED_IN_USER_RIGHTS@@A
?LoadStringW@CSystweakApp@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PBD@Z
?LoadStringW@CSystweakApp@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PBD@Z
?GetRegAppPath@CSystweakApp@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetRegAppPath@CSystweakApp@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?RestartSelfAsAdmin@CSystweakApp@@QAE_NV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N@Z
?RestartSelfAsAdmin@CSystweakApp@@QAE_NV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N@Z
?IsApplicationRunning@CSystweakApp@@QAE_NV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@K_N@Z
?IsApplicationRunning@CSystweakApp@@QAE_NV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@K_N@Z
?KillApplication@CSystweakApp@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?KillApplication@CSystweakApp@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetProductNAME@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetProductNAME@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetCompanyNAME@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetCompanyNAME@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?STStartWebsite@@YAXXZ
?STStartWebsite@@YAXXZ
?STOnlinehelpandsupport@@YAXPB_W@Z
?STOnlinehelpandsupport@@YAXPB_W@Z
?ShowEnterKeyDlg@CSystweakApp@@SAXPAVCDialog@@PAVCRect@@@Z
?ShowEnterKeyDlg@CSystweakApp@@SAXPAVCDialog@@PAVCRect@@@Z
?GetThisMessageMap@CDlgBaseWnd@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CDlgBaseWnd@@KGPBUAFX_MSGMAP@@XZ
?ReturnSystweakRegKey@@YAXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ReturnSystweakRegKey@@YAXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?STLoadStringFromMainINI@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W0@Z
?STLoadStringFromMainINI@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W0@Z
?AddRemoveItemToStringArray@CSystweakApp@@QAEXAAVCStringArray@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N@Z
?AddRemoveItemToStringArray@CSystweakApp@@QAEXAAVCStringArray@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N@Z
?GetAppPath@@YAPB_WPAUHINSTANCE__@@AAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetAppPath@@YAPB_WPAUHINSTANCE__@@AAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ShellExecuteW@CDlgBaseWnd@@SAPAUHINSTANCE__@@PAUHWND__@@PB_W111H@Z
?ShellExecuteW@CDlgBaseWnd@@SAPAUHINSTANCE__@@PAUHWND__@@PB_W111H@Z
?ShowShutDownDlg@CSystweakApp@@SAXPAVCDialog@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAVCRect@@_N@Z
?ShowShutDownDlg@CSystweakApp@@SAXPAVCDialog@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAVCRect@@_N@Z
?CreateRestorePoint@CSystweakApp@@QAE_NV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?CreateRestorePoint@CSystweakApp@@QAE_NV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetAppProgramName@CSystweakApp@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetAppProgramName@CSystweakApp@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?ClearSpcExeNameArray@CSystweakApp@@QAEXXZ
?ClearSpcExeNameArray@CSystweakApp@@QAEXXZ
?GetThisMessageMap@CDlgBaseChildPopUpWndBase@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CDlgBaseChildPopUpWndBase@@KGPBUAFX_MSGMAP@@XZ
?m_strRegID@CSystweakApp@@2V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@A
?m_strRegID@CSystweakApp@@2V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@A
?SetAnimationIcons@CXTTrayIcon@@UAE_NPBIHPBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetAnimationIcons@CXTTrayIcon@@UAE_NPBIHPBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?strDemoCommandlineArgument@CDlgMainWnd@@2V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@A
?strDemoCommandlineArgument@CDlgMainWnd@@2V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@A
?OnDllMenuReportFeedback@CDlgMainWnd@@QAEXXZ
?OnDllMenuReportFeedback@CDlgMainWnd@@QAEXXZ
?GetThisMessageMap@CDlgMainWnd@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CDlgMainWnd@@KGPBUAFX_MSGMAP@@XZ
