nprobert/windows_tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eae7957d51e5a3c460ac33c3765c9a35bea8e635
windows_tools/static/PeStudio/strings.xml

3226 lines
129 KiB
XML
Raw Blame History

<!--
This file is part of the pestudio solution (www.winitor.com)
It contains the list of Strings that will be detected as blackListed by this solution.
Remarks:
1. This list does NOT contain API Names of Library Names (since these are part of another BlackList)
2. The items are used for Blacklisting ASCII and UNICODE Strings.
-->
<xml version="1.0" encoding="utf-8">
<settings>
<setting>
<!--
1: Enable the for BlackListed strings
0: Disable the search for BlackListed strings
-->
<enable>1</enable>
<!--
1: Be case-sensitive when searching for BlackListed strings
0: Dont be case-sensitive when searching for BlackListed strings
-->
<CaseSensitive>0</CaseSensitive>
<!--
1: Enable Substring when searching for BlackListed strings (e.g. "soft" being a substring of "software")
0: Disable Substring when searching for BlackListed strings
-->
<Substring>0</Substring>
<!--
0: Show Imported Library Names in Strings collection
1: Hide Imported Library Names from Strings collection
-->
<HideImportedLibraryNames>0</HideImportedLibraryNames>
<!--
0: Show Imported String Names in Strings collection
1: Hide Imported String Names from Strings collection
-->
<HideImportedFunctionNames>0</HideImportedFunctionNames>
</setting>
</settings>
<!-- Virustotal AntiVirus -->
<avs>
<av>threatexpert</av>
<av>emsisoft</av>
<av>rising</av>
<av>pctools</av>
<av>norman</av>
<av>k7computing</av>
<av>ikarus</av>
<av>hacksoft</av>
<av>gdata</av>
<av>fortinet</av>
<av>ewido</av>
<av>clamav</av>
<av>comodo</av>
<av>quickheal</av>
<av>avira</av>
<av>avast</av>
<av>esafe</av>
<av>ahnlab</av>
<av>centralcommand</av>
<av>drweb</av>
<av>grisoft</av>
<av>nod32</av>
<av>f-prot</av>
<av>jotti</av>
<av>computerassociates</av>
<av>networkassociates</av>
<av>etrust</av>
<av>panda</av>
<av>sophos</av>
<av>trendmicro</av>
<av>defender</av>
<av>rootkit</av>
<av>spyware</av>
<av>Kaspersky</av>
<av>BitDefender</av>
<av>Dr.Web</av>
<av>Kaspersky Antivirus</av>
<av>Nod32 Antivirus 2.x</av>
<av>Ewido Security Suite</av>
<av>McAfee VirusScan</av>
<av>Panda Antivirus/Firewall</av>
<av>Symantec/Norton</av>
<av>PC-cillin Antivirus</av>
<av>F-Secure</av>
<av>Kingsoft ShaDu</av>
<av>NOD32 Antivirus</av>
<av>Rising Antivirus</av>
<av>Jiangmin Antivirus</av>
<av>360 ShaDu</av>
<av>360 Safe</av>
<av>McAfee AV</av>
<av>Bitdefender AV</av>
<av>Norton Symantec AV</av>
<av>F-Secure AV</av>
<av>AhnLab V3 Internet Security 8</av>
<av>Avast AntiVirus</av>
<av>Avira Antivirus</av>
<av>Eset Nod32 Scanner</av>
<av>F-Secure Gatekeeper Handler Starter</av>
<av>F-Secure Recognizer</av>
<av>F-Secure HIPS</av>
<av>F-Secure Gatekeeper</av>
<av>F-Secure Filter</av>
<av>WinDefend</av>
<av>OutpostFirewall</av>
<av>McAfee Framework Service</av>
<av>Panda Antivirus</av>
<av>ZoneAlarm Client</av>
<av>Zone Labs Client</av>
<av>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Antivirus</av>
<av>SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Antivirus</av>
<av>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD</av>
<av>SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360SD</av>
<av>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft PC Doctor</av>
<av>SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft PC Doctor</av>
<av>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360 Internet Security</av>
<av>SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360 Internet Security</av>
<av>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security 9</av>
<av>SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security 9</av>
<av>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security U SP1</av>
<av>SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security U SP1</av>
<av>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D1ABBC6D-4C7B-4D6B-9B50-F79399DD3652}</av>
<av>SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D1ABBC6D-4C7B-4D6B-9B50-F79399DD3652}</av>
<av>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC54C7CC-3868-4942-BD2E-1BCA2519C881}</av>
<av>SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC54C7CC-3868-4942-BD2E-1BCA2519C881}</av>
</avs>
<regexs>
<regex>[3-9]{1}[0-9]{1219}[D=\u0061][0-9]{1030}</regex>
<regex>((b|B)[0-9]{1319}\^[A-Za-z\s]{030}\/[A-Za-z\s]{030}\^(0[7-9]|1[0-5])((0[1-9])|(1[0-2]))[0-9\s]{350}[0-9]{1})</regex>
<regex>([0-9]{1516}[D=](0[7-9]|1[0-5])((0[1-9])|(1[0-2]))[0-9]{830})</regex>
<regex>[0-9]{1516}\^[a-zA-Z0-9=*></regex>
<regex>[0-9]{1516}=[0-9]{532}.{120}</regex>
<regex>([0-9]{1319}[=D][0-9]{550})\?</regex>
<regex>([0-9]{1319}[\^][A-Za-z\s]{030}[\/][[A-Za-z\s]{030}[\^]([0-9\s]{170})\?)</regex>
<regex>("^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$")</regex>
<regex>^http[s]?://([^\/:\s]+)(:[^\/\s]+)?(\/?[^\s]*)$</regex>
<regex>{[!11!]}{[!4!]}</regex>
<regex>{[!12!]}{[!10!]}http://%s:%d{[!4!]}</regex>
<regex>{[!13!]}{[!4!]}</regex>
<regex>{[!14!]}{[!4!]}</regex>
<regex>{[!15!]}{[!4!]}</regex>
<regex>{[!16!]}{[!20!]}{[!26!]}%s</regex>
<regex>{[!16!]}{[!46!]}%s (%d)</regex>
<regex>{[!17!]}{[!18!]}</regex>
<regex>{[!17!]}{[!19!]}</regex>
<regex>{[!2!]}{[!20!]}{[!21!]}%s</regex>
<regex>{[!22!]}%s{[!5!]}</regex>
<regex>{[!22!]}{[!18!]}{[!33!]}{[!4!]}{[!34!]}= %d {[!35!]}= 0x%x.{[!36!]}</regex>
<regex>{[!22!]}{[!5!]}%s -> %s [%d]{[!35!]}= 0x%x (== 0x%x)</regex>
<regex>{[!23!]}{[!22!]} {[!24!]}{[!4!]}%d{[!25!]}</regex>
<regex>{[!27!]}{[!30!]}{[!4!]}%s.{[!2!]}</regex>
<regex>{[!28!]}%d.%d {[!29!]}%d.%d.{[!1!]}</regex>
<regex>{[!29!]}{[!1!]}</regex>
<regex>{[!29!]}{[!32!]}%s</regex>
<regex>{[!3!]}%s{[!4!]}</regex>
<regex>{[!30!]}{[!31!]}{[!4!]}</regex>
<regex>{[!37!]}{[!35!]}{[!4!]}{[!38!]}0x%x{[!39!]}0x%x.</regex>
<regex>{[!37!]}{[!35!]}{[!4!]}{[!38!]}0x%x{[!39!]}0x%x.{[!36!]}</regex>
<regex>{[!4!]}{[!10!]}{[!44!]}{[!43!]}{[!21!]}</regex>
<regex>{[!4!]}{[!45!]}{[!21!]}</regex>
<regex>{[!40!]}{[!4!]}{[!36!]}</regex>
<regex>{[!41!]}{[!4!]}{[!42!]}= 0x%x {[!34!]}= 0x%x.{[!36!]}</regex>
<regex>{[!43!]}{[!4!]}</regex>
<regex>{[!46!]}%d{[!1!]}</regex>
</regexs>
<privs>
<priv>SeAssignPrimaryTokenPrivilege</priv>
<priv>SeAuditPrivilege</priv>
<priv>SeBackupPrivilege</priv>
<priv>SeChangeNotifyPrivilege</priv>
<priv>SeCreateGlobalPrivilege</priv>
<priv>SeCreatePagefilePrivilege</priv>
<priv>SeCreatePermanentPrivilege</priv>
<priv>SeCreateSymbolicLinkPrivilege</priv>
<priv>SeCreateTokenPrivilege</priv>
<priv>SeDebugPrivilege</priv>
<priv>SeEnableDelegationPrivilege</priv>
<priv>SeImpersonatePrivilege</priv>
<priv>SeIncreaseBasePriorityPrivilege</priv>
<priv>SeIncreaseQuotaPrivilege</priv>
<priv>SeIncreaseWorkingSetPrivilege</priv>
<priv>SeLoadDriverPrivilege</priv>
<priv>SeLockMemoryPrivilege</priv>
<priv>SeMachineAccountPrivilege</priv>
<priv>SeManageVolumePrivilege</priv>
<priv>SeProfileSingleProcessPrivilege</priv>
<priv>SeRelabelPrivilege</priv>
<priv>SeRemoteShutdownPrivilege</priv>
<priv>SeRestorePrivilege</priv>
<priv>SeSecurityPrivilege</priv>
<priv>SeShutdownPrivilege</priv>
<priv>SeSyncAgentPrivilege</priv>
<priv>SeSystemEnvironmentPrivilege</priv>
<priv>SeSystemProfilePrivilege</priv>
<priv>SeSystemtimePrivilege</priv>
<priv>SeTakeOwnershipPrivilege</priv>
<priv>SeTcbPrivilege</priv>
<priv>SeTimeZonePrivilege</priv>
<priv>SeTrustedCredManAccessPrivilege</priv>
<priv>SeUndockPrivilege</priv>
<priv>SeUnsolicitedInputPrivilege</priv>
</privs>
<oids>
<oid>2.16.840.1.113730.4.1</oid>
<oid>1.3.6.1.4.1.311.10.3.3</oid>
<oid>1.3.6.1.5.5.7.3.2</oid>
<oid>1.3.6.1.5.5.7.3.1</oid>
<oid>1.2.840.113549.1.1.11</oid>
<oid>1.2.840.113549.1.1.2</oid>
<oid>1.2.840.113549.1.1.4</oid>
<oid>1.2.840.113549.1.1.5</oid>
<oid>1.2.840.113549.1.9.6</oid>
<oid>1.2.840.113549.2.5</oid>
<oid>1.2.840.113549.1.9.5</oid>
<oid>1.2.840.113556.1.4.1221</oid>
<oid>1.2.840.113556.1.4.1222</oid>
<oid>1.2.840.113556.1.4.1362</oid>
<oid>1.2.840.113556.1.4.1413</oid>
<oid>1.2.840.113556.1.4.521</oid>
<oid>1.2.840.113556.1.4.616</oid>
<oid>1.2.840.113556.1.4.801</oid>
<oid>1.2.840.113556.1.4.805</oid>
<oid>1.2.840.113556.1.4.903</oid>
<oid>1.2.840.113556.1.4.904</oid>
<oid>1.2.840.113556.1.4.905</oid>
<oid>1.2.840.113556.1.4.906</oid>
<oid>1.2.840.113556.1.4.907</oid>
<oid>1.3.14.3.2.26</oid>
<oid>1.3.14.3.2.29</oid>
<oid>1.3.14.3.2.3</oid>
<oid>1.3.6.1.4.1.311.2.1.12</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.10</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.11</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.12</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.13</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.14</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.15</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.19</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.2</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.21</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.22</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.23</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.24</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.25</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.26</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.27</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.28</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.3</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.32</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.33</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.34</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.36</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.37</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.38</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.39</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.4</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.40</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.41</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.43</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.44</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.5</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.50</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.51</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.52</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.53</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.6</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.7</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.8</oid>
<oid>1.3.6.1.4.1.1466.115.121.1.9</oid>
<oid>1.3.6.1.4.1.311.10.3.6</oid>
<oid>1.3.6.1.4.1.311.88.2.1</oid>
<oid>1.3.6.1.4.1.311.88.2.2</oid>
<oid>1.3.6.1.5.5.7.3.3</oid>
</oids>
<agents>
<agent>Mozilla/1.22 (compatible; MSIE 10.0; Windows 3.1)</agent>
<agent>Mozilla/4.0 (compatible)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 8.0; Win32)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 6.0; Win32)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)</agent>
