Trojan.Win32.Autoit.bhd (Kaspersky), Trojan.Autoit.Agent.EZ (AdAware), Backdoor.Win32.Fynloski.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, BackdoorFynloski.YR, GenericDownloader.YR, GenericInjector.YR, TrojanDownloaderAndromeda.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan, Backdoor, VirTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 5553f3c235e4b9845647a5b79c4fa1f6
SHA1: 7f7fbde406028906fff0b5c43cc39ad654d36def
SHA256: ffe1726d5e600a61d375e8a2dec5d5d37bea4100e0162754889277251e2d2084
SSDeep: 49152:rJZoQrbTFZY1ia9YGA0ddUtgg8oNc3ycp/wn:rtrbTA16eddOF8lp/G
Size: 1849123 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Firseria
Created at: 2012-01-29 23:32:28
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
tb2323xt.exe:1748
mscorsvw.exe:172
%original file name%.exe:1784
%original file name%.exe:1720
scvhost.exe:1872
The Trojan injects its code into the following process(es):
tb2323xt.exe:924
scvhost.exe:320
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process tb2323xt.exe:924 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I929QL0X\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\URM7CBUB\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CRQZ8ZQX\ga[1].js (2107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9YXQNK1\loader[1].htm (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@xconsoles[1].txt (1614 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9YXQNK1\swfobject_modified[1].js (6822 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\URM7CBUB\us_usbv2[1].htm (1639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CRQZ8ZQX\usbv2[1].jpg (1242 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (3892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@x360usb[2].txt (1095 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9YXQNK1\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CRQZ8ZQX\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I929QL0X\projectf[1].htm (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I929QL0X\projectf[2].htm (277 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@x360usb[1].txt (918 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@xconsoles[2].txt (1799 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130212 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021320130214\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021320130214 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021520130216\index.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@x360usb[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@xconsoles[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130212\index.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@x360usb[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021520130216 (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@xconsoles[2].txt (0 bytes)
The process %original file name%.exe:1784 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\m549576.png (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tb2323xt.exe (7337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autB5.tmp (7185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autB4.tmp (3929 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\autB5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autB4.tmp (0 bytes)
The process %original file name%.exe:1720 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\vhost\scvhost.exe (13122 bytes)
Registry activity
The process tb2323xt.exe:1748 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 34 13 78 87 FD 52 B7 6B 63 F6 BD 7C C7 CE E3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
The process tb2323xt.exe:924 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014080120140802]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014080120140802\"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014080120140802]
"CacheOptions" = "11"
"CacheRepair" = "0"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\BurnerMax]
"auto" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014080120140802]
"CacheLimit" = "8192"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 13 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D2 20 AA F1 8F C6 E3 48 42 83 30 C6 6F 04 31 AE"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014080120140802]
"CachePrefix" = ":2014080120140802:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021120130212]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021520130216]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021320130214]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process mscorsvw.exe:172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "1260000"
The process %original file name%.exe:1784 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "58 24 09 51 08 82 0E 53 24 1D 58 0B 47 57 64 ED"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"tb2323xt.exe" = "BurnerMAX Payload Tool"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process %original file name%.exe:1720 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "56 10 3E 7A 95 D5 53 DC B2 D6 3C D5 1B 45 B3 1F"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\vhost]
"scvhost.exe" = "scvhost"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan adds the reference to itself to be executed when a user logs on:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe,C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\vhost\scvhost.exe"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Svchost" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\vhost\scvhost.exe"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The process scvhost.exe:320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 BC 8F A1 39 A9 BD D3 13 1F 21 5D 27 B9 CC CA"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process scvhost.exe:1872 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1F 5F B5 BF 5F 0E F5 B1 96 CF EC 8D 40 48 3B 1C"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Dropped PE files
MD5 | File path |
---|---|
9d92961c39c2e630a7e43bed7ac6c9a4 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\tb2323xt.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
tb2323xt.exe:1748
mscorsvw.exe:172
%original file name%.exe:1784
%original file name%.exe:1720
scvhost.exe:1872 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I929QL0X\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\URM7CBUB\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CRQZ8ZQX\ga[1].js (2107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9YXQNK1\loader[1].htm (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@xconsoles[1].txt (1614 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9YXQNK1\swfobject_modified[1].js (6822 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\URM7CBUB\us_usbv2[1].htm (1639 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CRQZ8ZQX\usbv2[1].jpg (1242 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (3892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@x360usb[2].txt (1095 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9YXQNK1\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CRQZ8ZQX\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I929QL0X\projectf[1].htm (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I929QL0X\projectf[2].htm (277 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@x360usb[1].txt (918 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@xconsoles[2].txt (1799 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\m549576.png (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tb2323xt.exe (7337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autB5.tmp (7185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autB4.tmp (3929 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vhost\scvhost.exe (13122 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Svchost" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\vhost\scvhost.exe" - Remove the references to the Trojan by modifying the following registry value(s) (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe,C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\vhost\scvhost.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 3, 3, 8, 1
File Description:
Comments:
Language: English (United Kingdom)
Company Name: Product Name: Product Version: Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: 3, 3, 8, 1File Description: Comments: Language: English (United Kingdom)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 525852 | 526336 | 4.63347 | 61ffce4768976fa0dd2a8f6a97b1417a |
.rdata | 532480 | 57280 | 57344 | 3.32693 | 0354bc5f2376b5e9a4a3ba38b682dff1 |
.data | 589824 | 108376 | 26624 | 1.49032 | 8033f5a38941b4685bc2299e78f31221 |
.rsrc | 700416 | 95568 | 95744 | 3.11661 | 6913d765bead9712b63ba495a63b8bd5 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://xconsoles.com/app/loader.html | |
hxxp://userlocation.com/swadharma/projectf.js?pcode=UL02a0e47a4afc46f3ad7feaa4e458f5af | |
hxxp://www-google-analytics.l.google.com/ga.js | |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.5.3&utms=1&utmn=194608661&utmhn=www.xconsoles.com&utmcs=utf-8&utmsr=1024x768&utmvp=482x150&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=GEO LOCATOR&utmhid=976439038&utmr=-&utmp=/app/loader.html&utmht=1406892444448&utmac=UA-13041870-4&utmcc=__utma=43369132.180759635.1406892444.1406892444.1406892444.1;+__utmz=43369132.1406892444.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=D~ | |
hxxp://x360usb.com/app/us_usbv2.html | 87.98.252.138 |
hxxp://x360usb.com/app/Scripts/swfobject_modified.js | 87.98.252.138 |
hxxp://userlocation.com/swadharma/projectf.js?pcode=UL65975a141c0b22a72105ce1a664b39b5 | |
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.5.3&utms=1&utmn=977061144&utmhn=www.x360usb.com&utmcs=utf-8&utmsr=1024x768&utmvp=498x150&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Sponsor&utmhid=1806500170&utmr=-&utmp=/app/us_usbv2.html&utmht=1406892445792&utmac=UA-13041870-2&utmcc=__utma=140599483.509102869.1406892446.1406892446.1406892446.1;+__utmz=140599483.1406892446.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=D~ | |
hxxp://x360usb.com/app/usbv2.jpg | 87.98.252.138 |
hxxp://www.userlocation.com/swadharma/projectf.js?pcode=UL65975a141c0b22a72105ce1a664b39b5 | 74.220.222.239 |
hxxp://www.xconsoles.com/app/loader.html | 46.246.94.116 |
hxxp://www.userlocation.com/swadharma/projectf.js?pcode=UL02a0e47a4afc46f3ad7feaa4e458f5af | 74.220.222.239 |
hxxp://www.x360usb.com/app/Scripts/swfobject_modified.js | 87.98.252.138 |
hxxp://www.x360usb.com/app/us_usbv2.html | 87.98.252.138 |
hxxp://www.x360usb.com/app/usbv2.jpg | 87.98.252.138 |
hxxp://www.google-analytics.com/ga.js | 173.194.43.32 |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.5.3&utms=1&utmn=194608661&utmhn=www.xconsoles.com&utmcs=utf-8&utmsr=1024x768&utmvp=482x150&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=GEO LOCATOR&utmhid=976439038&utmr=-&utmp=/app/loader.html&utmht=1406892444448&utmac=UA-13041870-4&utmcc=__utma=43369132.180759635.1406892444.1406892444.1406892444.1;+__utmz=43369132.1406892444.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=D~ | 173.194.43.32 |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.5.3&utms=1&utmn=977061144&utmhn=www.x360usb.com&utmcs=utf-8&utmsr=1024x768&utmvp=498x150&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Sponsor&utmhid=1806500170&utmr=-&utmp=/app/us_usbv2.html&utmht=1406892445792&utmac=UA-13041870-2&utmcc=__utma=140599483.509102869.1406892446.1406892446.1406892446.1;+__utmz=140599483.1406892446.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=D~ | 173.194.43.32 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /app/us_usbv2.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.x360usb.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 01 Aug 2014 16:25:31 GMT
Server: Apache/2.4.10 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Last-Modified: Wed, 23 May 2012 08:18:59 GMT
ETag: "4601c0-667-4c0afc97c02c0"
Accept-Ranges: bytes
Content-Length: 1639
Connection: close
Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org/1999/xhtml">.<META HTTP-EQUIV="Content-Type" content="text/html; charset=UTF-8" />.<META HTTP-EQUIV="Expires" CONTENT="-1">.<META HTTP-EQUIV="Pragma" CONTENT="no-cache">.<head>.<title>Sponsor</title>.<script src="Scripts/swfobject_modified.js" type="text/javascript"></script>.<!--//User Location Script: begin...//-->.<script type="text/javascript" src="hXXp://VVV.userlocation.com/swadharma/projectf.js?pcode=UL65975a141c0b22a72105ce1a664b39b5"> </script>.<!--//... User Location Script: end.//-->.<STYLE>.BODY {..border-style:none;.}.</STYLE>.</head>.<BODY TOPMARGIN="0" LEFTMARGIN="0" SCROLL="no">.<body>..<script type="text/javascript">...var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "hXXp://VVV.");...document.write(unescape(""));..</script>.<script type="text/javascript">...try {....var pageTracker = _gat._getTracker("UA-13041870-2");....pageTracker._trackPageview();...}...catch(err) {}..</script>. .. <!-- The browser displays static advert if no Flash in IE -->. <div> <a href="hXXp://VVV.xconsoles.com/products/xecuter-x360usbpro-v2.html" target="_blank". .onClick="java
<<
<<< skipped >>>
GET /app/usbv2.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.x360usb.com/app/us_usbv2.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.x360usb.com
Connection: Keep-Alive
Cookie: __utma=140599483.509102869.1406892446.1406892446.1406892446.1; __utmb=140599483.1.10.1406892446; __utmc=140599483; __utmz=140599483.1406892446.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
HTTP/1.1 200 OK
Date: Fri, 01 Aug 2014 16:25:32 GMT
Server: Apache/2.4.10 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Last-Modified: Wed, 23 May 2012 08:19:00 GMT
ETag: "4601cb-34ad-4c0afc98b4500"
Accept-Ranges: bytes
Content-Length: 13485
Connection: close
Content-Type: image/jpeg
......JFIF.....`.`.....4Exif..II*.......1...............Adobe ImageReady.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...%...I.i.'.V.N .....B....)d..'Z.4.k...*.[.M.3Y.M. S.f$.URk..,.x8..N.F8.NYq....Y..`.......:II.Y.M.sS4..S.A.Z..=.0. ..9..l....z.~AS.........F...R...\.....I...D[.#T,k.w-Qj....*x4..'.n..ul...%.a.:..2...R.$...Y2:..6.Z....Zv.......h..9. %bG68....Z.39*Q......Y3N'"...9lC*...<U..Vd.k)..M)...1M.5bh.r*.....z......4f.........Hh..HCM.R.H.4.m>...wL.^q..v....y.8......V.......6.ReMV4I..u.........@i1.h.%.#.RQ.3....3Hi)...KL...,:.n.\.!i)(.....s.....f.4..n.v..L.sE!.Z)(...?:(.....I ...&*.......5)..<..k>i..M:i.SY.I..]..us..Vq.*.l.j68..%E$.)...Qm../Z..|..y9#5Fg..k...z.ab.2.N..g......[=.B......)Y.&j......<...4g.0..m....<.MR.z.mYI.t..F...H..mN.E...fO.......RG!...NG.5w..:..#...R.).MA......t......ee.c...Q.[Fg.J64I.TM..$..2.i..k..J."`...j..YJ'U)..F)3R...'.....%..4RQ....i(..aE...4.....%!.....4..JE....IH..Ph.bf.R.f..........Q@..Fi.P..Hi3FqH,.i)7Q...E&h.
<<
<<< skipped >>>
GET /ga.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.xconsoles.com/app/loader.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 01 Aug 2014 06:07:03 GMT
Expires: Fri, 01 Aug 2014 18:07:03 GMT
Last-Modified: Tue, 17 Jun 2014 01:05:58 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15810
Age: 37104
Cache-Control: public, max-age=43200
Alternate-Protocol: 80:quic
...........}kW.:..w~....c...pk..f..-mii..%...e9..q.........$[NB.s.Y.........h43v..Pd.d.z..|..y ."........(..a.B........1..Tf..K.L2....~...ep...&y....MS...t9.....&..2... .Q.N.(o....8..q..L.!...a..0...$.pX..N&..a. ..zB:l.8c9.p.....;l..x.$c.]BP\.....B...&..*pz.H.~......g...Ap..!....K......V;l.H.....V.a.....s.$p....5.39...a.a7P'9.b.[H>N.$..A..... ..^..;h.h...2l_......w9..d.@.`...N.....|....%.d.%........{.....&.A.I..:....F.;..c..{P*..~..JzP.Kl...F..y.U8(&.......}.BH@..ZC...Ty. u.Y...!..R.h.F..`./>5...*{P..(..:A.}..v.} ..u...k......w\..d....he.q..U.u..yE..J.Re.....Y.2!.J.a..i^R....p..LG4.d.6U..........E..%..5.kz<....[..!2o.tV.V.....|..p7o..?N&..].o>.|...../..a.\...vL3].._....q.....C.].JG..\.[9...hp....w.Y^1..>..`..Q..!w0.U..}x.;^.......w.I................R..aQ2R..<..%....A%|.E...j...L..j..\.\.D.<.g....^Y)...L.*D........2....-..%F.T..j..,F...C.....m_.$..2..2.g...B.{.....\c......*5..c..J.{@...Q.....j..........E..Z...#>.....>...g{...t.....i1..Yk..@m..v.Cf..)..7.....(.......$\.S.......>......a..r..N. ........o;>...A..>...U...J'.....X....B.q..E....()..3. .... A".uss.;.......W.....k-..zF.\`Qp?........\d..a..A.1....5......Z.H...M"tf.GM. .X[.YU...T.._.lH......n@=1.5N....?Z...V>&."..Q$.....&.sS..Kq....].UySz=..3..$."....".'.Iar\Y.WVt\....;k..h._.O..b...2....G=H9@...v0l)2!..xD7...T..Di.v.RC`.m.8.\....J....h..uss.....p..)..O3.W....5....k...y.`^ ....&1..f"..D.w.}.;D:d.F....p#... ......d...T..iU7n.;-hh..T..^P....U.....>...T..m.^..fM....>..>d..Q..!....P1......7L...[.........;.>_W.