?GetSystemDrive@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetSystemDrive@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?LoadStringW@CSystweakApp@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@I@Z
?LoadStringW@CSystweakApp@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@I@Z
?CheckKeyStatus@CDlgMainWnd@@SAXXZ
?CheckKeyStatus@CDlgMainWnd@@SAXXZ
?StartCheckForUpdateWithCmdArgs@CDlgBaseWnd@@SAHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?StartCheckForUpdateWithCmdArgs@CDlgBaseWnd@@SAHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetSupportPhoneNumber@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetSupportPhoneNumber@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetSupportPhoneNumberFR@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetSupportPhoneNumberFR@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetMessageMap@CXTTrayIcon@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CXTTrayIcon@@MBEPBUAFX_MSGMAP@@XZ
?SetAnimationIcons@CXTTrayIcon@@UAEXPBIPBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?SetAnimationIcons@CXTTrayIcon@@UAEXPBIPBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?GetProduct_ABBERIVATED_NAME@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetProduct_ABBERIVATED_NAME@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetThisMessageMap@CSystweakApp@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CSystweakApp@@KGPBUAFX_MSGMAP@@XZ
?m_ExeName@CDlgMainWnd@@2V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@A
?m_ExeName@CDlgMainWnd@@2V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@A
?m_ProgramName@CSystweakApp@@1V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@A
?m_ProgramName@CSystweakApp@@1V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@A
?ShellExecuteW@CSystweakApp@@SAPAUHINSTANCE__@@PAUHWND__@@PB_W111H@Z
?ShellExecuteW@CSystweakApp@@SAPAUHINSTANCE__@@PAUHWND__@@PB_W111H@Z
?GetAppExePath@CSystweakApp@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetAppExePath@CSystweakApp@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?STGetPublishedURL@@YA_NAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V12@@Z
?STGetPublishedURL@@YA_NAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V12@@Z
?RegWriteStringInRegistry@@YA_NPAUHKEY__@@PB_W11@Z
?RegWriteStringInRegistry@@YA_NPAUHKEY__@@PB_W11@Z
?STGetExecutablePath@@YAHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?STGetExecutablePath@@YAHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?copy_CString_to_TCHAR@@YAXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAPA_W@Z
?copy_CString_to_TCHAR@@YAXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAPA_W@Z
ASOHelper.dll
ASOHelper.dll
mfc90u.dll
mfc90u.dll
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
MSVCR90.dll
MSVCR90.dll
_crt_debugger_hook
_crt_debugger_hook
KERNEL32.dll
KERNEL32.dll
GetAsyncKeyState
GetAsyncKeyState
ExitWindowsEx
ExitWindowsEx
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCreateKeyExW
RegCreateKeyExW
RegCloseKey
RegCloseKey
RegOpenKeyW
RegOpenKeyW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
COMCTL32.dll
COMCTL32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
gdiplus.dll
gdiplus.dll
MSVCP90.dll
MSVCP90.dll
RPCRT4.dll
RPCRT4.dll
GetProcessHeap
GetProcessHeap
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.PAVCException@@
.PAVCException@@
.?AVCWebPage@@
.?AVCWebPage@@
&%%! # "
&%%! # "
76.15555
76.15555
---77888
---77888
1/*7;8**7
1/*7;8**7
=.-0
=.-0
64;*%),/
64;*%),/
88/DECJKKJJJIIIHHHHHHHHHIIIIIIIIIIIIIIIJJJJJJIIIIIIIIIIIIIIIKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKJJJKKKKKKLLLLLLLLLKKKKKKKKKKKKLLLLLLKKKKKKLLLLLLLLLMMMLLLLLLLLLLLLLLLMMMMMMMMMMMMMMMMMMMMMMMMNNNPPPPPPPPPPPPPPPPPPPPPPPPQQQQQQRSSHHC
88/DECJKKJJJIIIHHHHHHHHHIIIIIIIIIIIIIIIJJJJJJIIIIIIIIIIIIIIIKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKJJJKKKKKKLLLLLLLLLKKKKKKKKKKKKLLLLLLKKKKKKLLLLLLLLLMMMLLLLLLLLLLLLLLLMMMMMMMMMMMMMMMMMMMMMMMMNNNPPPPPPPPPPPPPPPPPPPPPPPPQQQQQQRSSHHC
==7KMMKLLJKKIJJGHH?A>99254*31&75,992??<9376.76.ab>&&
&<9376.76.ab>&&
<:-:8>
<:-:8>
<:.wzyaa6>
<:.wzyaa6>
&&
&&