<agent>Mozilla/4.0 (compatible; MSI 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 6.0;)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 7.0;)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; NeosBrowser; .NET CLR 1.1.4322; .NET CLR 2.0.50727)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 6.01; Windows NT 6.0)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 7.0; .NET4.0E; Media Center PC 6.0; MASE)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1 Spark v</agent>
<agent>Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/5.0)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0; .NET CLR 1.1.4322; Windows-Media-Player/10.00.00.3990; InfoPath.2</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0</agent>
<agent>Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)</agent>
<agent>Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0</agent>
<agent>Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Linux; Android 4.3; GT-I9300 Build/JSS15J) AppleWebKit/537.36 (KHTML like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36</agent>
<agent>Mozilla/5.0 (Linux; Android 4.0.4; DROID RAZR Build/6.7.2-180_DHD-16_M4-31) AppleWebKit/535.19 (KHTML like Gecko) Chrome/18.0.1025.166 Mobile Safari/</agent>
<agent>Mozilla/5.0 (iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10</agent>
<agent>Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML like Gecko) Chrome/8.0.552.237 Safari/534.1</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko</agent>
<agent>Mozilla/5.0 (Windows NT 5.1) Gecko/20100101 Firefox/14.0 Opera/12.0</agent>
<agent>Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14</agent>
<agent>Mozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14</agent>
<agent>Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; da-dk) AppleWebKit/533.21.1 (KHTML like Gecko) Version/5.0.5 Safari/533.21.1</agent>
<agent>Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; de-at) AppleWebKit/533.21.1 (KHTML like Gecko) Version/5.0.5 Safari/533.21.1</agent>
<agent>Mozilla/5.0 (iPad; CPU OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML like Gecko ) Version/5.1 Mobile/9B176 Safari/7534.48.3</agent>
<agent>Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML like Gecko) Version/5.1.3 Safari/534.53.10</agent>
<agent>Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML like Gecko) Version/5.1.7 Safari/534.57.2</agent>
<agent>Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25</agent>
<agent>Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; chromeframe/12.0.742.112)</agent>
<agent>Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; Media Center PC 6.0; InfoPath.3; MS-RTC LM 8; Zune 4.7)</agent>
<agent>Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.1; Trident/5.0)</agent>
<agent>Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)</agent>
<agent>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)</agent>
<agent>Mozilla/5.0 (compatible; MSIE 10.0; Macintosh; Intel Mac OS X 10_7_3; Trident/6.0)</agent>
<agent>Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)</agent>
<agent>Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)</agent>
<agent>Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)</agent>
<agent>Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)</agent>
<agent>Mozilla/5.0 (Windows NT 5.0; rv:21.0) Gecko/20100101 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20130331 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20130401 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130328 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130401 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130330 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130331 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20130401 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 6.2; rv:21.0) Gecko/20130326 Firefox/21.0</agent>
<agent>Mozilla/5.0 (X11; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0</agent>
<agent>Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0</agent>
<agent>Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20130331 Firefox/21.0</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; rv:22.0) Gecko/20130405 Firefox/22.0</agent>
<agent>Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:22.0) Gecko/20130328 Firefox/22.0</agent>
<agent>Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML like Gecko) Chrome/28.0.1464.0 Safari/537.36</agent>
<agent>Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML like Gecko) Chrome/28.0.1467.0 Safari/537.36</agent>
<agent>Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML like Gecko) Chrome/28.0.1468.0 Safari/537.36</agent>
<agent>Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/29.0.1547.2 Safari/537.36</agent>
<agent>Mozilla/5.0 (compatible; MSIE 9.0; AOL 9.7; AOLBuild 4343.19; Windows NT 6.1; WOW64; Trident/5.0; FunWebProducts)</agent>
<agent>Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Acoo Browser 1.98.744; .NET CLR 3.5.30729)</agent>
<agent>Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2)</agent>
<agent>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060410 Firefox/1.0.8</agent>
<agent>Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11</agent>
<agent>Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50726)</agent>
<agent>Opera/9.25 (Windows NT 6.0; U; cn)</agent>
<agent>Opera/9.80 (Windows NT 6.1; U; en) Presto/2.5.24 Version/10.54</agent>
<agent>Opera/9.80 (Windows NT 5.1; U; zh-sg) Presto/2.9.181 Version/12.00</agent>
<agent>Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00</agent>
<agent>Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14</agent>
<agent>Opera 9.4 (Windows NT 6.1; U; en)</agent>
<agent>Opera/9.00 (Windows NT 5.1; U; en)</agent>
<agent>User-Agent: Test Agent 23.0.1</agent>
<agent>User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)</agent>
<agent>User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)</agent>
<agent>User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)</agent>
<agent>User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)</agent>
<agent>User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1 )</agent>
<agent>User-Agent: Microsoft BITS/7.5</agent>
<agent>User-Agent: Microsoft NCSI</agent>
<agent>User-Agent: Mozilla/4.0 (Windows 7 6.1) Java/1.7.0_09</agent>
<agent>User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)</agent>
<agent>User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)</agent>
<agent>User-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686)</agent>
<agent>User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko</agent>
<agent>User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.3; Trident/7.0)</agent>
<agent>User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)</agent>
<agent>User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/7.0)</agent>
<agent>User-Agent: SJZJ (compatible; MSIE 6.0; Win32)</agent>
</agents>
<exts>
<ext enable="1">3fr</ext>
<ext enable="1">accdb</ext>
<ext enable="1">apk</ext>
<ext enable="1">arch00</ext>
<ext enable="1">arw</ext>
<ext enable="1">asset</ext>
<ext enable="1">avi</ext>
<ext enable="1">arj</ext>
<ext enable="1">asp</ext>
<ext enable="1">ade</ext>
<ext enable="1">adp</ext>
<ext enable="1">app</ext>
<ext enable="1">aspx</ext>
<ext enable="1">admin</ext>
<ext enable="1">bc7</ext>
<ext enable="1">bc6</ext>
<ext enable="1">bay</ext>
<ext enable="1">big</ext>
<ext enable="1">bik</ext>
<ext enable="1">bkf</ext>
<ext enable="1">bkp</ext>
<ext enable="1">blob</ext>
<ext enable="1">bsa</ext>
<ext enable="1">bat</ext>
<ext enable="1">bak</ext>
<ext enable="1">bin</ext>
<ext enable="1">bmp</ext>
<ext enable="1">binPK</ext>
<ext enable="1">bar</ext>
<ext enable="1">bas</ext>
<ext enable="1">bsd</ext>
<ext enable="1">cas</ext>
<ext enable="1">cdr</ext>
<ext enable="1">cer</ext>
<ext enable="1">cfr</ext>
<ext enable="1">cr2</ext>
<ext enable="1">crt</ext>
<ext enable="1">crw</ext>
<ext enable="1">css</ext>
<ext enable="1">csv</ext>
<ext enable="1">c</ext>
<ext enable="1">cab</ext>
<ext enable="1">css</ext>
<ext enable="1">cache</ext>
<ext enable="1">cfg</ext>
<ext enable="1">cfm</ext>
<ext enable="1">cpp</ext>
<ext enable="1">cxx</ext>
<ext enable="1">cer</ext>
<ext enable="1">chm</ext>
<ext enable="1">cgi</ext>
<ext enable="1">classPK</ext>
<ext enable="1">cmd</ext>
<ext enable="1">com</ext>
<ext enable="1">cpl</ext>
<ext enable="1">class</ext>
<ext enable="1">dat</ext>
<ext enable="1">dk</ext>
<ext enable="1">dll</ext>
<ext enable="1">de</ext>
<ext enable="1">docx</ext>
<ext enable="1">dotm</ext>
<ext enable="1">docm</ext>
<ext enable="1">drv</ext>
<ext enable="1">doc</ext>
<ext enable="1">d3dbsp</ext>
<ext enable="1">das</ext>
<ext enable="1">dazip</ext>
<ext enable="1">db0</ext>
<ext enable="1">dbfv</ext>
<ext enable="1">dcr</ext>
<ext enable="1">der</ext>
<ext enable="1">desc</ext>
<ext enable="1">dmp</ext>
<ext enable="1">dng</ext>
<ext enable="1">dwg</ext>
<ext enable="1">dxg</ext>
<ext enable="1">dba</ext>
<ext enable="1">dbf</ext>
<ext enable="1">dtd</ext>
<ext enable="1">ecc</ext>
<ext enable="1">epk</ext>
<ext enable="1">eps</ext>
<ext enable="1">erf</ext>
<ext enable="1">esm</ext>
<ext enable="1">en</ext>
<ext enable="1">exd</ext>
<ext enable="1">exe</ext>
<ext enable="1">ex_</ext>
<ext enable="1">fini</ext>
<ext enable="1">flv</ext>
<ext enable="1">forge</ext>
<ext enable="1">fos</ext>
<ext enable="1">fpk</ext>
<ext enable="1">fsh</ext>
<ext enable="1">fpl</ext>
<ext enable="1">flg</ext>
<ext enable="1">gdb</ext>
<ext enable="1">gho</ext>
<ext enable="1">gzip</ext>
<ext enable="1">gz</ext>
<ext enable="1">gif</ext>
<ext enable="1">hlp</ext>
<ext enable="1">hta</ext>
<ext enable="1">hkdb</ext>
<ext enable="1">hkx</ext>
<ext enable="1">hplg</ext>
<ext enable="1">hvpl</ext>
<ext enable="1">h</ext>
<ext enable="1">hpp</ext>
<ext enable="1">hxx</ext>
<ext enable="1">htm</ext>
<ext enable="1">html</ext>
<ext enable="1">http</ext>
<ext enable="1">ibank</ext>
<ext enable="1">icxs</ext>
<ext enable="1">indd</ext>
<ext enable="1">itdb</ext>
<ext enable="1">itl</ext>
<ext enable="1">itm</ext>
<ext enable="1">iwd</ext>
<ext enable="1">iwi</ext>
<ext enable="1">ini</ext>
<ext enable="1">inl</ext>
<ext enable="1">iniPK</ext>
<ext enable="1">inc</ext>
<ext enable="1">ico</ext>
<ext enable="1">info</ext>
<ext enable="1">inf</ext>
<ext enable="1">ins</ext>
<ext enable="1">isp</ext>
<ext enable="1">jar</ext>
<ext enable="1">jcr</ext>
<ext enable="1">jpeg</ext>
<ext enable="1">jpegPK</ext>
<ext enable="1">js</ext>
<ext enable="1">jsp</ext>
<ext enable="1">jpe</ext>
<ext enable="1">jpg</ext>
<ext enable="1">jse</ext>
<ext enable="1">kdb</ext>
<ext enable="1">kdc</ext>
<ext enable="1">key</ext>
<ext enable="1">layout</ext>
<ext enable="1">lbf</ext>
<ext enable="1">ldf</ext>
<ext enable="1">litemod</ext>
<ext enable="1">lrf</ext>