<<
<<< skipped >>>
GET /__utm.gif?utmwv=5.5.3&utms=1&utmn=194608661&utmhn=VVV.xconsoles.com&utmcs=utf-8&utmsr=1024x768&utmvp=482x150&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=GEO LOCATOR&utmhid=976439038&utmr=-&utmp=/app/loader.html&utmht=1406892444448&utmac=UA-13041870-4&utmcc=__utma=43369132.180759635.1406892444.1406892444.1406892444.1;+__utmz=43369132.1406892444.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=D~ HTTP/1.1
Accept: */*
Referer: hXXp://VVV.xconsoles.com/app/loader.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 31 Jul 2014 06:07:04 GMT
Server: Golfe2
Content-Length: 35
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Age: 123504
Alternate-Protocol: 80:quic
GIF89a.............,...........D..;....
GET /__utm.gif?utmwv=5.5.3&utms=1&utmn=977061144&utmhn=VVV.x360usb.com&utmcs=utf-8&utmsr=1024x768&utmvp=498x150&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Sponsor&utmhid=1806500170&utmr=-&utmp=/app/us_usbv2.html&utmht=1406892445792&utmac=UA-13041870-2&utmcc=__utma=140599483.509102869.1406892446.1406892446.1406892446.1;+__utmz=140599483.1406892446.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=D~ HTTP/1.1
Accept: */*
Referer: hXXp://VVV.x360usb.com/app/us_usbv2.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 31 Jul 2014 06:07:04 GMT
Server: Golfe2
Content-Length: 35
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Age: 123505
Alternate-Protocol: 80:quic
GIF89a.............,...........D..;..
GET /app/loader.html HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.xconsoles.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Aug 2014 16:22:48 GMT
Content-Type: text/html
Content-Length: 765
Connection: keep-alive
Last-Modified: Wed, 19 Jun 2013 01:06:29 GMT
ETag: "543ce0-bc3-4df7770896f40-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: bytes
...........V[O.@.~...8......w.A..].V...D..P...t..1......d..M.fN.9....m...;.......0..u.;.....;..;......B.....P...!.0.{..D.h..$I..n....%...jiq.4.R..J...f.8....V.....-.....i...........:<.,....1.t...ds........&..sb."........@......X..................0..4h.....`1t9%.X.....}.a......a.."..T.s....,..DL.X2S=...I.....J...(.....y .#.]f...MRe... c......3f.4Xckw.E...M..z....j.,ts.M....N.>t.....l.EHk...Z....j.W.-.tOb..7q....t=. ..X.....j...h%Sr....B......`..!D....R...d.,d....h........l.....q... ..>H...k.(o..%.wJ..u[...T.TQ...~j....Q evD.c...;5..F....c2..h.6j.j...S5....R.9..b.".>K....VR........OK.>...A_..#.g..9J.W......[.^.3...T.?.....r%........Nb6VM.'9.oWg.&..D......~....9......*...5$6.W.#.(..uQHva.N..C.,...0...C*.>u.E!]..B.u.B..6....!......7.W>v.c.7_n..ce?.-....*.......
GET /swadharma/projectf.js?pcode=UL02a0e47a4afc46f3ad7feaa4e458f5af HTTP/1.1
Accept: */*
Referer: hXXp://VVV.xconsoles.com/app/loader.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.userlocation.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 01 Aug 2014 16:25:27 GMT
Server: Apache
Cache-Control: max-age=1209600
Expires: Fri, 15 Aug 2014 16:25:27 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2949
Keep-Alive: timeout=10, max=500
Connection: Keep-Alive
Content-Type: text/html
...........X.s........A.Lm.....Y...t..9.;q2.E..e..([.....[2v.2.>..\.....,..z..N.j.S.{..{~o^..e.....o.t\..#L..f...2...q..^6......h..J..E99........r.e..rql..t...M...,..G....5-.q.....~N..!..W..).B89.2.d..s3..!.....9.....T.-....J..e,g'.`s..P...~=/.............,./.Ge...3].......L. .?...........8.G.a..}............k.2.~.....g.,/.....v^../.'S......x.G..c~T.D.'...y..y=0....;..Lm..t..^...k.o..'...:.5.,.z/.q.:. 5...`.!..x[g...F.w.......2.:.....?m...w..v.....O..1........?....=<..).B..P=E[........^.n.W.e.O.#....:......6.{._?....z..6z L}k...B.....#.}`..p.~..z......;.\.5..3..-....6.E.X....>...y...H.....q.B...u..N.......poB...M.......o.3..Y_Q,}.k......*....^.....|...5>....&...DFA8..G...V..u.....lI...!4..8K..@T....../....0.Mk.[E|~.I...`W..fI.i.h_).Sd.T.Z...u.e{{.(..<x.I.3..A....U..);d..s..Kl./t......7#X........J./..R..-~JP.?......t$'.il_{...vN......l{...6Rd.....%."...%...J..j.>.........U........[........n$.....(..![...~.T..R ...L.l.cB..^..bn.#.d..g.g.&}.3.o.&}.3...I.$.T...c...s....g....6.....}............X.aO..h.k>..c7.=..v/...RMv...&.M..=.......Hi.b=6{mo......OeZ.1"vh...#.............) ..o......bo.....o....R....2m......%.>q..........-...g.b..}.#.."3 ..Bu9a|..9......k..;......Aq.qW....,.3.1>P.d<W..h.@..s.G...#...c.r.88.*...%..U...x!|......)q.#....q..(J..Vm.?..'{S....pw.2...../T....B..{.|<..G...3..*.....&..{........]h.&.....7.U..;L..<..L...M...A..'...T]...YvA......6 .]...YuA8.. .]...........X.....B......P.. D..b.Znd.L..H.h.....gL.................|.9...@d...u.(@....H$..']$8KHx...%d.........g..
<<
<<< skipped >>>
GET /swadharma/projectf.js?pcode=UL65975a141c0b22a72105ce1a664b39b5 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.x360usb.com/app/us_usbv2.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.userlocation.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 01 Aug 2014 16:25:29 GMT
Server: Apache
Cache-Control: max-age=1209600
Expires: Fri, 15 Aug 2014 16:25:29 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2949
Keep-Alive: timeout=10, max=499
Connection: Keep-Alive
Content-Type: text/html
...........X.s........A.Lm.....Y...t..9.;q2.E..e..([.....[2v.2.>..\.....,..z..N.j.S.{..{~o^..e.....o.t\..#L..f...2...q..^6......h..J..E99........r.e..rql...X.......( ...X...c..,..w.9....L.....Y"....W.L..na..=...!.z..<.j.e.W.Y........l._..v<...E...Z......{..e.E.....~..z_.r........a5.....|v..g.h6,../<..|......u}.OF./.....l...v..}.......d....}..O.H.|....h.D}.5..1............O....k?W|......T?Sg.F..E.e1NVg....}..7$..o..........v..WZ._........O...?....4....?f...w;v;...\.....=E[(....h.5.}..oZ. .-......b..?.R..X....F{.......Yo_.F...omaTX..X=.}D..l....o.[/....~vg.....w.V........(.......C.:..".ipA_.3n\(.|..p.)}...u...M.>...2...9...u..:. ...cm..A..@ep~.....z..O..............(..{.H.~..........-...=.F{.gI......X.`.EW.[...i.x...o4.5|.....,.8... %q....T..@.N.loo.%....4)v..5(....J.?e...{..b.m....R..!.f. ..6C..7C).%XR.W..O...g..|......5..k..x.....{.r.m..!.F.......dW$...$..Z.[W..g..W......j...1...s 4.;|.Y[..D.......4d .`...*1Tj.6.....tL.~. .S.-t...].L......&..../~&=.7......7r...x.U.w.,.6.....}]...12RZ....... 1..B..`...c....]..%.tT...6.........7.....).Z..f....7.....L "F..-..q...=...4.....1e%......Y.V.-...0.....[.x..Z....7W....'n.^.W..X.6.....lWL4./v..Td...R..'./.?g.....q.Rz...^q.>(.0.*!....x.<......J.....Bq..Hq.q.W2~.@N...W.!x....*.u./....R.=2%N`....#NQ.E.O..-.'..do.......U..s5....}.RC.W.o..'}...cb.CS...:...?b..8...73..M..8b...F...e.)..G...9...b6 .3.......b7 ......wA......5 .....p.....=.r........8..@....!...~....PL@.........-7R........3ws..=`b.......<g.a..L..................g.......L.... .....".......2N@..
<<
<<< skipped >>>
GET /app/Scripts/swfobject_modified.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.x360usb.com/app/us_usbv2.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.x360usb.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 01 Aug 2014 16:25:31 GMT
Server: Apache/2.4.10 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Last-Modified: Tue, 08 Mar 2011 11:19:02 GMT
ETag: "4601bb-575d-49df6c788f580"
Accept-Ranges: bytes
Content-Length: 22365
Connection: close
Content-Type: application/javascript
/*!.SWFObject v2.0 <hXXp://code.google.com/p/swfobject/>...Copyright (c) 2007 Geoff Stearns, Michael Williams, and Bobby van der Sluis...This software is released under the MIT License <hXXp://VVV.opensource.org/licenses/mit-license.php>..*/..var swfobject = function() {......var UNDEF = "undefined",....OBJECT = "object",....SHOCKWAVE_FLASH = "Shockwave Flash",....SHOCKWAVE_FLASH_AX = "ShockwaveFlash.ShockwaveFlash",....FLASH_MIME_TYPE = "application/x-shockwave-flash",....EXPRESS_INSTALL_ID = "SWFObjectExprInst",........win = window,....doc = document,....nav = navigator,........domLoadFnArr = [],....regObjArr = [],....timer = null,....storedAltContent = null,....storedAltContentId = null,....isDomLoaded = false,....isExpressInstallActive = false;....../* Centralized function for browser feature detection....- Proprietary feature detection (conditional compiling) is used to detect Internet Explorer's features....- User agent string detection is only used when no alternative is possible....- Is executed directly for optimal performance...*/....var ua = function() {....var w3cdom = typeof doc.getElementById != UNDEF && typeof doc.getElementsByTagName != UNDEF && typeof doc.createElement != UNDEF && typeof doc.appendChild != UNDEF && typeof doc.replaceChild != UNDEF && typeof doc.removeChild != UNDEF && typeof doc.cloneNode != UNDEF,.....playerVersion = [0,0,0],.....d = null;....if (typeof nav.plugins != UNDEF && typeof nav.plugins[SHOCKWAVE_FLASH] == OBJECT) {.....d = nav.plugins[SHOCKWAVE_FLASH].des
<<
<<< skipped >>>
GET /app/us_usbv2.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: x360usb.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Fri, 01 Aug 2014 16:25:31 GMT
Server: Apache/2.4.10 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Location: hXXp://VVV.x360usb.com/app/us_usbv2.html
Content-Length: 248
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="hXXp://VVV.x360usb.com/app/us_usbv2.html">here</a>.</p>.</body></html>...
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
tb2323xt.exe_924:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
B.odata
B.odata
{94374E65-3577-4fde-ABBD-4E943E70E8E8}
{94374E65-3577-4fde-ABBD-4E943E70E8E8}
WindowsForms10.Window.8.app4
WindowsForms10.Window.8.app4
WindowsForms10.Window.8.app.0.378734a
WindowsForms10.Window.8.app.0.378734a
notepad.exe
notepad.exe
X:
X:
\\.\%c:
\\.\%c:
("Unexpected return from _amsg_exit",FALSE)
("Unexpected return from _amsg_exit",FALSE)
Load failed due to incompatible .NET Runtime version
Load failed due to incompatible .NET Runtime version
mscoree.dll
mscoree.dll
%s(%d) : %s
%s(%d) : %s
_CrtDbgReport: String too long or IO Error
_CrtDbgReport: String too long or IO Error
Second Chance Assertion Failed: File %s, Line %d
Second Chance Assertion Failed: File %s, Line %d
user32.dll
user32.dll
Debug %s!
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s
Program: %s%s%s%s%s%s%s%s%s%s%s
kernel32.dll
kernel32.dll
- This application cannot run using the active version of the Microsoft .NET Runtime
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
Please contact the application's support team for more information.
Client hook allocation failure at file %hs line %d.
Client hook allocation failure at file %hs line %d.
_CrtCheckMemory()
_CrtCheckMemory()
_CrtIsValidHeapPointer(pUserData)
_CrtIsValidHeapPointer(pUserData)
Client hook re-allocation failure at file %hs line %d.
Client hook re-allocation failure at file %hs line %d.
DAMAGE: after %hs block (#%d) at 0x%p.
DAMAGE: after %hs block (#%d) at 0x%p.
DAMAGE: before %hs block (#%d) at 0x%p.
DAMAGE: before %hs block (#%d) at 0x%p.
%hs allocated at file %hs(%d).
%hs allocated at file %hs(%d).
_CrtMemCheckPoint: NULL state pointer.
_CrtMemCheckPoint: NULL state pointer.
_CrtMemDifference: NULL state pointer.
_CrtMemDifference: NULL state pointer.
crt block at 0x%p, subtype %x, %Iu bytes long.
crt block at 0x%p, subtype %x, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
%hs(%d) :
%hs(%d) :
#File Error#(%d) :
#File Error#(%d) :
Data: <%s> %s
Data: <%s> %s
f:\vs70builds\3077\vc\crtbld\crt\src\sprintf.c
f:\vs70builds\3077\vc\crtbld\crt\src\sprintf.c
f:\vs70builds\3077\vc\crtbld\crt\src\vsprintf.c
f:\vs70builds\3077\vc\crtbld\crt\src\vsprintf.c
GetProcessWindowStation
GetProcessWindowStation
internal state. The program cannot safely continue execution and must
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
continue execution and must now be terminated.