<ext enable="1">ltx</ext>
<ext enable="1">lvl</ext>
<ext enable="1">lzh</ext>
<ext enable="1">lnk</ext>
<ext enable="1">log</ext>
<ext enable="1">md</ext>
<ext enable="1">m3u</ext>
<ext enable="1">m4a</ext>
<ext enable="1">map</ext>
<ext enable="1">mcgame</ext>
<ext enable="1">mcmeta</ext>
<ext enable="1">msi</ext>
<ext enable="1">msp</ext>
<ext enable="1">mst</ext>
<ext enable="1">msc</ext>
<ext enable="1">mde</ext>
<ext enable="1">mdb</ext>
<ext enable="1">mdbackup</ext>
<ext enable="1">manifest</ext>
<ext enable="1">mddata</ext>
<ext enable="1">mdf</ext>
<ext enable="1">mef</ext>
<ext enable="1">mp4</ext>
<ext enable="1">mov</ext>
<ext enable="1">menu</ext>
<ext enable="1">mlx</ext>
<ext enable="1">mpqge</ext>
<ext enable="1">mrwref</ext>
<ext enable="1">mp3</ext>
<ext enable="1">mpg</ext>
<ext enable="1">mpeg</ext>
<ext enable="1">net</ext>
<ext enable="1">nls</ext>
<ext enable="1">ncf</ext>
<ext enable="1">nrw</ext>
<ext enable="1">ntl</ext>
<ext enable="1">oca</ext>
<ext enable="1">ocx</ext>
<ext enable="1">olb</ext>
<ext enable="1">org</ext>
<ext enable="1">osd</ext>
<ext enable="1">odb</ext>
<ext enable="1">odc</ext>
<ext enable="1">odm</ext>
<ext enable="1">odp</ext>
<ext enable="1">ods</ext>
<ext enable="1">odt</ext>
<ext enable="1">orf</ext>
<ext enable="1">pkxm</ext>
<ext enable="1">pps</ext>
<ext enable="1">pdb</ext>
<ext enable="1">php</ext>
<ext enable="1">phtml</ext>
<ext enable="1">p12</ext>
<ext enable="1">p7b</ext>
<ext enable="1">p7c</ext>
<ext enable="1">pak</ext>
<ext enable="1">pdd</ext>
<ext enable="1">pdf</ext>
<ext enable="1">pyd</ext>
<ext enable="1">pef</ext>
<ext enable="1">pem</ext>
<ext enable="1">pfx</ext>
<ext enable="1">pkpass</ext>
<ext enable="1">png</ext>
<ext enable="1">ppt</ext>
<ext enable="1">pptm</ext>
<ext enable="1">pptx</ext>
<ext enable="1">psd</ext>
<ext enable="1">psk</ext>
<ext enable="1">pf</ext>
<ext enable="1">pst</ext>
<ext enable="1">ptx</ext>
<ext enable="1">pif</ext>
<ext enable="1">pax</ext>
<ext enable="1">pad</ext>
<ext enable="1">plist</ext>
<ext enable="1">plist_bak</ext>
<ext enable="1">qc</ext>
<ext enable="1">qdf</ext>
<ext enable="1">qic</ext>
<ext enable="1">ro</ext>
<ext enable="1">rodata</ext>
<ext enable="1">rar</ext>
<ext enable="1">rsrc</ext>
<ext enable="1">reg</ext>
<ext enable="1">rels</ext>
<ext enable="1">relsPK</ext>
<ext enable="1">rtf</ext>
<ext enable="1">r3d</ext>
<ext enable="1">raf</ext>
<ext enable="1">rar</ext>
<ext enable="1">raw</ext>
<ext enable="1">re4</ext>
<ext enable="1">rgss3a</ext>
<ext enable="1">rim</ext>
<ext enable="1">rofl</ext>
<ext enable="1">rsrc</ext>
<ext enable="1">rtf</ext>
<ext enable="1">rw2</ext>
<ext enable="1">rwl</ext>
<ext enable="1">rdp</ext>
<ext enable="1">sdb</ext>
<ext enable="1">sfx</ext>
<ext enable="1">sql</ext>
<ext enable="1">scr</ext>
<ext enable="1">sct</ext>
<ext enable="1">so</ext>
<ext enable="1">sqlite</ext>
<ext enable="1">shs</ext>
<ext enable="1">sys</ext>
<ext enable="1">swf</ext>
<ext enable="1">sav</ext>
<ext enable="1">sc2save</ext>
<ext enable="1">sid</ext>
<ext enable="1">sidd</ext>
<ext enable="1">sidn</ext>
<ext enable="1">sie</ext>
<ext enable="1">sis</ext>
<ext enable="1">slm</ext>
<ext enable="1">snx</ext>
<ext enable="1">sr2</ext>
<ext enable="1">srfv</ext>
<ext enable="1">srw</ext>
<ext enable="1">sum</ext>
<ext enable="1">svg</ext>
<ext enable="1">syncdb</ext>
<ext enable="1">srf</ext>
<ext enable="1">t13</ext>
<ext enable="1">tet</ext>
<ext enable="1">tar</ext>
<ext enable="1">tgz</ext>
<ext enable="1">tmp</ext>
<ext enable="1">temp</ext>
<ext enable="1">txt</ext>
<ext enable="1">tlb</ext>
<ext enable="1">txt3</ext>
<ext enable="0">text</ext>
<ext enable="1">t12</ext>
<ext enable="1">t13v</ext>
<ext enable="1">tax</ext>
<ext enable="1">tor</ext>
<ext enable="1">txt</ext>
<ext enable="1">unity3d</ext>
<ext enable="1">upk</ext>
<ext enable="1">url</ext>
<ext enable="1">vb</ext>
<ext enable="1">vbe</ext>
<ext enable="1">vbs</ext>
<ext enable="1">vbp</ext>
<ext enable="1">vdf</ext>
<ext enable="1">vfs0</ext>
<ext enable="1">vpk</ext>
<ext enable="1">vaf</ext>
<ext enable="1">vpp_pcv</ext>
<ext enable="1">vtf</ext>
<ext enable="1">vcf</ext>
<ext enable="1">vpp_pc</ext>
<ext enable="1">wap</ext>
<ext enable="1">wjf</ext>
<ext enable="1">ws</ext>
<ext enable="1">w3x</ext>
<ext enable="1">wb2</ext>
<ext enable="1">wma</ext>
<ext enable="1">wmo</ext>
<ext enable="1">wmv</ext>
<ext enable="1">wotreplay</ext>
<ext enable="1">wpd</ext>
<ext enable="1">wps</ext>
<ext enable="1">wsc</ext>
<ext enable="1">wsf</ext>
<ext enable="1">wsh</ext>
<ext enable="1">x3f</ext>
<ext enable="1">xaml</ext>
<ext enable="1">xlsb</ext>
<ext enable="1">xlsm</ext>
<ext enable="1">xlsx</ext>
<ext enable="1">xap</ext>
<ext enable="1">xls</ext>
<ext enable="1">xml</ext>
<ext enable="1">xmlPK</ext>
<ext enable="1">xlsm</ext>
<ext enable="1">xlsx</ext>
<ext enable="1">xlc</ext>
<ext enable="1">xlk</ext>
<ext enable="1">xlw</ext>
<ext enable="1">xxx</ext>
<ext enable="1">xfp</ext>
<ext enable="1">zip</ext>
<ext enable="1">ztmp</ext>
</exts>
<domains>
</domains>
<!-- SDDL -->
<sddls>
<sddl>(A;;0xb;;;AC)</sddl>
<sddl>(A;;0x3;;;AC)</sddl>
<sddl>D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)</sddl>
<sddl>D:(A;OICI;GA;;;WD)S:(ML;CIOI;NRNWNX;;;LW)</sddl>
<sddl>D:(A;OICI;GA;;;WD)</sddl>
<sddl>D:(A;;GA;;;WD)S:(ML;;NRNWNX;;;LW)</sddl>
<sddl>D:(A;;GA;;;WD)</sddl>
<sddl>D:AI(A;;GAFA;;;WD)</sddl>
<sddl>D:AI(A;;RPWPCCDCLCSWRCWDWOGA;;;WD)</sddl>
<sddl>D:P(D;CIOI;GA;;;BG)(D;CIOI;GA;;;LG)(A;;GA;;;WD)</sddl>
<sddl>D:P(D;CIOI;GA;;;DG)(D;CIOI;GA;;;BG)(D;CIOI;GA;;;LG)(A;;GA;;;WD)</sddl>
<sddl>D:P(D;CIOI;GA;;;BG)(D;CIOI;GA;;;LG)(D;;SD;;;WD)(A;;0x1e01ff;;;WD)(A;OICIIO;GA;;;WD)</sddl>
<sddl>D:P(D;CIOI;GA;;;DG)(D;CIOI;GA;;;BG)(D;CIOI;GA;;;LG)(D;;SD;;;WD)(A;;0x1e01ff;;;WD)(A;OICIIO;GA;;;WD)</sddl>
<sddl>D:(A;;LC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LCSWRPRCGW;;;BA)(A;;LC;;;AC);AC);AC)</sddl>
<sddl>D:(A;;0x100001;;;WD)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;%s)(A;;0x100001;;;AC);AC);AC)</sddl>
<sddl>D:(A;;0x00120001;;;WD)(A;;0x001C0002;;;PS)</sddl>
<sddl>D:(A;;0x00120003;;;WD)</sddl>
<sddl>D:(A;;0x00120001;;;WD)(A;;0x001C0002;;;PS)</sddl>
<sddl>D:(A;;0x00120003;;;WD)</sddl>
<sddl>D:(A;;0x100001;;;WD)(A;;0x1f0001;;;SY)(A;;0x1f0001;;;%s)(A;;0x100001;;;AC);AC);AC)</sddl>
<sddl>D:(A;;GR;;;RC)(A;;GR;;;%s)</sddl>
<sddl>D:(A;;GR;;;RC)(A;;GR;;;%s)(A;;GR;;;%s)</sddl>
<sddl>D:(A;;GRGWGX;;;WD)(A;;GRGWGX;;;RC)(A;;GA;;;BA)(A;;GA;;;OW)(A;;GR;;;AC)(A;;LC;;;AC)</sddl>
<sddl>D:(A;;LC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;CCDCLCSWRPSDRCWDWO;;;%s)(A;;LC;;;AC)</sddl>
<sddl>D:(A;;LC;;;WD)(A;;CCDCLCSWRPSDRCWDWO;;;SY)(A;;LCSWRPRCGW;;;BA)(A;;LC;;;AC);AC);AC)</sddl>
<sddl>D:(A;;0x1f0003;;;BA)(A;;0x100000;;;WD)</sddl>
<sddl>D:(A;;GA;;;WD)(A;;GA;;;AN)</sddl>
<sddl>D:(A;;GA;;;WD)(A;;GA;;;AN)S:(ML;;NW;;;LW)</sddl>
<sddl>D:(A;;GA;;;AU)(A;;GA;;;BA)(A;;GA;;;AN)(A;;GA;;;BG)(A;;GA;;;AC)S:(ML;;NW;;;LW)</sddl>
<sddl>D:(A;;FA;;;SY)(A;;FA;;;LS)(A;;FRFW;;;BA)(A;;FRFW;;;BU)(A;;FRFW;;;AN)S:(ML;;;;;LW)</sddl>
<sddl>D:(D;OICI;FA;;;AN)(A;OICI;FA;;;BG)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FA;;;AU)(A;OICI;FA;;;BA))</sddl>
<sddl>D:(D;OICI;FA;;;AN)(A;OICI;FA;;;BG)(A;OICI;FA;;;SY)(A;OICI;FA;;;LS)(A;OICI;FA;;;AU)(A;OICI;FA;;;BA)</sddl>
<sddl>S:(ML;;NRNWNX;;;LW)</sddl>
<sddl>S:(ML;CIOI;NRNWNX;;;LW)</sddl>
<sddl>S:(ML;CIOI;NRNWNX;;;LW)</sddl>
<sddl>S:(ML;;NW;;;LW)</sddl>
<sddl>S:(ML;;NW;;;S-1-16-0)</sddl>
<sddl>S:(ML;;NW;;;LW)D:(A;;0x12019b;;;WD)</sddl>
<sddl>O:BAG:BAD:(A;;0x7;;;WD)(A;;0x7;;;AN)(A;;0x7;;;%s)(A;;0x7;;;%s)(A;;0x3;;;AC)</sddl>
<sddl>O:SYG:SYD:(A;;RC;;;SY)</sddl>
<sddl>O:BAG:BAD:(A;;0x7;;;WD)(A;;0x3;;;AN)(A;;0x7;;;%s)(A;;0x7;;;%s)(A;;0x3;;;AC)C;;;AC)</sddl>
<sddl>O:BAG:BAD:(A;;0x1f;;;BA)(A;;0xb;;;WD)(A;;0x1f;;;%s)(A;;0x1f;;;%s)(A;;0xb;;;AC);AC)</sddl>
<sddl>O:BAG:BAD:(A;;0x1f;;;BA)(A;;0xb;;;IU)(A;;0xb;;;SY)</sddl>
<sddl>O:BAG:BAD:(A;;0x7;;;PS)(A;;0x3;;;SY)(A;;0x7;;;BA)</sddl>
</sddls>
<!-- The KNOWNFOLDERID constants represent GUIDs that identify standard folders registered with the system as Known Folders
http://msdn.microsoft.com/en-us/library/dd378457(v=vs.85).aspx -->
<folders>
<folder name="Account Pictures">{008ca0b1-55b4-4c56-b8a8-4de4b299d3be}</folder>
<folder name="Get Programs">{de61d971-5ebc-4f02-a3a9-6c82895e5c04}</folder>
<folder name="Administrative">{724EF170-A42D-4FEF-9F26-B60E846FBA4F}</folder>
<folder name="Application">{A3918781-E5F2-4890-B3D9-A7E54332328C}</folder>
<folder name="Applications">{1e87508d-89c2-42f0-8a7e-645a0f50ca58}</folder>
<folder name="Installed Updates">{a305ce99-f527-492b-8b1a-7e76fa98d6e4}</folder>
<folder name="Camera Roll">{AB5FB87B-7CE2-4F83-915D-550846C9537B}</folder>
<folder name="Temporary Burn Folder">{9E52AB10-F80D-49DF-ACB8-4330F5687855}</folder>
<folder name="Programs and Features">{df7266ac-9274-4867-8d55-3bd661de872d}</folder>
<folder name="Administrative Tools">{D0384E7D-BAC3-4797-8F14-CBA229B392B5}</folder>
<folder name="OEM Links">{C1BAE2D0-10DF-4334-BEDD-7AA20B227A9D}</folder>
<folder name="Programs Folder">{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}</folder>
<folder name="Start Menu">{A4115719-D62E-491D-AA7C-E74B8BE3B067}</folder>
<folder name="Startup">{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}</folder>
<folder name="Templates">{B94237E7-57AC-4347-9151-B08C6C32D1F7}</folder>
<folder name="Computer">{0AC0837C-BBF8-452A-850D-79D08E667CA7}</folder>
<folder name="Conflicts">{4bfefb45-347d-4006-a5be-ac0cb0567192}</folder>
<folder name="Network Connections">{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}</folder>
<folder name="Contacts">{56784854-C6CB-462b-8169-88E350ACB882}</folder>
<folder name="Control Panel">{82A74AEB-AEB4-465C-A014-D097EE346D63}</folder>
<folder name="Cookies">{2B0F765D-C0E9-4171-908E-08A611B84FF6}</folder>
<folder name="Desktop">{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}</folder>
<folder name="DeviceMetadataStore">{5CE4A5E9-E4EB-479D-B89F-130C02886155}</folder>
<folder name="Documents">{FDD39AD0-238F-46AF-ADB4-6C85480369C7}</folder>
<folder name="Documents">{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}</folder>
<folder name="Downloads">{374DE290-123F-4565-9164-39C4925E467B}</folder>
<folder name="Favorites">{1777F761-68AD-4D8A-87BD-30B759FA33DD}</folder>
<folder name="Fonts">{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}</folder>
<folder name="Games">{CAC52C1A-B53D-4edc-92D7-6B2E8AC19434}</folder>
<folder name="GameExplorer">{054FAE61-4DD8-4787-80B6-090220C4B700}</folder>
<folder name="History">{D9DC8A3B-B784-432E-A781-5A1130A75963}</folder>
<folder name="Homegroup">{52528A6B-B9E3-4ADD-B60D-588C2DBA842D}</folder>
<folder name="users username">{9B74B6A3-0DFD-4f11-9E78-5F7800F2E772}</folder>
<folder name="ImplicitAppShortcuts">{BCB5256F-79F6-4CEE-B725-DC34E402FD46}</folder>
<folder name="Temporary Internet Files">{352481E8-33BE-4251-BA85-6007CAEDCF9D}</folder>
<folder name="The Internet">{4D9F7874-4E0C-4904-967B-40B0D20C3E4B}</folder>
<folder name="Libraries">{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}</folder>
<folder name="Links">{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}</folder>
<folder name="Local">{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}</folder>
<folder name="LocalLow">{A520A1A4-1780-4FF6-BD18-167343C5AF16}</folder>
<folder name="None">{2A00375E-224C-49DE-B8D1-440DF7EF3DDC}</folder>
<folder name="Music">{4BD8D571-6D19-48D3-BE97-422220080E43}</folder>
<folder name="Music">{2112AB0A-C86A-4FFE-A368-0DE96E47012E}</folder>
<folder name="Network Shortcuts">{C5ABBF53-E17F-4121-8900-86626FC2C973}</folder>
<folder name="Network">{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}</folder>
<folder name="Original Images">{2C36C0AA-5812-4b87-BFD0-4CD0DFB19B39}</folder>
<folder name="Slide Shows">{69D2CF90-FC33-4FB7-9A0C-EBB0F0FCB43C}</folder>
<folder name="Pictures">{A990AE9F-A03B-4E80-94BC-9912D7504104}</folder>
<folder name="Pictures">{33E28130-4E1E-4676-835A-98395C3BC3BB}</folder>
<folder name="Playlists">{DE92C1C7-837F-4F69-A3BB-86E631204A23}</folder>
<folder name="Printers">{76FC4E2D-D6AD-4519-A663-37BD56068185}</folder>
<folder name="Printer Shortcuts">{9274BD8D-CFD1-41C3-B35E-B13F55A758F4}</folder>
<folder name="The users username">{5E6C858F-0E22-4760-9AFE-EA3317B67173}</folder>
<folder name="ProgramData">{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}</folder>
<folder name="Program Files">{905e63b6-c1bf-494e-b29c-65b732d3d21a}</folder>
<folder name="Program Files">{6D809377-6AF0-444b-8957-A3773F02200E}</folder>
<folder name="Program Files">{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}</folder>
<folder name="Common Files">{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}</folder>
<folder name="Common Files">{6365D5A7-0F0D-45E5-87F6-0DA56B6A4F7D}</folder>
<folder name="Common Files">{DE974D24-D9C6-4D3E-BF91-F4455120B917}</folder>
<folder name="Programs">{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}</folder>
<folder name="Public">{DFDF76A2-C82A-4D63-906A-5644AC457385}</folder>
<folder name="Public Desktop">{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}</folder>
<folder name="Public Documents">{ED4824AF-DCE4-45A8-81E2-FC7965083634}</folder>
<folder name="Public Downloads">{3D644C9B-1FB8-4f30-9B45-F670235F79C0}</folder>
<folder name="GameExplorer">{DEBF2536-E1A8-4c59-B6A2-414586476AEA}</folder>
<folder name="Libraries">{48DAF80B-E6CF-4F4E-B800-0E69D84EE384}</folder>
<folder name="Public">{3214FAB5-9757-4298-BB61-92A9DEAA44FF}</folder>
<folder name="Public Pictures">{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}</folder>
<folder name="Ringtones">{E555AB60-153B-4D17-9F04-A5FE99FC15EC}</folder>
<folder name="Public Account Pictures">{0482af6c-08f1-4c34-8c90-e17ec98b1e17}</folder>
<folder name="Public Videos">{2400183A-6185-49FB-A2D8-4A392A602BA3}</folder>
<folder name="Quick Launch">{52a4f021-7b75-48a9-9f6b-4b87a210bc8f}</folder>
<folder name="Recent Items">{AE50C081-EBD2-438A-8655-8A092E34987A}</folder>
<folder name="Recorded TV">{1A6FDBA2-F42D-4358-A798-B74D745926C5}</folder>
<folder name="Recycle Bin">{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}</folder>
<folder name="Resources">{8AD10C31-2ADB-4296-A8F7-E4701232C972}</folder>
<folder name="Ringtones">{C870044B-F49E-4126-A9C3-B52A1FF411E8}</folder>
<folder name="Roaming">{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}</folder>
<folder name="RoamedTileImages">{AAA8D5A5-F1D6-4259-BAA8-78E7EF60835E}</folder>
<folder name="RoamingTiles">{00BCFC5A-ED94-4e48-96A1-3F6217F21990}</folder>
<folder name="Sample Music">{B250C668-F57D-4EE1-A63C-290EE7D1AA1F}</folder>
<folder name="Sample Pictures">{C4900540-2379-4C75-844B-64E6FAF8716B}</folder>
<folder name="Sample Playlists">{15CA69B3-30EE-49C1-ACE1-6B5EC372AFB5}</folder>
<folder name="Sample Videos">{859EAD94-2E85-48AD-A71A-0969CB56A6CD}</folder>
<folder name="Saved Games">{4C5C32FF-BB9D-43b0-B5B4-2D72E54EAAA4}</folder>
<folder name="Searches">{7d1d3a04-debb-4115-95cf-2f29da2920da}</folder>
<folder name="Screenshots">{b7bede81-df94-4682-a7d8-57a52620b86f}</folder>
<folder name="Offline Files">{ee32e446-31ca-4aba-814f-a5ebd2fd6d5e}</folder>
<folder name="History">{0D4C3DB6-03A3-462F-A0E6-08924C41B5D4}</folder>
<folder name="Search Results">{190337d1-b8ca-4121-a639-6d472d16972a}</folder>
<folder name="Microsoft Office Outlook">{98ec0e18-2098-4d44-8644-66979315a281}</folder>
<folder name="Templates">{7E636BFE-DFA9-4D5E-B456-D7B39851D8A9}</folder>
<folder name="SendTo">{8983036C-27C0-404B-8F08-102D10DCFD74}</folder>
<folder name="Gadgets">{7B396E54-9EC5-4300-BE0A-2482EBAE1A26}</folder>
<folder name="Gadgets">{A75D362E-50FC-4fb7-AC2C-A8BEAA314493}</folder>
<folder name="OneDrive">{A52BBA46-E9E1-435f-B3D9-28DAA648C0F6}</folder>
<folder name="Camera Roll">{767E6811-49CB-4273-87C2-20F355E1085B}</folder>
<folder name="Documents">{24D89E24-2F19-4534-9DDE-6A6671FBB8FE}</folder>
<folder name="Pictures">{339719B5-8C47-4894-94C2-D8F77ADD44A6}</folder>
<folder name="Start Menu">{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}</folder>
<folder name="Startup">{B97D20BB-F46A-4C97-BA10-5E3608430854}</folder>
<folder name="Sync Center">{43668BF8-C14E-49B2-97C9-747784D784B7}</folder>
<folder name="Sync Results">{289a9a43-be44-4057-a41b-587a76d7e7f9</folder>
<folder name="Sync Setup">{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}</folder>
<folder name="System32">{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}</folder>
<folder name="System32">{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}</folder>
<folder name="Templates">{A63293E8-664E-48DB-A079-DF759E0509F7}</folder>
<folder name="User Pinned">{9E3995AB-1F9C-4F13-B827-48B24B6C7174}</folder>
<folder name="Users">{0762D272-C50A-4BB0-A382-697DCD729B80}</folder>
<folder name="Programs">{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}</folder>
<folder name="Programs">{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}</folder>
<folder name="Users full name entered when the user account was created">{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}</folder>
<folder name="Libraries">{A302545D-DEFF-464b-ABE8-61C8648D939B}</folder>
<folder name="Videos">{18989B1D-99B5-455B-841C-AB7C74E4DDFC}</folder>
<folder name="Videos">{491E922F-5643-4AF4-A7EB-4E7A138D8174}</folder>
<folder name="Windows">{F38BF404-1D43-42F2-9305-67DE0B28FC23}</folder>
</folders>
<!-- guid -->
<guids>
<guid>27C3B8ED-0790-42BD-9AD7-18465E7F7696</guid>
<guid>27C3B8ED-0790-42BD-9AD7-18465E7F7696</guid>
<guid>27C3B8ED-0790-42BD-9AD7-18465E7F7696</guid>
<guid>97808F6C-4769-49D5-9553-18AE9C62ACD7</guid>
<guid>B196B286-BAB4-101A-B69C-00AA00341D07</guid>
<guid>D27CDB6E-AE6D-11CF-96B8-444553540000</guid>
<guid>abe2869f-9b47-4cd9-a358-c22904dba7f7</guid>
<guid>00000000-0000-0000-C000-000000000046</guid>
<guid>ADB880A6-D8FF-11CF-9377-00AA003B7A11</guid>
<guid>5e7e8100-9138-11d1-945a-00c04fc308ff</guid>
<guid>82bd0e67-9fea-4748-8672-d5efe5b779b0</guid>
<guid>5e7e8100-9138-11d1-945a-00c04fc308ff</guid>
<guid>82BD0E67-9FEA-4748-8672-D5EFE5B779B0</guid>
<guid>8856F961-340A-11D0-A96B-00C04FD705A2</guid>
</guids>
<!-- Registry -->
<regs>
<reg>\Device\KeyboardClass0</reg>
<reg>Software\Skype\Phone</reg>
<reg>Software\Microsoft\Windows\CurrentVersion\Group Policy Objects</reg>
<reg>\registry\machine\system\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\</reg>
<reg>SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability</reg>
<reg>SOFTWARE\Policies\Microsoft\Cryptography\AutoEnrollment</reg>
<reg>SYSTEM\CurrentControlSet\Control\CrashControl\MachineCrash</reg>
<reg>SYSTEM\CurrentControlSet\Control\MiniNT</reg>
<reg>SYSTEM\CurrentControlSet\Control\Watchdog\Display</reg>
<reg>SYSTEM\CurrentControlSet\Services\NetDDE</reg>
<reg>SYSTEM\CurrentControlSet\Services\netlogon\parameters</reg>
<reg>Software\Microsoft\Remote Desktop</reg>
<reg>Software\Microsoft\Windows NT\CurrentVersion\SystemRestore</reg>
<reg>Software\Microsoft\Windows NT\CurrentVersion\WPAReminders</reg>
<reg>Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LocalUsers</reg>
<reg>Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify</reg>
<reg>Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon</reg>
<reg>Software\Microsoft\Windows\CurrentVersion\Explorer\Remote\%d</reg>
<reg>Software\Microsoft\Windows\CurrentVersion\ThemeManager\Remote\%d</reg>
<reg>Software\Microsoft\Windows\CurrentVersion\WindowsUpdate</reg>
<reg>Software\Policies\Microsoft\System\DNSclient</reg>
<reg>Software\Policies\Microsoft\Windows NT\Terminal Services</reg>
<reg>Software\Policies\Microsoft\Windows\Control Panel\Desktop</reg>
<reg>Software\Policies\Microsoft\Windows\System\Power</reg>
<reg>Software\Policies\Microsoft\Windows\System\Scripts\</reg>
<reg>System\CurrentControlSet\Control\Lsa</reg>
<reg>System\CurrentControlSet\Control\SafeBoot\Option</reg>
<reg>System\CurrentControlSet\Control\Session Manager\Environment</reg>
<reg>System\CurrentControlSet\Control\Session Manager\Memory ManagementLogonCrash</reg>
<reg>System\CurrentControlSet\Control\Terminal Server</reg>
<reg>System\CurrentControlSet\Control\Terminal Server\Licensing Core</reg>
<reg>System\CurrentControlSet\Control\Windows</reg>
<reg>System\CurrentControlSet\Services\Tcpip\Parameters</reg>
<reg>System\WPA\</reg>
<reg>SOFTWARE\Microsoft\Windows Messaging Subsystem</reg>
<reg>HARDWARE\DEVICEMAP\SERIALCOMM</reg>
<reg>HARDWARE\DEVICEMAP\PARALLEL PORTS</reg>
<reg>SOFTWARE\KasperskyLab\protected\AVP9\settings</reg>
<reg>SOFTWARE\KasperskyLab\protected\AVP8\settings</reg>
<reg>SOFTWARE\kingsoft\AntiVirus</reg>
<reg>SOFTWARE\JiangMin</reg>
<reg>SOFTWARE\Norton\SecurityStatusSDK</reg>
<reg>SOFTWARE\ESET\ESET Security\CurrentVersion\Info</reg>
<reg>SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters</reg>
<reg>SYSTEM\ControlSet001\Services\vmxnet</reg>
<reg>.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices</reg>
<reg>.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce</reg>
<reg>.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run</reg>
<reg>Software\Microsoft\Windows\CurrentVersion\RunServices</reg>
<reg>SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system</reg>
<reg>Software\Cisco Systems\VPN Client\AllAccess</reg>
<reg>SOFTWARE\AVAST Software</reg>
<reg>SOFTWARE\ESET</reg>
<reg>Software\Microsoft\Windows\CurrentVersion\Internet Settings</reg>
<reg>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon</reg>
<reg>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UserReset</reg>
<reg>Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</reg>
<reg>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run</reg>
<reg>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell</reg>
<reg>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wdfmgr</reg>
<reg>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UserRestart</reg>