("Invalid MBCS character sequence passed to strftime",0)
("Invalid MBCS character sequence passed to strftime",0)
("Zero length output buffer passed to strftime",0)
("Zero length output buffer passed to strftime",0)
("Invalid MBCS character sequence passed into strftime",0)
("Invalid MBCS character sequence passed into strftime",0)
portuguese-brazilian
portuguese-brazilian
convrtcp.c
convrtcp.c
`.rsrc
`.rsrc
v1.1.4322
v1.1.4322
IWebBrowser
IWebBrowser
DWebBrowserEvents
DWebBrowserEvents
IWebBrowserApp
IWebBrowserApp
IWebBrowser2
IWebBrowser2
OLECMDID
OLECMDID
OLECMDF
OLECMDF
OLECMDEXECOPT
OLECMDEXECOPT
DWebBrowserEvents2
DWebBrowserEvents2
WebBrowser_V1Class
WebBrowser_V1Class
DWebBrowserEvents2_Event
DWebBrowserEvents2_Event
DWebBrowserEvents2_StatusTextChangeEventHandler
DWebBrowserEvents2_StatusTextChangeEventHandler
DWebBrowserEvents2_ProgressChangeEventHandler
DWebBrowserEvents2_ProgressChangeEventHandler
DWebBrowserEvents2_CommandStateChangeEventHandler
DWebBrowserEvents2_CommandStateChangeEventHandler
DWebBrowserEvents2_DownloadBeginEventHandler
DWebBrowserEvents2_DownloadBeginEventHandler
DWebBrowserEvents2_DownloadCompleteEventHandler
DWebBrowserEvents2_DownloadCompleteEventHandler
DWebBrowserEvents2_TitleChangeEventHandler
DWebBrowserEvents2_TitleChangeEventHandler
DWebBrowserEvents2_PropertyChangeEventHandler
DWebBrowserEvents2_PropertyChangeEventHandler
DWebBrowserEvents2_BeforeNavigate2EventHandler
DWebBrowserEvents2_BeforeNavigate2EventHandler
DWebBrowserEvents2_NewWindow2EventHandler
DWebBrowserEvents2_NewWindow2EventHandler
DWebBrowserEvents2_NavigateComplete2EventHandler
DWebBrowserEvents2_NavigateComplete2EventHandler
DWebBrowserEvents2_DocumentCompleteEventHandler
DWebBrowserEvents2_DocumentCompleteEventHandler
DWebBrowserEvents2_OnQuitEventHandler
DWebBrowserEvents2_OnQuitEventHandler
DWebBrowserEvents2_OnVisibleEventHandler
DWebBrowserEvents2_OnVisibleEventHandler
DWebBrowserEvents2_OnToolBarEventHandler
DWebBrowserEvents2_OnToolBarEventHandler
DWebBrowserEvents2_OnMenuBarEventHandler
DWebBrowserEvents2_OnMenuBarEventHandler
DWebBrowserEvents2_OnStatusBarEventHandler
DWebBrowserEvents2_OnStatusBarEventHandler
DWebBrowserEvents2_OnFullScreenEventHandler
DWebBrowserEvents2_OnFullScreenEventHandler
DWebBrowserEvents2_OnTheaterModeEventHandler
DWebBrowserEvents2_OnTheaterModeEventHandler
DWebBrowserEvents2_WindowSetResizableEventHandler
DWebBrowserEvents2_WindowSetResizableEventHandler
DWebBrowserEvents2_WindowSetLeftEventHandler
DWebBrowserEvents2_WindowSetLeftEventHandler
DWebBrowserEvents2_WindowSetTopEventHandler
DWebBrowserEvents2_WindowSetTopEventHandler
DWebBrowserEvents2_WindowSetWidthEventHandler
DWebBrowserEvents2_WindowSetWidthEventHandler
DWebBrowserEvents2_WindowSetHeightEventHandler
DWebBrowserEvents2_WindowSetHeightEventHandler
DWebBrowserEvents2_WindowClosingEventHandler
DWebBrowserEvents2_WindowClosingEventHandler
DWebBrowserEvents2_ClientToHostWindowEventHandler
DWebBrowserEvents2_ClientToHostWindowEventHandler
DWebBrowserEvents2_SetSecureLockIconEventHandler
DWebBrowserEvents2_SetSecureLockIconEventHandler
DWebBrowserEvents2_FileDownloadEventHandler
DWebBrowserEvents2_FileDownloadEventHandler
DWebBrowserEvents2_NavigateErrorEventHandler
DWebBrowserEvents2_NavigateErrorEventHandler
DWebBrowserEvents2_PrintTemplateInstantiationEventHandler
DWebBrowserEvents2_PrintTemplateInstantiationEventHandler
DWebBrowserEvents2_PrintTemplateTeardownEventHandler
DWebBrowserEvents2_PrintTemplateTeardownEventHandler
DWebBrowserEvents2_UpdatePageStatusEventHandler
DWebBrowserEvents2_UpdatePageStatusEventHandler
DWebBrowserEvents2_PrivacyImpactedStateChangeEventHandler
DWebBrowserEvents2_PrivacyImpactedStateChangeEventHandler
DWebBrowserEvents2_NewWindow3EventHandler
DWebBrowserEvents2_NewWindow3EventHandler
DWebBrowserEvents_Event
DWebBrowserEvents_Event
DWebBrowserEvents_BeforeNavigateEventHandler
DWebBrowserEvents_BeforeNavigateEventHandler
DWebBrowserEvents_NavigateCompleteEventHandler
DWebBrowserEvents_NavigateCompleteEventHandler
DWebBrowserEvents_StatusTextChangeEventHandler
DWebBrowserEvents_StatusTextChangeEventHandler
DWebBrowserEvents_ProgressChangeEventHandler
DWebBrowserEvents_ProgressChangeEventHandler
DWebBrowserEvents_DownloadCompleteEventHandler
DWebBrowserEvents_DownloadCompleteEventHandler
DWebBrowserEvents_CommandStateChangeEventHandler
DWebBrowserEvents_CommandStateChangeEventHandler
DWebBrowserEvents_DownloadBeginEventHandler
DWebBrowserEvents_DownloadBeginEventHandler
DWebBrowserEvents_NewWindowEventHandler
DWebBrowserEvents_NewWindowEventHandler
DWebBrowserEvents_TitleChangeEventHandler
DWebBrowserEvents_TitleChangeEventHandler
DWebBrowserEvents_FrameBeforeNavigateEventHandler
DWebBrowserEvents_FrameBeforeNavigateEventHandler
DWebBrowserEvents_FrameNavigateCompleteEventHandler
DWebBrowserEvents_FrameNavigateCompleteEventHandler
DWebBrowserEvents_FrameNewWindowEventHandler
DWebBrowserEvents_FrameNewWindowEventHandler
DWebBrowserEvents_QuitEventHandler
DWebBrowserEvents_QuitEventHandler
DWebBrowserEvents_WindowMoveEventHandler
DWebBrowserEvents_WindowMoveEventHandler
DWebBrowserEvents_WindowResizeEventHandler
DWebBrowserEvents_WindowResizeEventHandler
DWebBrowserEvents_WindowActivateEventHandler
DWebBrowserEvents_WindowActivateEventHandler
DWebBrowserEvents_PropertyChangeEventHandler
DWebBrowserEvents_PropertyChangeEventHandler
WebBrowser_V1
WebBrowser_V1
WebBrowserClass
WebBrowserClass
WebBrowser
WebBrowser
DShellWindowsEvents
DShellWindowsEvents
IShellWindows
IShellWindows
ShellWindowsClass
ShellWindowsClass
DShellWindowsEvents_Event
DShellWindowsEvents_Event
DShellWindowsEvents_WindowRegisteredEventHandler
DShellWindowsEvents_WindowRegisteredEventHandler
DShellWindowsEvents_WindowRevokedEventHandler
DShellWindowsEvents_WindowRevokedEventHandler
ShellWindows
ShellWindows
DShellWindowsEvents_SinkHelper
DShellWindowsEvents_SinkHelper
DShellWindowsEvents_EventProvider
DShellWindowsEvents_EventProvider
DWebBrowserEvents_SinkHelper
DWebBrowserEvents_SinkHelper
DWebBrowserEvents_EventProvider
DWebBrowserEvents_EventProvider
DWebBrowserEvents2_SinkHelper
DWebBrowserEvents2_SinkHelper
DWebBrowserEvents2_EventProvider
DWebBrowserEvents2_EventProvider
System.Runtime.InteropServices
System.Runtime.InteropServices
System.Reflection
System.Reflection
System.Collections
System.Collections
System.Threading
System.Threading
ImportedFromTypeLibAttribute
ImportedFromTypeLibAttribute
get_LocationURL
get_LocationURL
LocationURL
LocationURL
cmdID
cmdID
cmdexecopt
cmdexecopt
OLECMDID_OPEN
OLECMDID_OPEN
OLECMDID_NEW
OLECMDID_NEW
OLECMDID_SAVE
OLECMDID_SAVE
OLECMDID_SAVEAS
OLECMDID_SAVEAS
OLECMDID_SAVECOPYAS
OLECMDID_SAVECOPYAS
OLECMDID_PRINT
OLECMDID_PRINT
OLECMDID_PRINTPREVIEW
OLECMDID_PRINTPREVIEW
OLECMDID_PAGESETUP
OLECMDID_PAGESETUP
OLECMDID_SPELL
OLECMDID_SPELL
OLECMDID_PROPERTIES
OLECMDID_PROPERTIES
OLECMDID_CUT
OLECMDID_CUT
OLECMDID_COPY
OLECMDID_COPY
OLECMDID_PASTE
OLECMDID_PASTE
OLECMDID_PASTESPECIAL
OLECMDID_PASTESPECIAL
OLECMDID_UNDO
OLECMDID_UNDO
OLECMDID_REDO
OLECMDID_REDO
OLECMDID_SELECTALL
OLECMDID_SELECTALL
OLECMDID_CLEARSELECTION
OLECMDID_CLEARSELECTION
OLECMDID_ZOOM
OLECMDID_ZOOM
OLECMDID_GETZOOMRANGE
OLECMDID_GETZOOMRANGE
OLECMDID_UPDATECOMMANDS
OLECMDID_UPDATECOMMANDS
OLECMDID_REFRESH
OLECMDID_REFRESH
OLECMDID_STOP
OLECMDID_STOP
OLECMDID_HIDETOOLBARS
OLECMDID_HIDETOOLBARS
OLECMDID_SETPROGRESSMAX
OLECMDID_SETPROGRESSMAX
OLECMDID_SETPROGRESSPOS
OLECMDID_SETPROGRESSPOS
OLECMDID_SETPROGRESSTEXT
OLECMDID_SETPROGRESSTEXT
OLECMDID_SETTITLE
OLECMDID_SETTITLE
OLECMDID_SETDOWNLOADSTATE
OLECMDID_SETDOWNLOADSTATE
OLECMDID_STOPDOWNLOAD
OLECMDID_STOPDOWNLOAD
OLECMDID_ONTOOLBARACTIVATED
OLECMDID_ONTOOLBARACTIVATED
OLECMDID_FIND
OLECMDID_FIND
OLECMDID_DELETE
OLECMDID_DELETE
OLECMDID_HTTPEQUIV
OLECMDID_HTTPEQUIV
OLECMDID_HTTPEQUIV_DONE
OLECMDID_HTTPEQUIV_DONE
OLECMDID_ENABLE_INTERACTION
OLECMDID_ENABLE_INTERACTION
OLECMDID_ONUNLOAD
OLECMDID_ONUNLOAD
OLECMDID_PROPERTYBAG2
OLECMDID_PROPERTYBAG2
OLECMDID_PREREFRESH
OLECMDID_PREREFRESH
OLECMDID_SHOWSCRIPTERROR
OLECMDID_SHOWSCRIPTERROR
OLECMDID_SHOWMESSAGE
OLECMDID_SHOWMESSAGE
OLECMDID_SHOWFIND
OLECMDID_SHOWFIND
OLECMDID_SHOWPAGESETUP
OLECMDID_SHOWPAGESETUP
OLECMDID_SHOWPRINT
OLECMDID_SHOWPRINT
OLECMDID_CLOSE
OLECMDID_CLOSE
OLECMDID_ALLOWUILESSSAVEAS
OLECMDID_ALLOWUILESSSAVEAS
OLECMDID_DONTDOWNLOADCSS
OLECMDID_DONTDOWNLOADCSS
OLECMDID_UPDATEPAGESTATUS
OLECMDID_UPDATEPAGESTATUS
OLECMDID_PRINT2
OLECMDID_PRINT2
OLECMDID_PRINTPREVIEW2
OLECMDID_PRINTPREVIEW2
OLECMDID_SETPRINTTEMPLATE
OLECMDID_SETPRINTTEMPLATE
OLECMDID_GETPRINTTEMPLATE
OLECMDID_GETPRINTTEMPLATE
OLECMDID_PAGEACTIONBLOCKED
OLECMDID_PAGEACTIONBLOCKED
OLECMDID_PAGEACTIONUIQUERY
OLECMDID_PAGEACTIONUIQUERY
OLECMDID_FOCUSVIEWCONTROLS
OLECMDID_FOCUSVIEWCONTROLS
OLECMDID_FOCUSVIEWCONTROLSQUERY
OLECMDID_FOCUSVIEWCONTROLSQUERY
OLECMDID_SHOWPAGEACTIONMENU
OLECMDID_SHOWPAGEACTIONMENU
OLECMDF_SUPPORTED
OLECMDF_SUPPORTED
OLECMDF_ENABLED
OLECMDF_ENABLED
OLECMDF_LATCHED
OLECMDF_LATCHED
OLECMDF_NINCHED
OLECMDF_NINCHED
OLECMDF_INVISIBLE
OLECMDF_INVISIBLE
OLECMDF_DEFHIDEONCTXTMENU
OLECMDF_DEFHIDEONCTXTMENU
OLECMDEXECOPT_DODEFAULT
OLECMDEXECOPT_DODEFAULT
OLECMDEXECOPT_PROMPTUSER
OLECMDEXECOPT_PROMPTUSER
OLECMDEXECOPT_DONTPROMPTUSER
OLECMDEXECOPT_DONTPROMPTUSER
OLECMDEXECOPT_SHOWHELP
OLECMDEXECOPT_SHOWHELP
WindowSetResizable
WindowSetResizable
WindowSetLeft
WindowSetLeft
WindowSetTop
WindowSetTop
WindowSetWidth
WindowSetWidth
WindowSetHeight
WindowSetHeight
bstrUrlContext
bstrUrlContext
bstrUrl
bstrUrl
.ctor
.ctor
IWebBrowser2_GoBack
IWebBrowser2_GoBack
IWebBrowser2_GoForward
IWebBrowser2_GoForward
IWebBrowser2_GoHome
IWebBrowser2_GoHome
IWebBrowser2_GoSearch
IWebBrowser2_GoSearch
IWebBrowser2_Navigate
IWebBrowser2_Navigate
IWebBrowser2_Refresh
IWebBrowser2_Refresh
IWebBrowser2_Refresh2
IWebBrowser2_Refresh2
IWebBrowser2_Stop
IWebBrowser2_Stop
IWebBrowser2_get_Application
IWebBrowser2_get_Application
IWebBrowser2_get_Parent
IWebBrowser2_get_Parent
IWebBrowser2_get_Container
IWebBrowser2_get_Container
IWebBrowser2_get_Document
IWebBrowser2_get_Document
IWebBrowser2_get_TopLevelContainer
IWebBrowser2_get_TopLevelContainer
IWebBrowser2_get_Type
IWebBrowser2_get_Type
IWebBrowser2_get_Left
IWebBrowser2_get_Left