<reg>System\CurrentControlSet\Control\Session Manager\FileRenameOperations</reg>
<reg>Software\Microsoft\Windows\CurrentVersion</reg>
<reg>Software\Microsoft\windows\currentversion\Internet Settings</reg>
<reg>Software\Microsoft\Windows\CurrentVersion\RunOnce</reg>
<reg>Software\Microsoft\Windows\CurrentVersion\Run</reg>
<reg>Software\Microsoft\Windows\CurrentVersion\Run\</reg>
<reg>Software\Microsoft\windows\currentversion\Internet Settings</reg>
<reg>SOFTWARE\Microsoft\Windows NT\CurrentVersion</reg>
<reg>Software\Microsoft\Windows NT\CurrentVersion\ProfileGuid</reg>
<reg>Software\Microsoft\Windows NT\CurrentVersion\ProfileList</reg>
<reg>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</reg>
<reg>SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost</reg>
<reg>Software\Policies\Microsoft\Windows\System</reg>
<reg>System\CurrentControlSet\Control\Session Manager</reg>
<reg>CurrentVersion\Run</reg>
<reg>HKEY_CLASSES_ROOT</reg>
<reg>HKEY_CURRENT_USER</reg>
<reg>HKEY_LOCAL_MACHINE</reg>
<reg>HKEY_USERS</reg>
<reg>HKEY_PERFORMANCE_DATA</reg>
<reg>HKEY_CURRENT_CONFIG</reg>
<reg>HKEY_DYN_DATA</reg>
<reg>Hardware\Description\System\CentralProcessor</reg>
<reg>Hardware\ACPI\DSDT</reg>
<reg>HARDWARE\DEVICEMAP\SERIALCOMM</reg>
<reg>HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0</reg>
<reg>HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0</reg>
<reg>SYSTEM\CurrentControlSet\Services\mssmbios\data</reg>
<reg>SYSTEM\CurrentControlSet\Services\</reg>
<reg>SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip</reg>
<reg>hklm\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}</reg>
<reg>hklm\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}</reg>
<reg>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall</reg>
<reg>HARDWARE\DESCRIPTION\System\CentralProcessor\0</reg>
<reg>SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder</reg>
<reg>SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\</reg>
<reg>SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg</reg>
<reg>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall</reg>
<reg>SYSTEM\CurrentControlSet\Control\Keyboard Layouts\</reg>
<reg>Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders</reg>
<reg>DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</reg>
<reg>DisableTaskManager</reg>
<reg>HKCU\Control Panel\Desktop</reg>
<reg>SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}</reg>
<reg>SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}</reg>
<reg>CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32</reg>
<reg>SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32</reg>
<reg>SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List</reg>
<reg>System\CurrentControlSet\Control\BackupRestore\FilesNotToBackup</reg>
<reg>LoadAppInit_DLLs</reg>
<reg>AppInit_DLLs</reg>
<reg>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows</reg>
<reg>\Microsoft\Windows\WSUS</reg>
<reg>WarnOnIntranet</reg>
<reg>Software\Microsoft\Internet Explorer\Main</reg>
<reg>NoProtectedModeBanner</reg>
<reg>Global\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}</reg>
<reg>Global\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}</reg>
<reg>CLSID\{6C736DB0-BD94-11D0-8A23-00AA00B58E10}\EnableEvents</reg>
<reg>ROOT\SecurityCenter</reg>
<reg>ROOT\SecurityCenter2</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Antivirus</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Antivirus</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360SD</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360SD</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft PC Doctor</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft PC Doctor</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360 Internet Security</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360 Internet Security</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security 9</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security 9</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security U SP1</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security U SP1</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D1ABBC6D-4C7B-4D6B-9B50-F79399DD3652}</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D1ABBC6D-4C7B-4D6B-9B50-F79399DD3652}</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC54C7CC-3868-4942-BD2E-1BCA2519C881}</reg>
<reg>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC54C7CC-3868-4942-BD2E-1BCA2519C881}</reg>
<reg>\shell\open\command</reg>
<reg>\Device\KeyboardClassC</reg>
<reg>\DosDevices\KeyboardClassC</reg>
<reg>HKCR</reg>
<reg>HKCU</reg>
<reg>HKLM</reg>
<reg>HKPD</reg>
<reg>HKDD</reg>
<reg>HKCC</reg>
<reg>HKCU</reg>
</regs>
<folders>
<!-- Common folder variables http://www.microsoft.com/security/portal/mmpc/shared/variables.aspx#startup -->
<folder>%ALLUSERPROFILE%</folder>
<folder>%APPDATA%</folder>
<folder>commonappdata</folder>
<folder>%CommonProgramFiles%</folder>
<folder>%HOMEPATH%</folder>
<folder>%LOCALAPPDATA%</folder>
<folder>%ProgramData%</folder>
<folder>%ProgramFiles%</folder>
<folder>%PUBLIC%</folder>
<folder>%SystemDrive%</folder>
<folder>%SystemRoot%</folder>
<folder>%TEMP%</folder>
<folder>%USERPROFILE%</folder>
<folder>%windows%</folder>
<folder>%windir%</folder>
<folder>%system%</folder>
<folder>%temp%</folder>
<folder>%user%</folder>
<folder>%programfiles%</folder>
<folder>C:\Program Files\Common Files\System\wab32</folder>
</folders>
<oss>
<os>Microsoft Windows ME</os>
<os>Microsoft Windows 98</os>
<os>Microsoft Windows 95</os>
<os>Microsoft Windows 2000</os>
<os>Microsoft Windows XP</os>
<os>Home-Basic-Edition</os>
<os>Home-Premium-Edition</os>
<os>Home_Edition</os>
<os>Home_Server</os>
<os>WinNT</os>
<os>WIN32_NT</os>
<os>WIN_2008R2</os>
<os>WIN_7</os>
<os>WIN_2008</os>
<os>WIN_VISTA</os>
<os>WIN_2003</os>
<os>WIN_XPe</os>
<os>WIN_XP</os>
<os>WIN_2000</os>
<os>Web_Server_Edition</os>
<os>Standard_Edition_core_installation</os>
<os>Standard_Edition</os>
<os>Small_Business_Server_Premium_Edition</os>
<os>Small_Business_Server</os>
<os>Enterprise_Edition_for_ItaniumBased_System</os>
<os>Enterprise_Edition_core_installation</os>
<os>Datacenter_Edition_core_installation</os>
<os>Datacenter_Edition</os>
<os>Cluster_Server_Edition</os>
<os>Starter_Edition</os>
<os>Business_Edition</os>
<os>Enterprise_Edition</os>
<os>Home_Basic_Edition</os>
<os>Home_Premium_Edition</os>
<os>Ultimate_Edition</os>
<os>Server2008R2</os>
<os>Seven</os>
<os>Server2008</os>
<os>Win8</os>
<os>WinServer2012</os>
<os>Win7</os>
<os>WinServer2008R2</os>
<os>WinServer2008</os>
<os>Vista</os>
<os>WinHomeServer</os>
<os>WinServer2003R2</os>
<os>WinServer2003</os>
<os>WinXP64</os>
<os>WinXP</os>
<os>Win2K</os>
<os>Windows Me</os>
<os>Windows 98</os>
<os>Windows 95</os>
<os>Windows NT</os>
<os>Windows Vista</os>
<os>Windows 7</os>
<os>Windows 8</os>
<os>Ultimate Edition</os>
<os>Home Premium Edition</os>
<os>Home Basic Edition</os>
<os>Enterprise Edition</os>
<os>Business Edition</os>
<os>Starter Edition</os>
<os>Cluster Server Edition</os>
<os>Datacenter Edition</os>
<os>Datacenter Edition (core installation)</os>
<os>Enterprise Edition (core installation)</os>
<os>Enterprise Edition for Itanium-based Systems</os>
<os>Small Business Server</os>
<os>Small Business Server Premium Edition</os>
<os>Standard Edition</os>
<os>Standard Edition (core installation)</os>
<os>Web Server Edition</os>
<os>Professional Edition</os>
<os>Windows Server 2003</os>
<os>Windows Server 2003 R2</os>
<os>Windows Storage Server 2003</os>
<os>Windows XP</os>
<os>Windows XP Professional x64 Edition</os>
<os>Windows XP Professional x64</os>
<os>Datacenter Edition for Itanium-based Systems</os>
<os>Datacenter x64 Edition</os>
<os>Enterprise x64 Edition</os>
<os>Standard x64 Edition</os>
<os>Compute Cluster Edition</os>
<os>Web Edition</os>
<os>Home Edition</os>
<os>Professional</os>
<os>Windows 2000</os>
<os>Datacenter Server</os>
<os>Advanced Server</os>
<os>Windows Home Server</os>
<os>Windows Server 2008</os>
<os>Windows Server 2008 R2</os>
<os>Windows Server R2</os>
<os>Media Center Edition</os>
<os>Tablet PC Edition</os>
<os>Embedded Edition</os>
<os>Professional x64 Edition</os>
<os>Storage Server 2003 R2</os>
<os>Storage Server 2003</os>
<os>Server 2003 R2</os>
<os>Server 2003</os>
<os>Server 2008</os>
<os>Business</os>
<os>Business N</os>
<os>Datacenter Edition(Core)</os>
<os>Enterprise N</os>
<os>Enterprise Edition(Core)</os>
<os>Home Basic</os>
<os>Home Basic N</os>
<os>Home Premium</os>
<os>Home Premium N</os>
<os>Ultimate</os>
<os>Ultimate N</os>
<os>Standard Edition(Core)</os>
<os>NT3.1</os>
<os>NT3.5</os>
<os>NT3.51</os>
<os>2000</os>
<os>2003 Server</os>
<os>2008 Server</os>
<os>Win Vista</os>
<os>Win Srv 2008</os>
<os>Win 7</os>
<os>Win 8</os>
<os>Win Srv 2003</os>
<os>Win Srv</os>
<os>Win XP</os>
<os>Win 2000</os>
<os>Windows Server 2012</os>
<os>32-bit Edition</os>
<os>64-bit Edition</os>
<os>Windows Server 2000</os>
<os>2003</os>
<os>2008</os>
<os>Windows Server 2000</os>
</oss>
<!--Sandbox Product IDs -->
<products>
<product>76487-640-1457236-23837</product>
<product>76487-337-8429955-22614</product>
<product>76487-644-3177037-23510</product>
<product>76487-640-8834005-23195</product>
<product>76487-640-0716662-23535</product>
<product>76487-644-8648466-23106</product>
<product>76487-341-5883812-22420</product>
<product>76487-OEM-0027453-63796</product>
<product>76497-640-6308873-23835</product>
<product>55274-640-2673064-23950</product>
<product>00426-293-8170032-85146</product>
</products>
<!-- SID (Security Identifiers -->
<sids>
<sid>S-1-0</sid>
<sid>S-1-0-0</sid>
<sid>S-1-1</sid>
<sid>S-1-1-0</sid>
<sid>S-1-2</sid>
<sid>S-1-2-0</sid>
<sid>S-1-2-1</sid>
<sid>S-1-3</sid>
<sid>S-1-3-0</sid>
<sid>S-1-3-1</sid>
<sid>S-1-3-2</sid>
<sid>S-1-3-3</sid>
<sid>S-1-3-4</sid>
<sid>S-1-5-80-0</sid>
<sid>S-1-4</sid>
<sid>S-1-5</sid>
<sid>S-1-5-1</sid>
<sid>S-1-5-2</sid>
<sid>S-1-5-3</sid>
<sid>S-1-5-4</sid>
<sid>S-1-5-6</sid>
<sid>S-1-5-7</sid>
<sid>S-1-5-8</sid>
<sid>S-1-5-9</sid>
<sid>S-1-5-10</sid>
<sid>S-1-5-11</sid>
<sid>S-1-5-12</sid>
<sid>S-1-5-13</sid>
<sid>S-1-5-14</sid>
<sid>S-1-5-15</sid>
<sid>S-1-5-17</sid>
<sid>S-1-5-18</sid>
<sid>S-1-5-19</sid>
<sid>S-1-5-20</sid>
<sid>S-1-5-32-544</sid>
<sid>S-1-5-32-545</sid>
<sid>S-1-5-32-546</sid>
<sid>S-1-5-32-547</sid>
<sid>S-1-5-32-548</sid>
<sid>S-1-5-32-549</sid>
<sid>S-1-5-32-550</sid>
<sid>S-1-5-32-551</sid>
<sid>S-1-5-32-552</sid>
<sid>S-1-5-64-10</sid>
<sid>S-1-5-64-14</sid>
<sid>S-1-5-64-21</sid>
<sid>S-1-5-80</sid>
<sid>S-1-5-83-0</sid>
<sid>S-1-16-0</sid>
<sid>S-1-16-4096</sid>
<sid>S-1-16-8192</sid>
<sid>S-1-16-8448</sid>
<sid>S-1-16-12288</sid>
<sid>S-1-16-16384</sid>
<sid>S-1-16-20480</sid>
<sid>S-1-16-28672</sid>
<sid>S-1-5-32-554</sid>
<sid>S-1-5-32-555</sid>
<sid>S-1-5-32-556</sid>
<sid>S-1-5-32-557</sid>
<sid>S-1-5-32-558</sid>
<sid>S-1-5-32-559</sid>
<sid>S-1-5-32-560</sid>
<sid>S-1-5-32-561</sid>
<sid>S-1-5-32-562</sid>
<sid>S-1-5-32-569</sid>
<sid>S-1-5-32-573</sid>
<sid>S-1-5-32-574</sid>
<sid>S-1-5-32-575</sid>
<sid>S-1-5-32-576</sid>
<sid>S-1-5-32-577</sid>
<sid>S-1-5-32-578</sid>
<sid>S-1-5-32-579</sid>
<sid>S-1-5-32-580</sid>
<sid>S-1-5-80-2006800713-1441093265-249754844-3404434343-1444102779</sid>
<sid>S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435</sid>
</sids>
<protocols>
<protocol enable="1">http</protocol>
<protocol enable="1">https</protocol>
<protocol enable="1">httpmail</protocol>
<protocol enable="1">nntp</protocol>
<protocol enable="1">imap</protocol>
<protocol enable="1">pop3</protocol>
<protocol enable="1">file</protocol>
<protocol enable="1">smtp</protocol>
<protocol enable="1">ftp</protocol>
<protocol enable="1">icmp</protocol>
</protocols>
<keys>
<key enable="1">[ESCAPE]</key>
<key enable="1">[ENTER]</key>
<key enable="1">[TAB]</key>
<key enable="1">[DELETE]</key>
<key enable="1">[CAPS LOCK]</key>
<key enable="1">[BACKCPACE]</key>
<key enable="1">[Backspace]</key>
<key enable="1">[Enter]</key>
<key enable="1">[Tab]</key>
<key enable="1">[Arrow Left]</key>
<key enable="1">[Arrow Up]</key>
<key enable="1">[Arrow Right]</key>
<key enable="1">[Arrow Down]</key>
<key enable="1">[Home]</key>
<key enable="1">[Page Up]</key>
<key enable="1">[Page Down]</key>
<key enable="1">[End]</key>
<key enable="1">[Break]</key>
<key enable="1">[Delete]</key>
<key enable="1">[Insert]</key>
<key enable="1">[Print Screen]</key>
<key enable="1">[Scroll Lock]</key>
<key enable="1">[Caps Lock]</key>
<key enable="1">[Alt]</key>
<key enable="1">[Esc]</key>
</keys>
<events>
<event enable="1">OnActivate</event>
<event enable="1">OnCanClose</event>
<event enable="1">OnChange</event>
<event enable="1">OnClick</event>
<event enable="1">OnClose</event>
<event enable="1">OnCloseQuery</event>
<event enable="1">OnCloseUp</event>
<event enable="1">OnClose</event>
<event enable="1">OnCreate</event>
<event enable="1">OnCreatePanelClass</event>
<event enable="1">OnData</event>
<event enable="1">OnDataFind</event>
<event enable="1">OnDataHint</event>
<event enable="1">OnDataStateChange</event>
<event enable="1">OnDeletion</event>
<event enable="1">OnDestroy</event>
<event enable="1">OnDockOver</event>
<event enable="1">OnDragDrop</event>
<event enable="1">OnDragOver</event>
<event enable="1">OnDropDown</event>
<event enable="1">OnEndDock</event>
<event enable="1">OnEndDrag</event>
<event enable="1">OnExit</event>
<event enable="1">OnKeyDown</event>
<event enable="1">OnKeyPress</event>
<event enable="1">OnKeyUp</event>
<event enable="1">OnMouseDown</event>
<event enable="1">OnMouseEnter</event>
<event enable="1">OnMouseLeave</event>
<event enable="1">OnMouseMove</event>
<event enable="1">OnMouseUp</event>
<event enable="1">OnProgress</event>
<event enable="1">OnTimer</event>
<event enable="1">OnUnDock</event>
<event enable="1">OnUpdate</event>
</events>
<strings>
<string>ResponseText</string>
<string>MSXML2.ServerXMLHTTP$</string>
<string>MSXML2.DOMDocument$</string>
<string>Macros must be enabled to display the contents of the document.</string>
<string>They are public gates to the secret server.</string>
<string>Your decryption price will</string>
<string>Your personal files are encrypted!</string>
<string>for this computer. To decrypt files you need to obtain the</string>
<string>the more chances are left to recover the files.</string>
<string>!!!Rescue your files!!!</string>
<string>Any attempt to remove or corrupt this software will result</string>
<string>Now you have the last chance to decrypt your files.</string>
<string>Any attempt to remove or corrupt this software will result</string>
<string>in immediate elimination of the private key by the server.</string>
<string>the more chances are left to recover the files.</string>
<string>You must install this browser</string>
<string>Your decryption price will</string>
<string>Everything is fine now decrypting all files.</string>
<string>All files Decrypted</string>
<string>Enter Decrypt Key</string>
<string>Follow the instructions on the server.</string>
<string>SECG curve over a 256 bit prime field</string>
<string>SmartAssembly.Attributes</string>
<string>Copyright (c) 1998-2009 by Joergen Ibsen All Rights Reserved.</string>
<string>More information: http://www.ibsensoftware.com/</string>
<string>"Powered by SmartAssembly 6.8.0.121</string>
<string>Fuck You!!!</string>
<string>$Info: This file is packed with the UPX executable packer http://upx.sf.net $</string>
<string>$Id: UPX 3.91 Copyright (C) 1996-2013 the UPX Team. All Rights Reserved. $</string>
<string>Microsoft Application Compatibility Toolkit 5.6</string>
<string>Management</string>
<string>File manager</string>
<string>System Manager</string>
<string>Screen Capture</string>
<string>Webcam Capture</string>
<string>Packet Sniffer</string>
<string>Listen</string>
<string>Kill</string>
<string>Background</string>
<string>\\.\mailslot\%s</string>
<string>Macromedia Flash Player 7.0 r14</string>
<string>Macromedia Flash Player 7.0</string>
<string>dbgeng</string>
<string>Microsoft Office Word 97-2003</string>
<string>Microsoft Word Document</string>
<string>MSWordDoc</string>
<string>Word.Application</string>
<string>Microsoft Office Word</string>
<string>Word.Document.8</string>
<string>Network Performance and Security Manager</string>
<string>ProxyEnable</string>
<string>ProxyServer</string>
<string>ProxyOverride</string>
<string>ProxyUserName</string>
<string>ProxyPassword</string>
<string>SkpWnd</string>
<string>SkypeControlAPIAttach</string>
<string>SkypeControlAPIDiscover</string>
<string>Skype:API</string>
<string>GET SKYPEVERSION</string>
<string>SkypePath</string>
<string>AdministratorsGroup</string>
<string>NtAuthority</string>
<string>masterkey</string>
<string>IEHistory</string>
<string>BUILTIN</string>
<string>NT AUTHORITY</string>
<!-- Firefox -->
<string>PR_Bind</string>
<string>PR_Accept</string>
<string>PR_AcceptRead</string>
<string>PR_Connect</string>
<string>PR_Listen</string>
<string>PR_Read</string>
<string>PR_Write</string>
<string>PR_Writev</string>
<string>PR_Close</string>
<string>PR_Send</string>
<string>PR_TransmitFile</string>
<string>PR_OpenTCPSocket</string>
<string>PR_GetSocketOption</string>
<string>PR_SetSocketOption</string>
<string>PR_Shutdown</string>
<string>PR_GetError</string>
<string>PR_SetError</string>
<string>PR_GetNameForIdentity</string>
<!-- Unclassified -->
<string>cards</string>
<string>card</string>
<string>speex-1.1.11.1</string>
<string>Time expiried.</string>
<string>PClock</string>
<string>Start scanner</string>
<string>Scanner completed</string>
<string>Start crypter</string>
<string>Files encrypted</string>
<string>TCustomDecompressor</string>
<string>TCompressedBlockReader</string>
<string>SoftDownloaderWnd</string>
<string>MemoryScanner</string>
<string>ActiveX Control</string>
<string>\\.\PhysicalDrive%d</string>
<string>Microsoft Windows Auto Update</string>
<string>PB_DropAccept</string>
<string>PB_WindowID</string>
<string>IsAdmin</string>
<string>CryptKeyType</string>
<string>CryptKeyId</string>
<string>NetAdapter</string>
<string>Gateway</string>
<string>PriWinsServer</string>
<string>SecWinsServer</string>
<string>DHCPServer</string>
<string>DnsServer</string>
<string>Microsoft Enhanced Cryptographic Provider v1.0</string>
<string>Microsoft Base Cryptographic Provider v1.0</string>
<string>Gestalt</string>
<string>stub_helper</string>
<string>vm_protect</string>
<string>FtpServer</string>
<string>FtpUserName</string>
<string>FtpPassword</string>
<string>FtpDirectory</string>
<string>RootDirectory</string>
<string>Port</string>
<string>ServerType</string>
<string>onEnterFrame</string>
<string>attachMovie</string>
<string>error to get HDD firmware serial</string>
<string>aPLib v1.01 - the smaller the better :)</string>
<string>TrojanEngine</string>
<string>Clinic</string>
<string>NetMon</string>
<string>FileSmash</string>
<string>SafeBox</string>
<string>IERepair</string>
<string>KillVirus</string>
<string>SoftMove</string>
<string>SysClean</string>
<string>Trojan</string>
<string>CrashStackLen</string>
<string>CrashDumpLen</string>
<string>CrashStackBase64Len</string>
<string>CrashDumpBase64Len</string>
<string>CrashStack</string>
<string>MinDump</string>
<string>Google Update Service</string>
<string>googleupdate</string>
<string>VIRUS</string>
<string>QEMU</string>
<string>PaySafeCard</string>
<string>MoneyPak</string>
<string>moneypak</string>
<string>Safengine Shielden v2.3.0.0</string>
<string>MSFT</string>
<string>EnumProcess</string>
<string>InjectByPid</string>
<string>Send to Server failed.</string>
<string>HandShake with the server failed. Error:</string>
<string>Microsoft Unified Security Protocol Provider</string>
<string>ddos.bot</string>
<string>passwords</string>
<string>httpserver</string>
<string>makedir</string>
<string>sendkeys</string>
<string>opencmd</string>
<string>ProcessorNameString</string>
<string>Identifier</string>
<string>VendorIdentifier</string>
<string>SystemBiosVersion</string>
<string>SystemBiosDate</string>
<string>VideoBiosVersion</string>
<string>VideoBiosDate</string>
<string>Windows File Protection</string>
<string>LogonFailure</string>
<string>killthread</string>
<string>startkeylogger</string>
<string>stopkeylogger</string>
<string>listprocesses</string>
<string>killprocess</string>
<string>stopspy</string>
<string>redirectspy</string>
<string>stopredirectspy</string>
<string>kazaabackupfiles</string>
<string>SC_MONITORPOWER</string>
<string>HWND_BROADCAST</string>
<string>IsConnectedToInternet</string>
<string>get_MachineName</string>
<string>MacAddress</string>
<string>InternetExplorer.Application</string>
<string>EmailAddress</string>
<string>PopServer</string>
<string>PopPort</string>
<string>PopAccount</string>
<string>PopPassword</string>
<string>SmtpServer</string>
<string>SmtpPort</string>
<string>SmtpAccount</string>
<string>SmtpPassword</string>
<string>WininetCacheCredentials</string>
<string>MS IE FTP Passwords</string>
<string>PasswordType</string>
<string>OutpostMonitor</string>
<string>telnet</string>
<string>Download.Complete</string>
<string>Download.Cancelled</string>
<string>Download.Failed</string>
<string>onLoadInit</string>
<string>onLoadProgress</string>
<string>onLoadError</string>
<string>onLoadComplete</string>
<string>onLoadStart</string>
<string>onScroller</string>
<string>onChanged</string>
<string>onConstruct</string>
<string>onDragOut</string>
<string>onDragOver</string>
<string>onRollOut</string>
<string>onRollOver</string>
<string>onReleaseOutside</string>
<string>onRelease</string>
<string>onPress</string>
<string>onInitialize</string>
<string>onKeyUp</string>
<string>onKeyDownv</string>
<string>onMouseUp</string>
<string>onMouseDown</string>
<string>onMouseMove</string>
<string>onUnload</string>
<string>onEnterFrame</string>