IWebBrowser2_set_Left
IWebBrowser2_set_Left
IWebBrowser2_get_Top
IWebBrowser2_get_Top
IWebBrowser2_set_Top
IWebBrowser2_set_Top
IWebBrowser2_get_Width
IWebBrowser2_get_Width
IWebBrowser2_set_Width
IWebBrowser2_set_Width
IWebBrowser2_get_Height
IWebBrowser2_get_Height
IWebBrowser2_set_Height
IWebBrowser2_set_Height
IWebBrowser2_get_LocationName
IWebBrowser2_get_LocationName
IWebBrowser2_get_LocationURL
IWebBrowser2_get_LocationURL
IWebBrowser2_get_Busy
IWebBrowser2_get_Busy
DWebBrowserEvents2_Event_add_StatusTextChange
DWebBrowserEvents2_Event_add_StatusTextChange
DWebBrowserEvents2_Event_remove_StatusTextChange
DWebBrowserEvents2_Event_remove_StatusTextChange
DWebBrowserEvents2_Event_add_ProgressChange
DWebBrowserEvents2_Event_add_ProgressChange
DWebBrowserEvents2_Event_remove_ProgressChange
DWebBrowserEvents2_Event_remove_ProgressChange
DWebBrowserEvents2_Event_add_CommandStateChange
DWebBrowserEvents2_Event_add_CommandStateChange
DWebBrowserEvents2_Event_remove_CommandStateChange
DWebBrowserEvents2_Event_remove_CommandStateChange
DWebBrowserEvents2_Event_add_DownloadBegin
DWebBrowserEvents2_Event_add_DownloadBegin
DWebBrowserEvents2_Event_remove_DownloadBegin
DWebBrowserEvents2_Event_remove_DownloadBegin
DWebBrowserEvents2_Event_add_DownloadComplete
DWebBrowserEvents2_Event_add_DownloadComplete
DWebBrowserEvents2_Event_remove_DownloadComplete
DWebBrowserEvents2_Event_remove_DownloadComplete
DWebBrowserEvents2_Event_add_TitleChange
DWebBrowserEvents2_Event_add_TitleChange
DWebBrowserEvents2_Event_remove_TitleChange
DWebBrowserEvents2_Event_remove_TitleChange
DWebBrowserEvents2_Event_add_PropertyChange
DWebBrowserEvents2_Event_add_PropertyChange
DWebBrowserEvents2_Event_remove_PropertyChange
DWebBrowserEvents2_Event_remove_PropertyChange
add_WindowSetResizable
add_WindowSetResizable
remove_WindowSetResizable
remove_WindowSetResizable
add_WindowSetLeft
add_WindowSetLeft
remove_WindowSetLeft
remove_WindowSetLeft
add_WindowSetTop
add_WindowSetTop
remove_WindowSetTop
remove_WindowSetTop
add_WindowSetWidth
add_WindowSetWidth
remove_WindowSetWidth
remove_WindowSetWidth
add_WindowSetHeight
add_WindowSetHeight
remove_WindowSetHeight
remove_WindowSetHeight
DWebBrowserEvents_Event_Quit
DWebBrowserEvents_Event_Quit
DWebBrowserEvents2_Event_StatusTextChange
DWebBrowserEvents2_Event_StatusTextChange
DWebBrowserEvents2_Event_ProgressChange
DWebBrowserEvents2_Event_ProgressChange
DWebBrowserEvents2_Event_CommandStateChange
DWebBrowserEvents2_Event_CommandStateChange
DWebBrowserEvents2_Event_DownloadBegin
DWebBrowserEvents2_Event_DownloadBegin
DWebBrowserEvents2_Event_DownloadComplete
DWebBrowserEvents2_Event_DownloadComplete
DWebBrowserEvents2_Event_TitleChange
DWebBrowserEvents2_Event_TitleChange
DWebBrowserEvents2_Event_PropertyChange
DWebBrowserEvents2_Event_PropertyChange
IWebBrowser2_Application
IWebBrowser2_Application
IWebBrowser2_Parent
IWebBrowser2_Parent
IWebBrowser2_Container
IWebBrowser2_Container
IWebBrowser2_Document
IWebBrowser2_Document
IWebBrowser2_TopLevelContainer
IWebBrowser2_TopLevelContainer
IWebBrowser2_Type
IWebBrowser2_Type
IWebBrowser2_Left
IWebBrowser2_Left
IWebBrowser2_Top
IWebBrowser2_Top
IWebBrowser2_Width
IWebBrowser2_Width
IWebBrowser2_Height
IWebBrowser2_Height
IWebBrowser2_LocationName
IWebBrowser2_LocationName
IWebBrowser2_LocationURL
IWebBrowser2_LocationURL
IWebBrowser2_Busy
IWebBrowser2_Busy
IWebBrowser_GoBack
IWebBrowser_GoBack
IWebBrowser_GoForward
IWebBrowser_GoForward
IWebBrowser_GoHome
IWebBrowser_GoHome
IWebBrowser_GoSearch
IWebBrowser_GoSearch
IWebBrowser_Navigate
IWebBrowser_Navigate
IWebBrowser_Refresh
IWebBrowser_Refresh
IWebBrowser_Refresh2
IWebBrowser_Refresh2
IWebBrowser_Stop
IWebBrowser_Stop
IWebBrowser_get_Application
IWebBrowser_get_Application
IWebBrowser_get_Parent
IWebBrowser_get_Parent
IWebBrowser_get_Container
IWebBrowser_get_Container
IWebBrowser_get_Document
IWebBrowser_get_Document
IWebBrowser_get_TopLevelContainer
IWebBrowser_get_TopLevelContainer
IWebBrowser_get_Type
IWebBrowser_get_Type
IWebBrowser_get_Left
IWebBrowser_get_Left
IWebBrowser_set_Left
IWebBrowser_set_Left
IWebBrowser_get_Top
IWebBrowser_get_Top
IWebBrowser_set_Top
IWebBrowser_set_Top
IWebBrowser_get_Width
IWebBrowser_get_Width
IWebBrowser_set_Width
IWebBrowser_set_Width
IWebBrowser_get_Height
IWebBrowser_get_Height
IWebBrowser_set_Height
IWebBrowser_set_Height
IWebBrowser_get_LocationName
IWebBrowser_get_LocationName
IWebBrowser_get_LocationURL
IWebBrowser_get_LocationURL
IWebBrowser_get_Busy
IWebBrowser_get_Busy
DWebBrowserEvents_Event_add_StatusTextChange
DWebBrowserEvents_Event_add_StatusTextChange
DWebBrowserEvents_Event_remove_StatusTextChange
DWebBrowserEvents_Event_remove_StatusTextChange
DWebBrowserEvents_Event_add_ProgressChange
DWebBrowserEvents_Event_add_ProgressChange
DWebBrowserEvents_Event_remove_ProgressChange
DWebBrowserEvents_Event_remove_ProgressChange
DWebBrowserEvents_Event_add_DownloadComplete
DWebBrowserEvents_Event_add_DownloadComplete
DWebBrowserEvents_Event_remove_DownloadComplete
DWebBrowserEvents_Event_remove_DownloadComplete
DWebBrowserEvents_Event_add_CommandStateChange
DWebBrowserEvents_Event_add_CommandStateChange
DWebBrowserEvents_Event_remove_CommandStateChange
DWebBrowserEvents_Event_remove_CommandStateChange
DWebBrowserEvents_Event_add_DownloadBegin
DWebBrowserEvents_Event_add_DownloadBegin
DWebBrowserEvents_Event_remove_DownloadBegin
DWebBrowserEvents_Event_remove_DownloadBegin
DWebBrowserEvents_Event_add_TitleChange
DWebBrowserEvents_Event_add_TitleChange
DWebBrowserEvents_Event_remove_TitleChange
DWebBrowserEvents_Event_remove_TitleChange
DWebBrowserEvents_Event_add_PropertyChange
DWebBrowserEvents_Event_add_PropertyChange
DWebBrowserEvents_Event_remove_PropertyChange
DWebBrowserEvents_Event_remove_PropertyChange
DWebBrowserEvents_Event_StatusTextChange
DWebBrowserEvents_Event_StatusTextChange
DWebBrowserEvents_Event_ProgressChange
DWebBrowserEvents_Event_ProgressChange
DWebBrowserEvents_Event_DownloadComplete
DWebBrowserEvents_Event_DownloadComplete
DWebBrowserEvents_Event_CommandStateChange
DWebBrowserEvents_Event_CommandStateChange
DWebBrowserEvents_Event_DownloadBegin
DWebBrowserEvents_Event_DownloadBegin
DWebBrowserEvents_Event_TitleChange
DWebBrowserEvents_Event_TitleChange
DWebBrowserEvents_Event_PropertyChange
DWebBrowserEvents_Event_PropertyChange
IWebBrowser_Application
IWebBrowser_Application
IWebBrowser_Parent
IWebBrowser_Parent
IWebBrowser_Container
IWebBrowser_Container
IWebBrowser_Document
IWebBrowser_Document
IWebBrowser_TopLevelContainer
IWebBrowser_TopLevelContainer
IWebBrowser_Type
IWebBrowser_Type
IWebBrowser_Left
IWebBrowser_Left
IWebBrowser_Top
IWebBrowser_Top
IWebBrowser_Width
IWebBrowser_Width
IWebBrowser_Height
IWebBrowser_Height
IWebBrowser_LocationName
IWebBrowser_LocationName
IWebBrowser_LocationURL
IWebBrowser_LocationURL
IWebBrowser_Busy
IWebBrowser_Busy
IWebBrowserApp_GoBack
IWebBrowserApp_GoBack
IWebBrowserApp_GoForward
IWebBrowserApp_GoForward
IWebBrowserApp_GoHome
IWebBrowserApp_GoHome
IWebBrowserApp_GoSearch
IWebBrowserApp_GoSearch
IWebBrowserApp_Navigate
IWebBrowserApp_Navigate
IWebBrowserApp_Refresh
IWebBrowserApp_Refresh
IWebBrowserApp_Refresh2
IWebBrowserApp_Refresh2
IWebBrowserApp_Stop
IWebBrowserApp_Stop
IWebBrowserApp_get_Application
IWebBrowserApp_get_Application
IWebBrowserApp_get_Parent
IWebBrowserApp_get_Parent
IWebBrowserApp_get_Container
IWebBrowserApp_get_Container
IWebBrowserApp_get_Document
IWebBrowserApp_get_Document
IWebBrowserApp_get_TopLevelContainer
IWebBrowserApp_get_TopLevelContainer
IWebBrowserApp_get_Type
IWebBrowserApp_get_Type
IWebBrowserApp_get_Left
IWebBrowserApp_get_Left
IWebBrowserApp_set_Left
IWebBrowserApp_set_Left
IWebBrowserApp_get_Top
IWebBrowserApp_get_Top
IWebBrowserApp_set_Top
IWebBrowserApp_set_Top
IWebBrowserApp_get_Width
IWebBrowserApp_get_Width
IWebBrowserApp_set_Width
IWebBrowserApp_set_Width
IWebBrowserApp_get_Height
IWebBrowserApp_get_Height
IWebBrowserApp_set_Height
IWebBrowserApp_set_Height
IWebBrowserApp_get_LocationName
IWebBrowserApp_get_LocationName
IWebBrowserApp_get_LocationURL
IWebBrowserApp_get_LocationURL
IWebBrowserApp_get_Busy
IWebBrowserApp_get_Busy
IWebBrowserApp_Quit
IWebBrowserApp_Quit
IWebBrowserApp_ClientToWindow
IWebBrowserApp_ClientToWindow
IWebBrowserApp_PutProperty
IWebBrowserApp_PutProperty
IWebBrowserApp_GetProperty
IWebBrowserApp_GetProperty
IWebBrowserApp_get_Name
IWebBrowserApp_get_Name
IWebBrowserApp_get_HWND
IWebBrowserApp_get_HWND
IWebBrowserApp_get_FullName
IWebBrowserApp_get_FullName
IWebBrowserApp_get_Path
IWebBrowserApp_get_Path
IWebBrowserApp_get_Visible
IWebBrowserApp_get_Visible
IWebBrowserApp_set_Visible
IWebBrowserApp_set_Visible
IWebBrowserApp_get_StatusBar
IWebBrowserApp_get_StatusBar
IWebBrowserApp_set_StatusBar
IWebBrowserApp_set_StatusBar
IWebBrowserApp_get_StatusText
IWebBrowserApp_get_StatusText
IWebBrowserApp_set_StatusText
IWebBrowserApp_set_StatusText
IWebBrowserApp_get_ToolBar
IWebBrowserApp_get_ToolBar
IWebBrowserApp_set_ToolBar
IWebBrowserApp_set_ToolBar
IWebBrowserApp_get_MenuBar
IWebBrowserApp_get_MenuBar
IWebBrowserApp_set_MenuBar
IWebBrowserApp_set_MenuBar
IWebBrowserApp_get_FullScreen
IWebBrowserApp_get_FullScreen
IWebBrowserApp_set_FullScreen
IWebBrowserApp_set_FullScreen
IWebBrowserApp_Application
IWebBrowserApp_Application
IWebBrowserApp_Parent
IWebBrowserApp_Parent
IWebBrowserApp_Container
IWebBrowserApp_Container
IWebBrowserApp_Document
IWebBrowserApp_Document
IWebBrowserApp_TopLevelContainer
IWebBrowserApp_TopLevelContainer
IWebBrowserApp_Type
IWebBrowserApp_Type
IWebBrowserApp_Left
IWebBrowserApp_Left
IWebBrowserApp_Top
IWebBrowserApp_Top
IWebBrowserApp_Width
IWebBrowserApp_Width
IWebBrowserApp_Height
IWebBrowserApp_Height
IWebBrowserApp_LocationName
IWebBrowserApp_LocationName
IWebBrowserApp_LocationURL
IWebBrowserApp_LocationURL
IWebBrowserApp_Busy
IWebBrowserApp_Busy
IWebBrowserApp_Name
IWebBrowserApp_Name
IWebBrowserApp_HWND
IWebBrowserApp_HWND
IWebBrowserApp_FullName
IWebBrowserApp_FullName
IWebBrowserApp_Path
IWebBrowserApp_Path
IWebBrowserApp_Visible
IWebBrowserApp_Visible
IWebBrowserApp_StatusBar
IWebBrowserApp_StatusBar
IWebBrowserApp_StatusText
IWebBrowserApp_StatusText
IWebBrowserApp_ToolBar
IWebBrowserApp_ToolBar