<string>SMTP Password</string>
<string>HTTPMail Password</string>
<string>NNTP Password</string>
<string>IMAP Password</string>
<string>POP3 Password</string>
<string>NNTP Password</string>
<string>IMAP Password</string>
<string>POP3 Password</string>
<string>IMAP Port</string>
<string>SMTP Port</string>
<string>POP3 Port</string>
<string>SMTP User</string>
<string>HTTPMail Server</string>
<string>IMAP User</string>
<string>POP3 User</string>
<string>HTTP Server URL</string>
<string>HTTP User</string>
<string>Email</string>
<string>IMAP User Name</string>
<string>IMAP Server</string>
<string>NNTP Server</string>
<string>NNTP User Name</string>
<string>NNTP Email Address</string>
<string>SMTP User Name</string>
<string>SMTP Server</string>
<string>SMTP Email Address</string>
<string>Adobe ImageReadyq</string>
<string>ClearBrowsingHistoryOnExit</string>
<string>GetMACAddress</string>
<string>GetProcessesByName</string>
<string>WebRequest</string>
<string>WebResponse</string>
<string>GetResponse</string>
<string>GetVolumeSerial</string>
<string>ENCRYPtSTRING</string>
<string>ENCRYPTBYTe</string>
<string>VBRUN</string>
<string>Blowfish</string>
<string>CreateDecryptor</string>
<string>MD5CryptoServiceProvider</string>
<string>TripleDESCryptoServiceProvider</string>
<string>PaddingMode</string>
<string>iexplorer</string>
<string>Shell_TrayWnd</string>
<string>ExecuteCommand</string>
<string>RunPE</string>
<string>CCleaner</string>
<string>Binder</string>
<string>SpyTheSpy</string>
<string>TCPEye</string>
<string>SpeedGear</string>
<string>taskmgr</string>
<string>IPBlocker</string>
<string>CCleaner</string>
<string>procexp</string>
<string>Windows Update</string>
<string>Payment ok</string>
<string>Payment Received. Proceed to decryption.</string>
<string>Waiting Payment</string>
<string>Waiting TOR Connection</string>
<string>TorLocker</string>
<string>proxyPort = 58010</string>
<string>socksParentProxy = 127.0.0.1:9150</string>
<string>socksProxyType = socks5</string>
<string>TorLocker_v0.9.3</string>
<string>127.0.0.1:58010</string>
<string>Wallpaper</string>
<string>kippohome</string>
<string>huffman</string>
<string>DecodeHuffman</string>
<string>Decode</string>
<string>Inflate</string>
<string>Unzip</string>
<string>ZipAndEncrypt</string>
<string>ZipAndAES</string>
<string>LoadFile</string>
<string>SafenSoft</string>
<string>SysWatch</string>
<string>McAfee</string>
<string>Security Center</string>
<string>Symantec</string>
<string>Protection</string>
<string>Norton</string>
<string>Host OS</string>
<string>PONG!</string>
<string>ReadPort</string>
<string>WritePort</string>
<string>cookie_module</string>
<string>Proxy-Connection</string>
<string>CompressAndSend</string>
<string>EncryptFile</string>
<string>RunAsShellUser</string>
<string>SVNCStartServer</string>
<string>Terminal Server</string>
<string>Enterprise</string>
<string>LanmanNT</string>
<string>BEGIN</string>
<string>CONNECTED</string>
<string>SENDME</string>
<string>EXTEND</string>
<string>EXTENDED</string>
<string>TRUNCATE</string>
<string>TRUNCATED</string>
<string>RESOLVE</string>
<string>RESOLVED</string>
<string>BEGIN_DIR</string>
<string>ESTABLISH_INTRO</string>
<string>ESTABLISH_RENDEZVOUS</string>
<string>INTRODUCE1</string>
<string>INTRODUCE2</string>
<string>RENDEZVOUS1</string>
<string>RENDEZVOUS2</string>
<string>INTRO_ESTABLISHED</string>
<string>RENDEZVOUS_ESTABLISHED</string>
<string>INTRODUCE_ACK</string>
<string>system.log</string>
<string>tor.exe</string>
<string>tcpdump.exe</string>
<string>windump.exe</string>
<string>ethereal.exe</string>
<string>wireshark.exe</string>
<string>ettercap.exe</string>
<string>snoop.exe</string>
<string>dsniff.exe</string>
<string>ChewBacca/</string>
<string>chewbacca</string>
<string>.onion/</string>
<string>TMemoryScanner</string>
<string>Symantec Shared</string>
<string>CWSandbox</string>
<string>AVAST Software</string>
<string>Registry optimiser</string>
<string>Optimizing the registry...</string>
<string>Virtual HD</string>
<string>News Letter</string>
<string>Subject:</string>
<string>db2admin</string>
<string>nopassword</string>
<string>password12</string>
<string>secret</string>
<string>superman</string>
<string>iloveyou</string>
<string>hello</string>
<string>helpme</string>
<string>hockey</string>
<string>home123</string>
<string>changeme</string>
<string>MsComCtl.ocx</string>
<string>HotTracking</string>
<string>OpenProcessToken fail</string>
<string>AdjustTokenPrivileges fail</string>
<string>replacement</string>
<string>settings</string>
<string>formgrabber</string>
<string>redirects</string>
<string>httpinjects</string>
<string>Transfer-Encoding</string>
<string>modify</string>
<string>pattern</string>
<string>conditions</string>
<string>actions</string>
<string>process</string>
<string>NtShutdownSystem</string>
<string>coin-miner</string>
<string>regwrite</string>
<string>urlmon</string>
<string>Internet Explorer</string>
<string>inhibitPolicyMapping</string>
<string>infinite</string>
<string>Bad time value</string>
<string>pubkey.bin</string>
<string>openssl</string>
<string>relativename</string>
<string>Polynomial</string>
<string>AES</string>
<string>RSA</string>
<string>RID</string>
<string>cryptedcount.txt</string>
<string>explicitText</string>
<string>ASN1</string>
<string>requireExplicitPolicy</string>
<string>LanmanWorkstation</string>
<string>LanmanServer</string>
<string>DNS</string>
<string>Salt Length</string>
<string>Seed</string>
<string>Prime</string>
<string>config.nt</string>
<string>autoexec.nt</string>
<string>protocol testing</string>
<string>experience Destroy</string>
<string>go.exe</string>
<string>userinit.exe</string>
<string>Dispatch</string>
<string>winsock</string>
<string>connection failed</string>
<string>open internet failed</string>
<string>payload</string>
<string>Wscript.Shell</string>
<string>Shell.Application</string>
<string>createobject</string>
<string>Setup.exe</string>
<string>Extracting</string>
<string>UltraVnc</string>
<string>UltraVncSC</string>
<string>RunProgram</string>
<string>*.ocx</string>
<string>*.dll</string>
<string>IMAGEHLP.dll</string>
<string>Signature</string>
<string>installer.exe</string>
<string>Fast decoding</string>
<string>Win32.exe</string>
<string>Gina</string>
<string>cgets</string>
<string>Macromedia</string>
<string>FlashPlayer</string>
<string>NetworkService\Cookies\</string>
<string>Scheduler</string>
<string>Local Settings\History\History.IE5</string>
<string>leave the progress due to 10 attempts</string>
<string>unrarw32</string>
<string>server</string>
<string>verifyinginstaller</string>
<string>xxx.exe</string>
<string>Mozilla</string>
<string>CONNECT</string>
<string>system.exe</string>
<string>cmd.exe</string>
<string>AppData</string>
<string>admin</string>
<string>Microsoft.VisualBasic</string>
<string>Dictionary</string>
<string>Protocol not supported</string>
<string>referer</string>
<string>partner_online_url</string>
<string>partner_new_url</string>
<string>runprog.exe</string>
<string>CDATA[</string>
<string>exe.agent.mail</string>
<string>mail.ru</string>
<string>password</string>
<string>Launcher</string>
<string>setup</string>
<string>remote</string>
<string>random</string>
<string>inject</string>
<string>hook</string>
<string>crack</string>
<string>script</string>
<string>browse</string>
<string>Clipboard</string>
<string>Event</string>
<string>Privilege</string>
<string>Reboot</string>
<string>CABINET</string>
<string>CabinetFile</string>
<string>cabfile</string>
<string>extract</string>
<string>rundll32.exe</string>
<string>REGTLIB.EXE</string>
<string>VB Runtime Installation</string>
<string>Command.com</string>
<string>Resume</string>
<string>Pause</string>
<string>Socket</string>
<string>GetCode</string>
<string>Console</string>
<string>LZStart</string>
<string>About:blank</string>
<string>shell</string>
<string>666</string>
<string>alert</string>
<string>reverse</string>
<string>swap</string>
<string>logon</string>
<string>logoff</string>
<string>HookProc</string>
<string>attempt</string>
<string>users</string>
<string>load</string>
<string>query</string>
<string>scan</string>
<string>module</string>
<string>drop</string>
<string>loop</string>
<string>wait</string>
<string>iexplore.exe</string>
<string>Download</string>
<string>Upload</string>
<string>CONNECT</string>
<string>wuauclt.exe</string>
<string>Poison.exe</string>
<string>explorer.exe</string>
<string>pipe</string>
<string>Transaction</string>
<string>Created by</string>
<string>Accept: */*</string>
<string>setup.exe</string>
<string>inetinfo.exe</string>
<string>WinDir</string>
<string>update.html</string>
<string>exec error</string>
<string>application/x-www-form-urlencoded</string>
<string>LordPE</string>
<string>Silvana</string>
<string>petite</string>
<string>PROGRAM</string>
<string>deflate</string>
<string>60794-12b3-e4169440</string>
<string>Keep-Alive</string>
<string>Referer</string>
<string>WinSta0</string>
<string>Gh0st</string>
<string>Update</string>
<string>CapsLock</string>
<string>svcshost.exe</string>
<string>Forbidden</string>
<string>Accepted</string>
<string>sessionid</string>
<string>sharedaccess</string>
<string>localgroup</string>
<string>administrators</string>
<string>Administrator</string>
<string>guest</string>
<string>RDP-Tcp</string>
<string>UnknownProcess</string>
<string>%d Day %d Hour %d Min</string>
<string>termsrv_t</string>
<string>Winlogon</string>
<string>nsocket</string>
<string>repeat</string>
<string>compression</string>
<string>dictionary</string>
<string>userprofile</string>
<string>webkit</string>
<string>command</string>
<string>tracing</string>
<string>sandbox</string>
<string>keystroke</string>
<string>Adobe</string>
<string>scanning</string>
<string>Callback</string>
<string>torrent</string>
<string>Outsanding</string>
<string>localhost</string>
<string>proxy</string>
<string>downspeed</string>
<string>korean</string>
<string>chinese</string>
<string>japanese</string>
<string>interval</string>
<string>webseeds</string>
<string>666</string>
<string>POST</string>
<string>fingerprint</string>
<string>DNA_Proxy</string>
<string>min_http_connections</string>
<string>Unauthorized</string>
<string>pairing</string>
<string>TOKEN</string>
<string>subscribe</string>
<string>guest.html</string>
<string>announce</string>
<string>multicast</string>
<string>payload</string>
<string>DEBUG</string>
<string>UPnP</string>
<string>channel</string>
<string>tracker</string>
<string>NAT</string>
<string>DHCP</string>
<string>Host</string>
<string>keyhash</string>
<string>packet</string>
<string>watchdog</string>
<string>shared</string>
<string>are you debugging me</string>
<string>ThisprogrammustberununderWin32</string>
<string>Shit!!</string>
<string>PrepareOurShit</string>
<string>Exefiles</string>
<string>Scanning</string>
<string>StdOut</string>
<string>Codecs</string>
<string>ProgramFilesDir</string>
<string>Install</string>