IWebBrowserApp_MenuBar
IWebBrowserApp_MenuBar
IWebBrowserApp_FullScreen
IWebBrowserApp_FullScreen
SWFO_COOKIEPASSED
SWFO_COOKIEPASSED
FindWindowSW
FindWindowSW
ImportExportFavorites
ImportExportFavorites
fImport
fImport
strFailureUrl
strFailureUrl
strUrl
strUrl
Import
Import
Export
Export
getErrorMsg
getErrorMsg
getErrorUrl
getErrorUrl
getAlwaysShowLockState
getAlwaysShowLockState
get_URL
get_URL
SetDefaultSearchUrl
SetDefaultSearchUrl
get_InWebFolder
get_InWebFolder
FindOnWeb
FindOnWeb
GetSearchAssistantURL
GetSearchAssistantURL
InWebFolder
InWebFolder
m_WindowSetHeightDelegate
m_WindowSetHeightDelegate
m_WindowSetWidthDelegate
m_WindowSetWidthDelegate
m_WindowSetTopDelegate
m_WindowSetTopDelegate
m_WindowSetLeftDelegate
m_WindowSetLeftDelegate
m_WindowSetResizableDelegate
m_WindowSetResizableDelegate
Interop.SHDocVw
Interop.SHDocVw
SHDocVw.dll
SHDocVw.dll
System.Runtime.InteropServices.CustomMarshalers.EnumeratorToEnumVariantMarshaler, CustomMarshalers, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Runtime.InteropServices.CustomMarshalers.EnumeratorToEnumVariantMarshaler, CustomMarshalers, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
$EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B
$EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B
$EAB22AC2-30C1-11CF-A7EB-0000C05BAE0B
$EAB22AC2-30C1-11CF-A7EB-0000C05BAE0B
$34A226E0-DF30-11CF-89A9-00A0C9054129
$34A226E0-DF30-11CF-89A9-00A0C9054129
$0002DF05-0000-0000-C000-000000000046
$0002DF05-0000-0000-C000-000000000046
$D30C1661-CDAF-11D0-8A3E-00C04FC9E26E
$D30C1661-CDAF-11D0-8A3E-00C04FC9E26E
$65507BE0-91A8-11D3-A845-009027220E6D
$65507BE0-91A8-11D3-A845-009027220E6D
$34A715A0-6587-11D0-924A-0020AFC7AC4D
$34A715A0-6587-11D0-924A-0020AFC7AC4D
$EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B
$EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B
SHDocVw.DWebBrowserEvents2
SHDocVw.DWebBrowserEvents2
)SHDocVw.DWebBrowserEvents2_EventProvider
)SHDocVw.DWebBrowserEvents2_EventProvider
SHDocVw.DWebBrowserEvents
SHDocVw.DWebBrowserEvents
(SHDocVw.DWebBrowserEvents_EventProvider
(SHDocVw.DWebBrowserEvents_EventProvider
SHDocVw.WebBrowser_V1Class
SHDocVw.WebBrowser_V1Class
6SHDocVw.DWebBrowserEvents
6SHDocVw.DWebBrowserEvents
$8856F961-340A-11D0-A96B-00C04FD705A2
$8856F961-340A-11D0-A96B-00C04FD705A2
SHDocVw.WebBrowserClass
SHDocVw.WebBrowserClass
6SHDocVw.DWebBrowserEvents2
6SHDocVw.DWebBrowserEvents2
$0002DF01-0000-0000-C000-000000000046
$0002DF01-0000-0000-C000-000000000046
SHDocVw.InternetExplorerClass
SHDocVw.InternetExplorerClass
$C08AFD90-F2A1-11D1-8455-00A0C91F3880
$C08AFD90-F2A1-11D1-8455-00A0C91F3880
SHDocVw.ShellBrowserWindowClass
SHDocVw.ShellBrowserWindowClass
$F41E6981-28E5-11D0-82B4-00A0C90C29C5
$F41E6981-28E5-11D0-82B4-00A0C90C29C5
$7716A370-38CA-11D0-A48B-00A0C90A8F39
$7716A370-38CA-11D0-A48B-00A0C90A8F39
$FE4106E0-399A-11D0-A48C-00A0C90A8F39
$FE4106E0-399A-11D0-A48C-00A0C90A8F39
$85CB6900-4D95-11CF-960C-0080C7F4EE85
$85CB6900-4D95-11CF-960C-0080C7F4EE85
$9BA05972-F6A8-11CF-A442-00A0C90A8F39
$9BA05972-F6A8-11CF-A442-00A0C90A8F39
SHDocVw.DShellWindowsEvents
SHDocVw.DShellWindowsEvents
*SHDocVw.DShellWindowsEvents_EventProvider
*SHDocVw.DShellWindowsEvents_EventProvider
SHDocVw.ShellWindowsClass
SHDocVw.ShellWindowsClass
$729FE2F8-1EA8-11D1-8F85-00C04FC2FBE1
$729FE2F8-1EA8-11D1-8F85-00C04FC2FBE1
$64AB4BB7-111E-11D1-8F79-00C04FC2FBE1
$64AB4BB7-111E-11D1-8F79-00C04FC2FBE1
SHDocVw.ShellUIHelperClass
SHDocVw.ShellUIHelperClass
$55136806-B2DE-11D1-B9F2-00A0C98BC547
$55136806-B2DE-11D1-B9F2-00A0C98BC547
$55136804-B2DE-11D1-B9F2-00A0C98BC547
$55136804-B2DE-11D1-B9F2-00A0C98BC547
$E572D3C9-37BE-4AE2-825D-D521763E3108
$E572D3C9-37BE-4AE2-825D-D521763E3108
$55136805-B2DE-11D1-B9F2-00A0C98BC547
$55136805-B2DE-11D1-B9F2-00A0C98BC547
SHDocVw.DShellNameSpaceEvents
SHDocVw.DShellNameSpaceEvents
,SHDocVw.DShellNameSpaceEvents_EventProvider
,SHDocVw.DShellNameSpaceEvents_EventProvider
SHDocVw.ShellNameSpaceClass
SHDocVw.ShellNameSpaceClass
$F3470F24-15FD-11D2-BB2E-00805FF7EFCA
$F3470F24-15FD-11D2-BB2E-00805FF7EFCA
$EFD01300-160F-11D2-BB2E-00805FF7EFCA
$EFD01300-160F-11D2-BB2E-00805FF7EFCA
SHDocVw.CScriptErrorListClass
SHDocVw.CScriptErrorListClass
$BA9239A4-3DD5-11D2-BF8B-00C04FB93661
$BA9239A4-3DD5-11D2-BF8B-00C04FB93661
$47C922A2-3DD5-11D2-BF8B-00C04FB93661
$47C922A2-3DD5-11D2-BF8B-00C04FB93661
$72423E8F-8011-11D2-BE79-00A0C9A83DA1
$72423E8F-8011-11D2-BE79-00A0C9A83DA1
$72423E8F-8011-11D2-BE79-00A0C9A83DA2
$72423E8F-8011-11D2-BE79-00A0C9A83DA2
$72423E8F-8011-11D2-BE79-00A0C9A83DA3
$72423E8F-8011-11D2-BE79-00A0C9A83DA3
$1611FDDA-445B-11D2-85DE-00C04FA35C89
$1611FDDA-445B-11D2-85DE-00C04FA35C89
$B45FF030-4447-11D2-85DE-00C04FA35C89
$B45FF030-4447-11D2-85DE-00C04FA35C89
SHDocVw.SearchAssistantOCClass
SHDocVw.SearchAssistantOCClass
$eab22ac0-30c1-11cf-a7eb-0000c05bae0b
$eab22ac0-30c1-11cf-a7eb-0000c05bae0b
AxInterop.SHDocVw.dll
AxInterop.SHDocVw.dll
System.Windows.Forms
System.Windows.Forms
AxWebBrowser
AxWebBrowser
DWebBrowserEvents2_NewWindow3Event
DWebBrowserEvents2_NewWindow3Event
DWebBrowserEvents2_PrivacyImpactedStateChangeEvent
DWebBrowserEvents2_PrivacyImpactedStateChangeEvent
DWebBrowserEvents2_UpdatePageStatusEvent
DWebBrowserEvents2_UpdatePageStatusEvent
DWebBrowserEvents2_PrintTemplateTeardownEvent
DWebBrowserEvents2_PrintTemplateTeardownEvent
DWebBrowserEvents2_PrintTemplateInstantiationEvent
DWebBrowserEvents2_PrintTemplateInstantiationEvent
DWebBrowserEvents2_NavigateErrorEvent
DWebBrowserEvents2_NavigateErrorEvent
DWebBrowserEvents2_FileDownloadEvent
DWebBrowserEvents2_FileDownloadEvent
DWebBrowserEvents2_SetSecureLockIconEvent
DWebBrowserEvents2_SetSecureLockIconEvent
DWebBrowserEvents2_ClientToHostWindowEvent
DWebBrowserEvents2_ClientToHostWindowEvent
DWebBrowserEvents2_WindowClosingEvent
DWebBrowserEvents2_WindowClosingEvent
DWebBrowserEvents2_WindowSetHeightEvent
DWebBrowserEvents2_WindowSetHeightEvent
DWebBrowserEvents2_WindowSetWidthEvent
DWebBrowserEvents2_WindowSetWidthEvent
DWebBrowserEvents2_WindowSetTopEvent
DWebBrowserEvents2_WindowSetTopEvent
DWebBrowserEvents2_WindowSetLeftEvent
DWebBrowserEvents2_WindowSetLeftEvent
DWebBrowserEvents2_WindowSetResizableEvent
DWebBrowserEvents2_WindowSetResizableEvent
DWebBrowserEvents2_OnTheaterModeEvent
DWebBrowserEvents2_OnTheaterModeEvent
DWebBrowserEvents2_OnFullScreenEvent
DWebBrowserEvents2_OnFullScreenEvent
DWebBrowserEvents2_OnStatusBarEvent
DWebBrowserEvents2_OnStatusBarEvent
DWebBrowserEvents2_OnMenuBarEvent
DWebBrowserEvents2_OnMenuBarEvent
DWebBrowserEvents2_OnToolBarEvent
DWebBrowserEvents2_OnToolBarEvent
DWebBrowserEvents2_OnVisibleEvent
DWebBrowserEvents2_OnVisibleEvent
DWebBrowserEvents2_DocumentCompleteEvent
DWebBrowserEvents2_DocumentCompleteEvent
DWebBrowserEvents2_NavigateComplete2Event
DWebBrowserEvents2_NavigateComplete2Event
DWebBrowserEvents2_NewWindow2Event
DWebBrowserEvents2_NewWindow2Event
DWebBrowserEvents2_BeforeNavigate2Event
DWebBrowserEvents2_BeforeNavigate2Event
DWebBrowserEvents2_PropertyChangeEvent
DWebBrowserEvents2_PropertyChangeEvent
DWebBrowserEvents2_TitleChangeEvent
DWebBrowserEvents2_TitleChangeEvent
DWebBrowserEvents2_CommandStateChangeEvent
DWebBrowserEvents2_CommandStateChangeEvent
DWebBrowserEvents2_ProgressChangeEvent
DWebBrowserEvents2_ProgressChangeEvent
DWebBrowserEvents2_StatusTextChangeEvent
DWebBrowserEvents2_StatusTextChangeEvent
AxWebBrowserEventMulticaster
AxWebBrowserEventMulticaster
RaiseOnWindowSetHeight
RaiseOnWindowSetHeight
RaiseOnWindowSetWidth
RaiseOnWindowSetWidth
RaiseOnWindowSetTop
RaiseOnWindowSetTop
RaiseOnWindowSetLeft
RaiseOnWindowSetLeft
RaiseOnWindowSetResizable
RaiseOnWindowSetResizable
AssemblyKeyFileAttribute
AssemblyKeyFileAttribute
AxInterop.SHDocVw
AxInterop.SHDocVw
System.ComponentModel
System.ComponentModel
BindableSupport
BindableSupport
&{8856f961-340a-11d0-a96b-00c04fd705a2}
&{8856f961-340a-11d0-a96b-00c04fd705a2}
System.Int32
System.Int32
.C:\xbox360\Projects\WindowsApplication2\jf.snk
.C:\xbox360\Projects\WindowsApplication2\jf.snk
04/08/2004 01:56:46
04/08/2004 01:56:46
)System.Resources.ResourceReader, mscorlibsSystem.Resources.RuntimeResourceSet, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
)System.Resources.ResourceReader, mscorlibsSystem.Resources.RuntimeResourceSet, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
^System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089iSystem.Drawing.Size, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aiSystem.Drawing.Icon, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3apSystem.Globalization.CultureInfo, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\System.Int32, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089}System.Windows.Forms.AxHost State, System.Windows.Forms, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089kSystem.Drawing.Bitmap, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.Drawing.Point, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADc
^System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089iSystem.Drawing.Size, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aiSystem.Drawing.Icon, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3apSystem.Globalization.CultureInfo, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\System.Int32, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089}System.Windows.Forms.AxHost State, System.Windows.Forms, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089kSystem.Drawing.Bitmap, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.Drawing.Point, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADc
%]-):(/!
%]-):(/!
System.Boolean
System.Boolean
TSystem.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
TSystem.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Size
System.Drawing.Size
System.Drawing.Icon
System.Drawing.Icon
!$!101989
!$!101989
141),))01
141),))01
)89),))01)
)89),))01)
),)),)),)),)),)),)
),)),)),)),)),)),)
),)),)),)),)),)),))}
),)),)),)),)),)),))}
!49),)),)),)),)),)),)),)),)!
!49),)),)),)),)),)),)),)),)!
)()),)),)),)),)),)),)),)141
)()),)),)),)),)),)),)),)141
)()),)),)),)),)),)),)),)),)),)),)!
)()),)),)),)),)),)),)),)),)),)),)!
)()),)),)),)),)),)),)),)),)),)),)),)),)!
)()),)),)),)),)),)),)),)),)),)),)),)),)!
)()),)),)),)),)),)),)),)),)),)),)),)),)),))}
)()),)),)),)),)),)),)),)),)),)),)),)),)),))}
!$!!$!!$!!$!)())())())())())())())())())()!
!$!!$!!$!!$!)())())())())())())())())())()!
! !)())())())())())())())())())())())())())()),1
! !)())())())())())())())())())())())())())()),1
)41101)()
)41101)()
),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()! !
),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()! !
989!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)!$!
989!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)!$!
!$!)()),)),)),)),)),)189
!$!)()),)),)),)),)),)189
)()),)),))
)()),)),))
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
!$!9899<99<9),)
!$!9899<99<9),)
!$!),)),)),)),)101
!$!),)),)),)),)101
)89),)),)),))41
)89),)),)),))41
),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)!$!
),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)!$!
! !),)),)),)),)!
! !),)),)),)),)!
),)),)),)),)),)),)),)
),)),)),)),)),)),)),)
),)),)),)9<9
),)),)),)9<9
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)! !
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)! !
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)! !! !
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)! !! !
)()),)),)),)),)),)),)),)),)!
)()),)),)),)),)),)),)),)),)!
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()9<9
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()9<9
989)())()! !
989)())()! !
)()),)),)),)),)),)),)),)),)),)),))}
)()),)),)),)),)),)),)),)),)),)),))}
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)989
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)989
9<9)()),)!$!
9<9)()),)!$!
)41),)),)),)),)),)),)),)),)),)),)),)101
)41),)),)),)),)),)),)),)),)),)),)),)101
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
)()),)),)!$!
)()),)),)!$!
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
!!$!),)),)),)),)),)),)),)),)),)),)),)),)),)!
!!$!),)),)),)),)),)),)),)),)),)),)),)),)),)!
!$!),)),)!$!
!$!),)),)!$!
! !),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
! !),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
!$!),)),))()),)
!$!),)),))()),)
! !),)),))
! !),)),))
! !! !!$!!$!!$!! !! !
! !! !!$!!$!!$!! !! !
)()),))01!
)()),))01!
189),)),)),)),)
189),)),)),)),)
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
),)),))()
),)),))()
)()),)),))01!
)()),)),))01!
1<9),)),)),)),)
1<9),)),)),)),)
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)101
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)101
!$!),)),)),)),))
!$!),)),)),)),))
141),)),)),))()
141),)),)),))()
!$!),)),)
!$!),)),)
),)),)),)),))()
),)),)),)),))()
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
! !),)),)),)),)),)),)189!
! !),)),)),)),)),)),)189!
!$!),)),)),)),)),)),)),)),)),)),)1<9)}
!$!),)),)),)),)),)),)),)),)),)),)1<9)}
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
!$!),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
! !),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
! !),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
101!$!),))()
101!$!),))()
)()),)989
)()),)989
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)
)()),)),)),)
)()),)),)),)
101),)),)!$!{}{
101),)),)!$!{}{
! !),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)9<9
! !),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)9<9
! !),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)9<9
! !),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)9<9
9<9),)),))())()
9<9),)),))())()
),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
989),)),)!$!
989),)),)!$!
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)141
)()),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)141
1019<9989101),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
1019<9989101),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),)),))()
!$!!$!! !! !! !! !
!$!!$!! !! !! !! !
FFF.FFFs@@@
FFF.FFFs@@@
%%%x(((
%%%x(((
System.Globalization.CultureInfo
System.Globalization.CultureInfo
System.Globalization.CompareInfo
System.Globalization.CompareInfo
System.Globalization.TextInfo%System.Globalization.NumberFormatInfo'System.Globalization.DateTimeFormatInfo
System.Globalization.TextInfo%System.Globalization.NumberFormatInfo'System.Globalization.DateTimeFormatInfo
System.Globalization.Calendar
System.Globalization.Calendar
System.Globalization.TextInfo
System.Globalization.TextInfo
%System.Globalization.NumberFormatInfo
%System.Globalization.NumberFormatInfo
LSystem, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
LSystem, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.CodeDom.MemberAttributes
System.CodeDom.MemberAttributes
ZSystem.Windows.Forms, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
ZSystem.Windows.Forms, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
!System.Windows.Forms.AxHost State
!System.Windows.Forms.AxHost State
System.Drawing.Bitmap
System.Drawing.Bitmap
(7),01444
(7),01444
'9=82<.342
'9=82<.342
sx.LM
sx.LM
m.MZc
m.MZc
ÀRL
ÀRL
%fNHVx
%fNHVx
.Zz`:TYo[
.Zz`:TYo[
B)3%u[
B)3%u[
IO%c(
IO%c(
N*.vU
N*.vU
r'QA.TQ
r'QA.TQ
>/; 7'3'7
>/; 7'3'7
`öv
`öv
7j8f-X}
7j8f-X}
7S
7S
<IaV><pre>IÝ~t</pre><pre>g^z%d</pre><pre>System.Drawing.Point</pre><pre>.cctor</pre><pre>_WinMainCRTStartup</pre><pre>0.591396905</pre><pre>add_KeyDown</pre><pre>AssemblyKeyNameAttribute</pre><pre>BurnerMax.exe</pre><pre>CreateSubKey</pre><pre>get_KeyCode</pre><pre>get_Msg</pre><pre>GetExecutingAssembly</pre><pre>GetPublicKey</pre><pre>ISupportInitialize</pre><pre>KeyEventArgs</pre><pre>KeyEventHandler</pre><pre>Keys</pre><pre>Microsoft.VisualC</pre><pre>Microsoft.Win32</pre><pre>NineRays.Decompiler</pre><pre>NineRays.Obfuscator</pre><pre>RegistryKey</pre><pre>set_KeyPreview</pre><pre>SetWindowsHookExA</pre><pre>System.Diagnostics</pre><pre>System.Drawing</pre><pre>System.Globalization</pre><pre>System.IO</pre><pre>System.Resources</pre><pre>System.Runtime.CompilerServices</pre><pre>System.Security</pre><pre>System.Security.Permissions</pre><pre>System.Text</pre><pre>UnhookWindowsHookEx</pre><pre>..\jf.snk</pre><pre>vThis software protected by 9Rays.Net Spices.Obfuscator (Evaluation version) and can't be used for commercial purposes.</pre><pre>C:\xbox360\BurnMax\BurnMax\Debug\BurnerMax.pdb</pre><pre>GetCPInfo</pre><pre>KERNEL32.dll</pre><pre>_CorExeMain</pre><pre>USER32.dll</pre><pre>GDI32.dll</pre><pre>zcÁ</pre><pre>C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\tb2323xt.exe</pre><pre><requestedExecutionLevel level="highestAvailable" uiAccess="false" /></pre><pre><description>VC.NET How-To XP Theme Support</description></pre><pre>name="Microsoft.Windows.Common-Controls"</pre><pre>version="6.0.0.0"</pre><pre>publicKeyToken="6595b64144ccf1df"</pre><pre>8 9'999@9[9{9</pre><pre>=%=1=?=^=</pre><pre>0D0J0y0</pre><pre>5 5`5 6|7</pre><pre>7$8(84888</pre><pre>mscorlib.dll</pre><pre>1.1.0.0</pre><pre>Interop.SHDocVw.dll</pre><pre>Assembly imported from type library SHDocVw</pre><pre>8856f961-340a-11d0-a96b-00c04fd705a2</pre><pre>$this.DrawGrid</pre><pre>$this.GridSize6</pre><pre>$this.Icon</pre><pre>$this.Language</pre><pre>$this.Localizable</pre><pre>$this.Locked</pre><pre>$this.SnapToGrid</pre><pre>$this.TrayHeight</pre><pre>$this.TrayLargeIcon</pre><pre>axWebBrowser1.Locked</pre><pre>axWebBrowser1.Modifiers</pre><pre>axWebBrowser1.OcxState</pre><pre>button12.Locked</pre><pre>button12.Modifiers</pre><pre>checkBox1.Locked</pre><pre>checkBox1.Modifiers</pre><pre>comboBox1.Locked</pre><pre>comboBox1.Modifiers</pre><pre>pictureBox1.Image</pre><pre>pictureBox1.Locked</pre><pre>pictureBox1.Modifiers</pre><pre>pictureBox2.Image</pre><pre>pictureBox2.Locked</pre><pre>pictureBox2.Modifiers</pre><pre>pictureBox5.Image</pre><pre>pictureBox5.Locked</pre><pre>pictureBox5.Modifiers</pre><pre>tabControl1.DrawGrid</pre><pre>tabControl1.GridSize</pre><pre>tabControl1.Locked</pre><pre>tabControl1.Modifiers</pre><pre>tabControl1.SnapToGrid</pre><pre>tabPage1.DrawGrid</pre><pre>tabPage1.GridSize</pre><pre>tabPage1.Locked</pre><pre>tabPage1.Modifiers</pre><pre>tabPage1.SnapToGrid</pre><pre>tabPage2.DrawGrid</pre><pre>tabPage2.GridSize</pre><pre>tabPage2.Locked</pre><pre>tabPage2.Modifiers</pre><pre>tabPage2.SnapToGrid</pre><pre>tabPage3.DrawGrid</pre><pre>tabPage3.GridSize</pre><pre>tabPage3.Locked</pre><pre>tabPage3.Modifiers</pre><pre>tabPage3.SnapToGrid</pre><pre>textBox3.Locked</pre><pre>textBox3.Modifiers</pre><pre>toolTip1.Location</pre><pre>toolTip1.Modifiers</pre><pre>. Z.cZ.#Z.</pre><pre><PermissionSet class="System.Security.PermissionSet"><pre><IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"><pre>0, 15, 0, 0</pre><b>scvhost.exe_320:</b><pre>.text</pre><pre>`.itext</pre><pre>`.data</pre><pre>.idata</pre><pre>.rdata</pre><pre>@.reloc</pre><pre>B.rsrc</pre><pre>kernel32.dll</pre><pre>Windows</pre><pre>MSWHEEL_ROLLMSG</pre><pre>MSH_WHEELSUPPORT_MSG</pre><pre>MSH_SCROLL_LINES_MSG</pre><pre>$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)</pre><pre>oleaut32.dll</pre><pre>EVariantBadIndexError</pre><pre>ssShift</pre><pre>htKeyword</pre><pre>EInvalidOperation</pre><pre>%s_%d</pre><pre>EInvalidGraphicOperation</pre><pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes</pre><pre>%s, ClassID: %s</pre><pre>%s, ProgID: "%s"</pre><pre>ole32.dll</pre><pre>USER32.DLL</pre><pre>uxtheme.dll</pre><pre>DWMAPI.DLL</pre><pre>clWebSnow</pre><pre>clWebFloralWhite</pre><pre>clWebLavenderBlush</pre><pre>clWebOldLace</pre><pre>clWebIvory</pre><pre>clWebCornSilk</pre><pre>clWebBeige</pre><pre>clWebAntiqueWhite</pre><pre>clWebWheat</pre><pre>clWebAliceBlue</pre><pre>clWebGhostWhite</pre><pre>clWebLavender</pre><pre>clWebSeashell</pre><pre>clWebLightYellow</pre><pre>clWebPapayaWhip</pre><pre>clWebNavajoWhite</pre><pre>clWebMoccasin</pre><pre>clWebBurlywood</pre><pre>clWebAzure</pre><pre>clWebMintcream</pre><pre>clWebHoneydew</pre><pre>clWebLinen</pre><pre>clWebLemonChiffon</pre><pre>clWebBlanchedAlmond</pre><pre>clWebBisque</pre><pre>clWebPeachPuff</pre><pre>clWebTan</pre><pre>clWebYellow</pre><pre>clWebDarkOrange</pre><pre>clWebRed</pre><pre>clWebDarkRed</pre><pre>clWebMaroon</pre><pre>clWebIndianRed</pre><pre>clWebSalmon</pre><pre>clWebCoral</pre><pre>clWebGold</pre><pre>clWebTomato</pre><pre>clWebCrimson</pre><pre>clWebBrown</pre><pre>clWebChocolate</pre><pre>clWebSandyBrown</pre><pre>clWebLightSalmon</pre><pre>clWebLightCoral</pre><pre>clWebOrange</pre><pre>clWebOrangeRed</pre><pre>clWebFirebrick</pre><pre>clWebSaddleBrown</pre><pre>clWebSienna</pre><pre>clWebPeru</pre><pre>clWebDarkSalmon</pre><pre>clWebRosyBrown</pre><pre>clWebPaleGoldenrod</pre><pre>clWebLightGoldenrodYellow</pre><pre>clWebOlive</pre><pre>clWebForestGreen</pre><pre>clWebGreenYellow</pre><pre>clWebChartreuse</pre><pre>clWebLightGreen</pre><pre>clWebAquamarine</pre><pre>clWebSeaGreen</pre><pre>clWebGoldenRod</pre><pre>clWebKhaki</pre><pre>clWebOliveDrab</pre><pre>clWebGreen</pre><pre>clWebYellowGreen</pre><pre>clWebLawnGreen</pre><pre>clWebPaleGreen</pre><pre>clWebMediumAquamarine</pre><pre>clWebMediumSeaGreen</pre><pre>clWebDarkGoldenRod</pre><pre>clWebDarkKhaki</pre><pre>clWebDarkOliveGreen</pre><pre>clWebDarkgreen</pre><pre>clWebLimeGreen</pre><pre>clWebLime</pre><pre>clWebSpringGreen</pre><pre>clWebMediumSpringGreen</pre><pre>clWebDarkSeaGreen</pre><pre>clWebLightSeaGreen</pre><pre>clWebPaleTurquoise</pre><pre>clWebLightCyan</pre><pre>clWebLightBlue</pre><pre>clWebLightSkyBlue</pre><pre>clWebCornFlowerBlue</pre><pre>clWebDarkBlue</pre><pre>clWebIndigo</pre><pre>clWebMediumTurquoise</pre><pre>clWebTurquoise</pre><pre>clWebCyan</pre><pre>clWebPowderBlue</pre><pre>clWebSkyBlue</pre><pre>clWebRoyalBlue</pre><pre>clWebMediumBlue</pre><pre>clWebMidnightBlue</pre><pre>clWebDarkTurquoise</pre><pre>clWebCadetBlue</pre><pre>clWebDarkCyan</pre><pre>clWebTeal</pre><pre>clWebDeepskyBlue</pre><pre>clWebDodgerBlue</pre><pre>clWebBlue</pre><pre>clWebNavy</pre><pre>clWebDarkViolet</pre><pre>clWebDarkOrchid</pre><pre>clWebMagenta</pre><pre>clWebDarkMagenta</pre><pre>clWebMediumVioletRed</pre><pre>clWebPaleVioletRed</pre><pre>clWebBlueViolet</pre><pre>clWebMediumOrchid</pre><pre>clWebMediumPurple</pre><pre>clWebPurple</pre><pre>clWebDeepPink</pre><pre>clWebLightPink</pre><pre>clWebViolet</pre><pre>clWebOrchid</pre><pre>clWebPlum</pre><pre>clWebThistle</pre><pre>clWebHotPink</pre><pre>clWebPink</pre><pre>clWebLightSteelBlue</pre><pre>clWebMediumSlateBlue</pre><pre>clWebLightSlateGray</pre><pre>clWebWhite</pre><pre>clWebLightgrey</pre><pre>clWebGray</pre><pre>clWebSteelBlue</pre><pre>clWebSlateBlue</pre><pre>clWebSlateGray</pre><pre>clWebWhiteSmoke</pre><pre>clWebSilver</pre><pre>clWebDimGray</pre><pre>clWebMistyRose</pre><pre>clWebDarkSlateBlue</pre><pre>clWebDarkSlategray</pre><pre>clWebGainsboro</pre><pre>clWebDarkGray</pre><pre>clWebBlack</pre><pre>comctl32.dll</pre><pre>AutoHotkeysd-</pre><pre>AutoHotkeys</pre><pre>\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\</pre><pre>ssHotTrack</pre><pre>TWindowState</pre><pre>poProportional</pre><pre>TWMKey</pre><pre>KeyPreview</pre><pre>WindowState</pre><pre>OnKeyDownL</pre><pre>OnKeyPress</pre><pre>OnKeyUpH</pre><pre>GlassFrame.Bottom</pre><pre>GlassFrame.Enabled</pre><pre>GlassFrame.Left</pre><pre>GlassFrame.Right</pre><pre>GlassFrame.SheetOfGlass</pre><pre>GlassFrame.Top</pre><pre>System\CurrentControlSet\Control\Keyboard Layouts\%.8x</pre><pre>User32.dll</pre><pre>TKeyEvent</pre><pre>TKeyPressEvent</pre><pre>HelpKeyword n</pre><pre>crSQLWait</pre><pre>%s (%s)</pre><pre>imm32.dll</pre><pre>TSocketPort</pre><pre>%d.%d.%d.%d</pre><pre>0.0.0.0</pre><pre>PSAPI.dll</pre><pre>TDCWebCam</pre><pre>127.0.0.1</pre><pre>BuildImportTable: can't load library:</pre><pre>BuildImportTable: ReallocMemory failed</pre><pre>BuildImportTable: GetProcAddress failed</pre><pre>BTMemoryLoadLibary: BuildImportTable failed</pre><pre>BTMemoryGetProcAddress: no export table found</pre><pre>BTMemoryGetProcAddress: DLL doesn't export anything</pre><pre>BTMemoryGetProcAddress: exported symbol not found</pre><pre>1.2.3</pre><pre>127.0.0.1:1604</pre><pre>#KCMDDC51#-</pre><pre>5.3.0</pre><pre>cmd.exe</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</pre><pre>hkey</pre><pre>\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders</pre><pre>*.torrent</pre><pre>\Internet Explorer\iexplore.exe</pre><pre>explorer.exe</pre><pre>wlanapi.dll</pre><pre>80211_SHARED_KEY</pre><pre>user32.dll</pre><pre>TUploadFTP</pre><pre>notepad.exe</pre><pre>KEYNAME</pre><pre>%ShortCut#</pre><pre>RELATEDCMD</pre><pre>ping 127.0.0.1 -n 4 > NUL && "</pre><pre>DRKey</pre><pre>CRKey</pre><pre>DelMSKey</pre><pre>InstallHKEY</pre><pre>ActiveOnlineKeylogger</pre><pre>UnActiveOnlineKeylogger</pre><pre>KeylogOn</pre><pre>ActiveOfflineKeylogger</pre><pre>UnActiveOfflineKeylogger</pre><pre>ActiveOnlineKeyStrokes</pre><pre>UnActiveOnlineKeyStrokes</pre><pre>OpenWebPage</pre><pre>tmpprint.txt</pre><pre>URLUpdate</pre><pre>MSGBOX</pre><pre>#BOT#VisitUrl</pre><pre>#BOT#OpenUrl</pre><pre>HTTP://</pre><pre>http://</pre><pre>BTRESULTOpen URL|</pre><pre>Command successfully executed!|</pre><pre>#BOT#URLUpdate</pre><pre>BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|</pre><pre>BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|</pre><pre>#BOT#URLDownload</pre><pre>GetActivePorts</pre><pre>out.txt</pre><pre>tmp.txt</pre><pre>DDOSHTTPFLOOD</pre><pre>DDOSUDPFLOOD</pre><pre>%IPPORTSCAN</pre><pre>SAPI.SpVoice</pre><pre>WEBCAMLIVE</pre><pre>WEBCAMSTOP</pre><pre>PASSWORD</pre><pre>FTPFILEUPLOAD</pre><pre>URLDOWNLOADTOFILE</pre><pre>UPLOADEXEC</pre><pre>UPANDEXEC</pre><pre>FTPPORT</pre><pre>FTPPASS</pre><pre>FTPUSER</pre><pre>FTPHOST</pre><pre>FTPROOT</pre><pre>FTPUPLOADK</pre><pre>FTPSIZE</pre><pre>BTRESULTUDP Flood|UDP Flood task finished!|</pre><pre>PortScanAdd</pre><pre>BTRESULTVisit URL|finished to visit</pre><pre>BTERRORVisit URL|An exception occured in the thread|</pre><pre>POST /index.php/1.0</pre><pre>BTRESULTHTTP Flood|Http Flood task finished!|</pre><pre>Mozilla</pre><pre>BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|</pre><pre>BTERRORDownload File| Error on downloading file check if you type the correct url...|</pre><pre>Software\Microsoft\Windows\CurrentVersion\Run</pre><pre>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</pre><pre>ERR|Cannot listen to port, try another one..|</pre><pre>TCaptureWebcam</pre><pre>taskmgr.exe</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\</pre><pre>DC3_FEXEC</pre><pre>Windows NT 4.0</pre><pre>Windows 2000</pre><pre>Windows XP</pre><pre>Windows Server 2003</pre><pre>Windows Vista</pre><pre>Windows 7</pre><pre>Windows 95</pre><pre>Windows 98</pre><pre>Windows Me</pre><pre>S-%u-</pre><pre>FAKEMSG</pre><pre>MSGICON</pre><pre>MSGTITLE</pre><pre>MSGCORE</pre><pre>deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly</pre><pre>inflate 1.2.3 Copyright 1995-2005 Mark Adler</pre><pre>%Documents and Settings%\%current user%\Application Data\dclogs\2014-08-01-6.dc</pre><pre>advapi32.dll</pre><pre>RegOpenKeyExA</pre><pre>RegCloseKey</pre><pre>GetKeyboardType</pre><pre>keybd_event</pre><pre>VkKeyScanA</pre><pre>UnhookWindowsHookEx</pre><pre>SetWindowsHookExA</pre><pre>MsgWaitForMultipleObjectsEx</pre><pre>MsgWaitForMultipleObjects</pre><pre>MapVirtualKeyA</pre><pre>LoadKeyboardLayoutA</pre><pre>GetKeyboardState</pre><pre>GetKeyboardLayoutNameA</pre><pre>GetKeyboardLayoutList</pre><pre>GetKeyboardLayout</pre><pre>GetKeyState</pre><pre>GetKeyNameTextA</pre><pre>ExitWindowsEx</pre><pre>EnumWindows</pre><pre>EnumThreadWindows</pre><pre>EnumChildWindows</pre><pre>ActivateKeyboardLayout</pre><pre>gdi32.dll</pre><pre>SetViewportOrgEx</pre><pre>version.dll</pre><pre>WinExec</pre><pre>PeekNamedPipe</pre><pre>GetWindowsDirectoryA</pre><pre>GetProcessHeap</pre><pre>GetCPInfo</pre><pre>CreatePipe</pre><pre>RegQueryInfoKeyA</pre><pre>RegOpenKeyA</pre><pre>RegFlushKey</pre><pre>RegEnumKeyExA</pre><pre>RegDeleteKeyA</pre><pre>RegCreateKeyExA</pre><pre>RegCreateKeyA</pre><pre>wsock32.dll</pre><pre>shell32.dll</pre><pre>ShellExecuteExA</pre><pre>ShellExecuteA</pre><pre>SHFileOperationA</pre><pre>URLMON.DLL</pre><pre>URLDownloadToFileA</pre><pre>wininet.dll</pre><pre>InternetOpenUrlA</pre><pre>HttpQueryInfoA</pre><pre>FtpPutFileA</pre><pre>winmm.dll</pre><pre>netapi32.dll</pre><pre>gdiplus.dll</pre><pre>GdiplusShutdown</pre><pre>msacm32.dll</pre><pre>ntdll.dll</pre><pre>WS2_32.DLL</pre><pre>SHFolder.dll</pre><pre>SHELL32.DLL</pre><pre>AVICAP32.DLL</pre><pre>1!1,1=1|1</pre><pre>6 6$6(6,606</pre><pre>=!=%=)=-=1=</pre><pre>01m1</pre><pre>0 0$0(0,0004080<0@0</pre><pre><!><pre>;"<?<_><pre>; ;$;(;,;0;4;8;<;@;</pre><pre>7 8$888<8</pre><pre>= =$=(=,=0=4=8=</pre><pre>UntKeylogger</pre><pre>KWindows</pre><pre>UntActivePorts</pre><pre>UntControlKey</pre><pre>UntCaptureWebcam</pre><pre>UntWebCam</pre><pre>UrlMon</pre><pre>(UntUploadFTPThread</pre><pre>UntFTP</pre><pre>_UntUDPFlood</pre><pre>YUntScanPorts</pre><pre>0UntPasswordAndData</pre><pre>XUntHTTPFlood</pre><pre>UntCPU</pre><pre>66006666</pre><pre>No help found for %s#No context-sensitive help installed</pre><pre>No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre><pre>Invalid clipboard format Clipboard does not support Icons</pre><pre>Cannot open clipboard/Menu '%s' is already being used by another form</pre><pre>- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.</pre><pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre><pre>Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window</pre><pre>Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group</pre><pre>Property %s does not exist</pre><pre>Thread creation error: %s</pre><pre>Thread Error: %s (%d)</pre><pre>Unsupported clipboard format</pre><pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre><pre>List count out of bounds (%d)</pre><pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre><pre>Error reading %s%s%s: %s</pre><pre>Failed to create key %s</pre><pre>Failed to get data for '%s'</pre><pre>Failed to set data for '%s'</pre><pre>Resource %s not found</pre><pre>%s.Seek not implemented$Operation not allowed on sorted list</pre><pre>Ancestor for '%s' not found</pre><pre>Cannot assign a %s to a %s</pre><pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre><pre>Class %s not found</pre><pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre><pre>Cannot create file "%s". %s</pre><pre>Cannot open file "%s". %s</pre><pre>Invalid stream format$''%s'' is not a valid component name</pre><pre>External exception %x</pre><pre>Interface not supported</pre><pre>%s (%s, line %d)</pre><pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre><pre>System Error. Code: %d.</pre><pre>No argument for format '%s'"Variant method calls not supported</pre><pre>Invalid variant operation%Invalid variant operation (%s%.8x)</pre><pre>%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre><pre>Operation not supported</pre><pre>Integer overflow Invalid floating point operation</pre><pre>Invalid pointer operation</pre><pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre><pre>Privileged instruction(Exception %s in module %s at %p.</pre><pre>Application Error1Format '%s' invalid or incompatible with argument</pre><pre>!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time</pre><pre>'%s' is not a valid GUID value</pre><pre>I/O error %d</pre><pre>1, 0, 0, 1</pre><pre>MSRSAAP.EXE</pre><pre>4, 0, 0, 0</pre><b>scvhost.exe_320_rwx_00050000_000B2000:</b><pre>.text</pre><pre>`.itext</pre><pre>`.data</pre><pre>.idata</pre><pre>.rdata</pre><pre>@.reloc</pre><pre>B.rsrc</pre><pre>kernel32.dll</pre><pre>Windows</pre><pre>MSWHEEL_ROLLMSG</pre><pre>MSH_WHEELSUPPORT_MSG</pre><pre>MSH_SCROLL_LINES_MSG</pre><pre>$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)</pre><pre>oleaut32.dll</pre><pre>EVariantBadIndexError</pre><pre>ssShift</pre><pre>htKeyword</pre><pre>EInvalidOperation</pre><pre>%s_%d</pre><pre>EInvalidGraphicOperation</pre><pre>SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes</pre><pre>%s, ClassID: %s</pre><pre>%s, ProgID: "%s"</pre><pre>ole32.dll</pre><pre>USER32.DLL</pre><pre>uxtheme.dll</pre><pre>DWMAPI.DLL</pre><pre>clWebSnow</pre><pre>clWebFloralWhite</pre><pre>clWebLavenderBlush</pre><pre>clWebOldLace</pre><pre>clWebIvory</pre><pre>clWebCornSilk</pre><pre>clWebBeige</pre><pre>clWebAntiqueWhite</pre><pre>clWebWheat</pre><pre>clWebAliceBlue</pre><pre>clWebGhostWhite</pre><pre>clWebLavender</pre><pre>clWebSeashell</pre><pre>clWebLightYellow</pre><pre>clWebPapayaWhip</pre><pre>clWebNavajoWhite</pre><pre>clWebMoccasin</pre><pre>clWebBurlywood</pre><pre>clWebAzure</pre><pre>clWebMintcream</pre><pre>clWebHoneydew</pre><pre>clWebLinen</pre><pre>clWebLemonChiffon</pre><pre>clWebBlanchedAlmond</pre><pre>clWebBisque</pre><pre>clWebPeachPuff</pre><pre>clWebTan</pre><pre>clWebYellow</pre><pre>clWebDarkOrange</pre><pre>clWebRed</pre><pre>clWebDarkRed</pre><pre>clWebMaroon</pre><pre>clWebIndianRed</pre><pre>clWebSalmon</pre><pre>clWebCoral</pre><pre>clWebGold</pre><pre>clWebTomato</pre><pre>clWebCrimson</pre><pre>clWebBrown</pre><pre>clWebChocolate</pre><pre>clWebSandyBrown</pre><pre>clWebLightSalmon</pre><pre>clWebLightCoral</pre><pre>clWebOrange</pre><pre>clWebOrangeRed</pre><pre>clWebFirebrick</pre><pre>clWebSaddleBrown</pre><pre>clWebSienna</pre><pre>clWebPeru</pre><pre>clWebDarkSalmon</pre><pre>clWebRosyBrown</pre><pre>clWebPaleGoldenrod</pre><pre>clWebLightGoldenrodYellow</pre><pre>clWebOlive</pre><pre>clWebForestGreen</pre><pre>clWebGreenYellow</pre><pre>clWebChartreuse</pre><pre>clWebLightGreen</pre><pre>clWebAquamarine</pre><pre>clWebSeaGreen</pre><pre>clWebGoldenRod</pre><pre>clWebKhaki</pre><pre>clWebOliveDrab</pre><pre>clWebGreen</pre><pre>clWebYellowGreen</pre><pre>clWebLawnGreen</pre><pre>clWebPaleGreen</pre><pre>clWebMediumAquamarine</pre><pre>clWebMediumSeaGreen</pre><pre>clWebDarkGoldenRod</pre><pre>clWebDarkKhaki</pre><pre>clWebDarkOliveGreen</pre><pre>clWebDarkgreen</pre><pre>clWebLimeGreen</pre><pre>clWebLime</pre><pre>clWebSpringGreen</pre><pre>clWebMediumSpringGreen</pre><pre>clWebDarkSeaGreen</pre><pre>clWebLightSeaGreen</pre><pre>clWebPaleTurquoise</pre><pre>clWebLightCyan</pre><pre>clWebLightBlue</pre><pre>clWebLightSkyBlue</pre><pre>clWebCornFlowerBlue</pre><pre>clWebDarkBlue</pre><pre>clWebIndigo</pre><pre>clWebMediumTurquoise</pre><pre>clWebTurquoise</pre><pre>clWebCyan</pre><pre>clWebPowderBlue</pre><pre>clWebSkyBlue</pre><pre>clWebRoyalBlue</pre><pre>clWebMediumBlue</pre><pre>clWebMidnightBlue</pre><pre>clWebDarkTurquoise</pre><pre>clWebCadetBlue</pre><pre>clWebDarkCyan</pre><pre>clWebTeal</pre><pre>clWebDeepskyBlue</pre><pre>clWebDodgerBlue</pre><pre>clWebBlue</pre><pre>clWebNavy</pre><pre>clWebDarkViolet</pre><pre>clWebDarkOrchid</pre><pre>clWebMagenta</pre><pre>clWebDarkMagenta</pre><pre>clWebMediumVioletRed</pre><pre>clWebPaleVioletRed</pre><pre>clWebBlueViolet</pre><pre>clWebMediumOrchid</pre><pre>clWebMediumPurple</pre><pre>clWebPurple</pre><pre>clWebDeepPink</pre><pre>clWebLightPink</pre><pre>clWebViolet</pre><pre>clWebOrchid</pre><pre>clWebPlum</pre><pre>clWebThistle</pre><pre>clWebHotPink</pre><pre>clWebPink</pre><pre>clWebLightSteelBlue</pre><pre>clWebMediumSlateBlue</pre><pre>clWebLightSlateGray</pre><pre>clWebWhite</pre><pre>clWebLightgrey</pre><pre>clWebGray</pre><pre>clWebSteelBlue</pre><pre>clWebSlateBlue</pre><pre>clWebSlateGray</pre><pre>clWebWhiteSmoke</pre><pre>clWebSilver</pre><pre>clWebDimGray</pre><pre>clWebMistyRose</pre><pre>clWebDarkSlateBlue</pre><pre>clWebDarkSlategray</pre><pre>clWebGainsboro</pre><pre>clWebDarkGray</pre><pre>clWebBlack</pre><pre>comctl32.dll</pre><pre>AutoHotkeysd-</pre><pre>AutoHotkeys</pre><pre>\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\</pre><pre>ssHotTrack</pre><pre>TWindowState</pre><pre>poProportional</pre><pre>TWMKey</pre><pre>KeyPreview</pre><pre>WindowState</pre><pre>OnKeyDownL</pre><pre>OnKeyPress</pre><pre>OnKeyUpH</pre><pre>GlassFrame.Bottom</pre><pre>GlassFrame.Enabled</pre><pre>GlassFrame.Left</pre><pre>GlassFrame.Right</pre><pre>GlassFrame.SheetOfGlass</pre><pre>GlassFrame.Top</pre><pre>System\CurrentControlSet\Control\Keyboard Layouts\%.8x</pre><pre>User32.dll</pre><pre>TKeyEvent</pre><pre>TKeyPressEvent</pre><pre>HelpKeyword n</pre><pre>crSQLWait</pre><pre>%s (%s)</pre><pre>imm32.dll</pre><pre>TSocketPort</pre><pre>%d.%d.%d.%d</pre><pre>0.0.0.0</pre><pre>PSAPI.dll</pre><pre>TDCWebCam</pre><pre>127.0.0.1</pre><pre>BuildImportTable: can't load library:</pre><pre>BuildImportTable: ReallocMemory failed</pre><pre>BuildImportTable: GetProcAddress failed</pre><pre>BTMemoryLoadLibary: BuildImportTable failed</pre><pre>BTMemoryGetProcAddress: no export table found</pre><pre>BTMemoryGetProcAddress: DLL doesn't export anything</pre><pre>BTMemoryGetProcAddress: exported symbol not found</pre><pre>1.2.3</pre><pre>127.0.0.1:1604</pre><pre>#KCMDDC51#-</pre><pre>5.3.0</pre><pre>cmd.exe</pre><pre>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</pre><pre>hkey</pre><pre>\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders</pre><pre>*.torrent</pre><pre>\Internet Explorer\iexplore.exe</pre><pre>explorer.exe</pre><pre>wlanapi.dll</pre><pre>80211_SHARED_KEY</pre><pre>user32.dll</pre><pre>TUploadFTP</pre><pre>notepad.exe</pre><pre>KEYNAME</pre><pre>%ShortCut#</pre><pre>RELATEDCMD</pre><pre>ping 127.0.0.1 -n 4 > NUL && "</pre><pre>DRKey</pre><pre>CRKey</pre><pre>DelMSKey</pre><pre>InstallHKEY</pre><pre>ActiveOnlineKeylogger</pre><pre>UnActiveOnlineKeylogger</pre><pre>KeylogOn</pre><pre>ActiveOfflineKeylogger</pre><pre>UnActiveOfflineKeylogger</pre><pre>ActiveOnlineKeyStrokes</pre><pre>UnActiveOnlineKeyStrokes</pre><pre>OpenWebPage</pre><pre>tmpprint.txt</pre><pre>URLUpdate</pre><pre>MSGBOX</pre><pre>#BOT#VisitUrl</pre><pre>#BOT#OpenUrl</pre><pre>HTTP://</pre><pre>http://</pre><pre>BTRESULTOpen URL|</pre><pre>Command successfully executed!|</pre><pre>#BOT#URLUpdate</pre><pre>BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|</pre><pre>BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|</pre><pre>#BOT#URLDownload</pre><pre>GetActivePorts</pre><pre>out.txt</pre><pre>tmp.txt</pre><pre>DDOSHTTPFLOOD</pre><pre>DDOSUDPFLOOD</pre><pre>%IPPORTSCAN</pre><pre>SAPI.SpVoice</pre><pre>WEBCAMLIVE</pre><pre>WEBCAMSTOP</pre><pre>PASSWORD</pre><pre>FTPFILEUPLOAD</pre><pre>URLDOWNLOADTOFILE</pre><pre>UPLOADEXEC</pre><pre>UPANDEXEC</pre><pre>FTPPORT</pre><pre>FTPPASS</pre><pre>FTPUSER</pre><pre>FTPHOST</pre><pre>FTPROOT</pre><pre>FTPUPLOADK</pre><pre>FTPSIZE</pre><pre>BTRESULTUDP Flood|UDP Flood task finished!|</pre><pre>PortScanAdd</pre><pre>BTRESULTVisit URL|finished to visit</pre><pre>BTERRORVisit URL|An exception occured in the thread|</pre><pre>POST /index.php/1.0</pre><pre>BTRESULTHTTP Flood|Http Flood task finished!|</pre><pre>Mozilla</pre><pre>BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|</pre><pre>BTERRORDownload File| Error on downloading file check if you type the correct url...|</pre><pre>Software\Microsoft\Windows\CurrentVersion\Run</pre><pre>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</pre><pre>ERR|Cannot listen to port, try another one..|</pre><pre>TCaptureWebcam</pre><pre>taskmgr.exe</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall</pre><pre>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\</pre><pre>DC3_FEXEC</pre><pre>Windows NT 4.0</pre><pre>Windows 2000</pre><pre>Windows XP</pre><pre>Windows Server 2003</pre><pre>Windows Vista</pre><pre>Windows 7</pre><pre>Windows 95</pre><pre>Windows 98</pre><pre>Windows Me</pre><pre>S-%u-</pre><pre>FAKEMSG</pre><pre>MSGICON</pre><pre>MSGTITLE</pre><pre>MSGCORE</pre><pre>deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly</pre><pre>inflate 1.2.3 Copyright 1995-2005 Mark Adler</pre><pre>%Documents and Settings%\%current user%\Application Data\dclogs\2014-08-01-6.dc</pre><pre>advapi32.dll</pre><pre>RegOpenKeyExA</pre><pre>RegCloseKey</pre><pre>GetKeyboardType</pre><pre>keybd_event</pre><pre>VkKeyScanA</pre><pre>UnhookWindowsHookEx</pre><pre>SetWindowsHookExA</pre><pre>MsgWaitForMultipleObjectsEx</pre><pre>MsgWaitForMultipleObjects</pre><pre>MapVirtualKeyA</pre><pre>LoadKeyboardLayoutA</pre><pre>GetKeyboardState</pre><pre>GetKeyboardLayoutNameA</pre><pre>GetKeyboardLayoutList</pre><pre>GetKeyboardLayout</pre><pre>GetKeyState</pre><pre>GetKeyNameTextA</pre><pre>ExitWindowsEx</pre><pre>EnumWindows</pre><pre>EnumThreadWindows</pre><pre>EnumChildWindows</pre><pre>ActivateKeyboardLayout</pre><pre>gdi32.dll</pre><pre>SetViewportOrgEx</pre><pre>version.dll</pre><pre>WinExec</pre><pre>PeekNamedPipe</pre><pre>GetWindowsDirectoryA</pre><pre>GetProcessHeap</pre><pre>GetCPInfo</pre><pre>CreatePipe</pre><pre>RegQueryInfoKeyA</pre><pre>RegOpenKeyA</pre><pre>RegFlushKey</pre><pre>RegEnumKeyExA</pre><pre>RegDeleteKeyA</pre><pre>RegCreateKeyExA</pre><pre>RegCreateKeyA</pre><pre>wsock32.dll</pre><pre>shell32.dll</pre><pre>ShellExecuteExA</pre><pre>ShellExecuteA</pre><pre>SHFileOperationA</pre><pre>URLMON.DLL</pre><pre>URLDownloadToFileA</pre><pre>wininet.dll</pre><pre>InternetOpenUrlA</pre><pre>HttpQueryInfoA</pre><pre>FtpPutFileA</pre><pre>winmm.dll</pre><pre>netapi32.dll</pre><pre>gdiplus.dll</pre><pre>GdiplusShutdown</pre><pre>msacm32.dll</pre><pre>ntdll.dll</pre><pre>WS2_32.DLL</pre><pre>SHFolder.dll</pre><pre>SHELL32.DLL</pre><pre>AVICAP32.DLL</pre><pre>1!1,1=1|1</pre><pre>6 6$6(6,606</pre><pre>=!=%=)=-=1=</pre><pre>01m1</pre><pre>0 0$0(0,0004080<0@0</pre><pre><!><pre>;"<?<_><pre>; ;$;(;,;0;4;8;<;@;</pre><pre>7 8$888<8</pre><pre>= =$=(=,=0=4=8=</pre><pre>UntKeylogger</pre><pre>KWindows</pre><pre>UntActivePorts</pre><pre>UntControlKey</pre><pre>UntCaptureWebcam</pre><pre>UntWebCam</pre><pre>UrlMon</pre><pre>(UntUploadFTPThread</pre><pre>UntFTP</pre><pre>_UntUDPFlood</pre><pre>YUntScanPorts</pre><pre>0UntPasswordAndData</pre><pre>XUntHTTPFlood</pre><pre>UntCPU</pre><pre>66006666</pre><pre>No help found for %s#No context-sensitive help installed</pre><pre>No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s</pre><pre>Invalid clipboard format Clipboard does not support Icons</pre><pre>Cannot open clipboard/Menu '%s' is already being used by another form</pre><pre>- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.</pre><pre>OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters</pre><pre>Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window</pre><pre>Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group</pre><pre>Property %s does not exist</pre><pre>Thread creation error: %s</pre><pre>Thread Error: %s (%d)</pre><pre>Unsupported clipboard format</pre><pre>Invalid data type for '%s' List capacity out of bounds (%d)</pre><pre>List count out of bounds (%d)</pre><pre>List index out of bounds (%d) Out of memory while expanding memory stream</pre><pre>Error reading %s%s%s: %s</pre><pre>Failed to create key %s</pre><pre>Failed to get data for '%s'</pre><pre>Failed to set data for '%s'</pre><pre>Resource %s not found</pre><pre>%s.Seek not implemented$Operation not allowed on sorted list</pre><pre>Ancestor for '%s' not found</pre><pre>Cannot assign a %s to a %s</pre><pre>Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread</pre><pre>Class %s not found</pre><pre>A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates</pre><pre>Cannot create file "%s". %s</pre><pre>Cannot open file "%s". %s</pre><pre>Invalid stream format$''%s'' is not a valid component name</pre><pre>External exception %x</pre><pre>Interface not supported</pre><pre>%s (%s, line %d)</pre><pre>Abstract Error?Access violation at address %p in module '%s'. %s of address %p</pre><pre>System Error. Code: %d.</pre><pre>No argument for format '%s'"Variant method calls not supported</pre><pre>Invalid variant operation%Invalid variant operation (%s%.8x)</pre><pre>%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)</pre><pre>Operation not supported</pre><pre>Integer overflow Invalid floating point operation</pre><pre>Invalid pointer operation</pre><pre>Invalid class typecast0Access violation at address %p. %s of address %p</pre><pre>Privileged instruction(Exception %s in module %s at %p.</pre><pre>Application Error1Format '%s' invalid or incompatible with argument</pre><pre>!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time</pre><pre>'%s' is not a valid GUID value</pre><pre>I/O error %d</pre><pre>1, 0, 0, 1</pre><pre>MSRSAAP.EXE</pre><pre>4, 0, 0, 0</pre></_></pre></!></pre></_></pre></!></pre></IPermission></pre></PermissionSet></pre></IaV>