<string>\Temp</string>
<string>SHFOLDER</string>
<string>NullsoftInst</string>
<string>WinRAR SFX</string>
<string>287333.dat</string>
<string>\\cryptme\\</string>
<string>Autoit3.824383.exe</string>
<string>run.vbs</string>
<string>{0000054f-0000-0010-8000-00aa006d2ea4}</string>
<string>username</string>
<string>Password</string>
<string>Username</string>
<string>Expires</string>
<string>User-Agent</string>
<string>Cookie</string>
<string>taskmgr.exe</string>
<string>regedit.exe</string>
<string>serialNumber</string>
<string>userPassword</string>
<string>public_key</string>
<string>serial</string>
<string>Public-Key</string>
<string>Private-Key</string>
<string>Seed:</string>
<string>encryption</string>
<string>PECompact2</string>
<string>logFile</string>
<string>index.html</string>
<string>application/pdf</string>
<string>Run as a daemon</string>
<string>http.c</string>
<string>client.c</string>
<string>127.0.0.1</string>
<string>serverTimeout</string>
<string>Server closed connection</string>
<string>nameserver</string>
<string>autorun.exe</string>
<string>Autorun.exe</string>
<string>COMSPEC</string>
<string>csrss.exe</string>
<string>OLLYDBG</string>
<string>WinDbgFrameClass</string>
<string>BankID</string>
<string>DANCHODANCHEV_END_BRIANKREBS_GOT_FARRIED</string>
<string>Timer1</string>
<string>Timer2</string>
<string>Timer3</string>
<string>Mscomctl32.ocx</string>
<string>WebBrowser</string>
<string>Logout</string>
<string>VBA6.DLL</string>
<string>9368265E-85FE-11d1-8BE3-0000F8754DA1</string>
<string>TIPOFDAY.TXT</string>
<string>Scripting.FileSystemObject</string>
<string>LoVein1</string>
<string>MZKERNEL32.DLL</string>
<string>KerNel32.dll</string>
<string>downloader</string>
<string>browser</string>
<string>NETSCAPE2.0</string>
<string>opera</string>
<string>RemoveRange</string>
<string>AuthenticationMode</string>
<string>Downloader</string>
<string>chromepref</string>
<string>Downloader.exe</string>
<string>ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/</string>
<string>FPC 2.7.1 [2013/10/22] for i386 - Win32</string>
<string>pipedatacontinue</string>
<string>sdwefa.gif</string>
<string>CONIN$</string>
<string>CONOUT$</string>
<string>~MS80547.bat</string>
<string>Shell</string>
<string>reg.exe</string>
<string>IE 8.5</string>
<string>start</string>
<string>whoami</string>
<string>pidrun</string>
<string>geturl</string>
<string>rusinfo.exe</string>
<string>letusgohtppmmv1.0</string>
<string>letusgohtppmmv2.0.0.1</string>
<string>Sometimes</string>
<string>Destroy</string>
<string>likubes</string>
<string>fine musicians</string>
<string>file not found</string>
<string>brothers-in-law</string>
<string>_RTL_CRITICAL_SECTION_DEBUG</string>
<string>_RTL_CRITICAL_SECTION</string>
<string>_SECURITY_ATTRIBUTES</string>
<string>lpSecurityDescriptor</string>
<string>SysUtils</string>
<string>ActiveX</string>
<string>700.bat</string>
<string>Sitikat</string>
<string>1.exe</string>
<string>UpdateOffice.exe</string>
<string>pangtip.bat</string>
<string>ping</string>
<string>pkxm</string>
<string>pangtip.bat</string>
<string>Reply from</string>
<string>DCOM not installed</string>
<string>PROXY_TYPE_DIRECT</string>
<string>PROXY_TYPE_AUTO_DETECT</string>
<string>downfile</string>
<string>upfile</string>
<string>quitz</string>
<string>debugmessage</string>
<string>debugclient</string>
<string>debugfile</string>
<string>delfile</string>
<string>delmessage</string>
<string>delclient</string>
<string>listfiles</string>
<string>listmessages</string>
<string>listclients</string>
<string>WinSta0\Default</string>
<string>POST</string>
<string>CONNECT</string>
<string>NetSubKey</string>
<string>FileDescrsiption</string>
<string>state.ini</string>
<string>Accepted:</string>
<string>sha256</string>
<string>sinzy</string>
<string>AckPacket</string>
<string>Connection</string>
<string>autoRunKeyPath</string>
<string>SIGNATURE</string>
<string>messageId</string>
<string>HeartBeat</string>
<string>Request</string>
<string>Unload</string>
<string>RequestLoop</string>
<string>HeartBeatLoop</string>
<string>TcpClient</string>
<string>Connect</string>
<string>Login</string>
<string>CurrentUser</string>
<string>CreateDomain</string>
<string>ComputeHash</string>
<string>cookies.*</string>
<string>Tfrmrpcap</string>
<string>ProcessLasso_Notification_Class</string>
<string>TSystemExplorerTrayForm.UnicodeClass</string>
<string>PROCMON_WINDOW_CLASS</string>
<string>PROCEXPL</string>
<string>WdcWindow</string>
<string>ProcessHacker</string>
<string>Dumper</string>
<string>Dumper64</string>
<string>APISpy32Class</string>
<string>Zone.Identifier</string>
<string>:Zone.Identifier</string>
<string>runas</string>
<string>sysprep</string>
<string>TokenPrivilege</string>
<string>Shutdown</string>
<string>WebKit2WebProcess</string>
<string>cmd /c net start %s</string>
<string>Sleeping</string>
<string>Ivan Medvedev</string>
<string>Rijndael</string>
<string>SystemBiosVersion</string>
<string>VideoBiosVersion</string>
<string>VirtualBox</string>
<string>Identifier</string>
<string>UDPV6</string>
<string>TCPV6</string>
<string> deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly</string>
<string> deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly</string>
<string> inflate 1.2.3 Copyright 1995-2005 Mark Adler </string>
<string> inflate 1.1.4 Copyright 1995-2002 Mark Adler </string>
<string>History</string>
<string>ProductType</string>
<string>RegisterRawInputDevices</string>
<string>GetRawInputData</string>
<string>protocol></string>
<string>sqlite3_open</string>
<string>sqlite3_close</string>
<string>sqlite3_prepare_v2</string>
<string>sqlite3_step</string>
<string>sqlite3_column_text</string>
<string>plugins</string>
<string>Hibernating</string>
<string>Valid</string>
<string>Running</string>
<string>downtime-started</string>
<string>uptime-started</string>
<string>Intel Hardware Cryptographic Service Provider</string>
<string>lpAddress</string>
<string>BeginInvoke</string>
<string>EndInvoke</string>
<string>StatusChecker</string>
<string>Encoding</string>
<string>semaphore</string>
<string>stand by</string>
<string>startime</string>
<string>status</string>
<string>taskeng.exe</string>
<string>taskhost.exe</string>
<string>taskhostex.exe</string>
<string>throttle</string>
<string>Mandatory Level</string>
<string>*.DMP</string>
<string>*.dmp</string>
<string>_invoke_watson</string>
<string>remove</string>
<string>debug</string>
<string>Starting...</string>
<string>hostname</string>
<string>clientkey</string>
<string>reqfilepath</string>
<string>reqfile</string>
<string>postvalue</string>
<string>postfile</string>
<string>postdata</string>
<string>mkdir</string>
<string>rmdir</string>
<string>chdir</string>
<string>Creating service database record...</string>
<string>svchost</string>
<string>rpcsrv</string>
<string>Setting service description...</string>
<string>svchost</string>
<string>Opening and Quering Service...</string>
<string>Service is running wait until stopped...</string>
<string>Stopped</string>
<string>Deleting Service...</string>
<string>Service uninstall success.</string>
<string>CompareString</string>
<string>Engine started</string>
<string>Running in background</string>
<string>Stale thread</string>
<string>Locking doors</string>
<string>Rotors engaged</string>
<string>Im going to start it</string>
<string>\DosDevices\DKOM_Driver</string>
<string>\Device\DKOM_Driver</string>
<string>Process successfully hidden.</string>
<string>Process ID: %d</string>
<string>EPROCESS address: %#x</string>
<string>ActiveProcessLinks offset: %#x</string>
<string>Extracting %s</string>
<string>Your message has been sended</string>
<string>Couponserver</string>
<string>xmlUrl</string>
<string>yahoo</string>
<string>LoadXml</string>
<string>LocalMachine</string>
<string>DownloadAll</string>
<string>DownloadComplete</string>
<string>DownloadFile</string>
<string>DownloadFileAsync</string>
<string>DownloadServer</string>
<string>DownloadThreads</string>
<string>DownloadUrl</string>
<string>Downloaded</string>
<string>DownloadedBrowser</string>
<string>Downloading...</string>
<string>CorruptedMachine</string>
<string>HtmlGenerator</string>
<string>MachineInfo</string>
<string>MachineRestriction</string>
<string>RegSAM</string>
<string>Security</string>
<string>MemoryManagement</string>
<string>Trackingurls</string>
<string>TypeChekDomain</string>
<string>DownloadUrl</string>
<string>QueueDownloader</string>
<string>ZipManager</string>
<string>ZipStorer</string>
<string>Firefox</string>
<string>Chrome</string>
<string>InternetExplorer</string>
<string>GetIEVersion</string>
<string>GetWBVersion</string>
<string>webBrowser1</string>
<string>changeHtmlCode</string>
<string>retries</string>
<string>completed</string>
<string>addextension</string>
<string>DownloadComplete</string>
<string>add_DownloadComplete</string>
<string>remove_DownloadComplete</string>
<string>DownloadThreads</string>
<string>Arquitecture</string>
<string>Monetizer</string>
<string>yahoo</string>
<string>internetTurbo</string>
<string>strongvault</string>
<string>amonetize</string>
<string>Couponserver</string>
<string>ShoppingChip</string>
<string>UsedBrowser</string>
<string>AndroidAPK</string>
<string>IexplorerMinVersion</string>
<string>checkMachineInfo</string>
<string>checkYahooBug</string>
<string>checkCouponserver</string>
<string>checkInternet</string>
<string>checkAOLbug</string>
<string>hideWhenInstalling</string>
<string>idPromo</string>
<string>WebmasterId</string>
<string>firewalls</string>
<string>IsControlled</string>
<string>Microsoft Network Monitoring Service</string>
<string>Host Process for Windows Services</string>
<string>MsNetMonitor</string>
<string>HideWindow</string>
<string>Windows Filter Driver</string>
<string>firewall</string>
<string>IsUserAdministrator</string>
<string>EVERYONE</string>
<string>CreateSubKey</string>
<string>NotifyDownloading</string>
<string>isvirtualMachine</string>
<string>isdebugging</string>
<string>HasDebugger</string>
<string>debugging</string>
<string>checkurls</string>
<string>ListSoftwares</string>
<string>CheckAdminPrivileges</string>
<string>TrackOnDefaultBrowser</string>
<string>GetDomain</string>
<string>checkdomain</string>
<string>bytesDownloaded</string>
<string>God Mode</string>
<string>logger</string>
<string>This plugin is already loaded.</string>
<string>The plugin you are trying to load does not exist</string>
<string>Whitelist protection on</string>
<string>Hook cleaning on</string>
<string>PiD obfuscation on</string>
<string>Code injection successful!</string>
<string>Code injection failed!</string>
<string>Injecting code ...</string>
<string>Code Injection</string>
<string>Creating a remote thread ...</string>
<string>Keylogging disabled.</string>
<string>failed to get memory</string>
<string>$Id: qmath.hv 1.1 2004/01/15 19:50:35 jonbennett Exp $</string>
<string>#requireadmin</string>
<string>#notrayicon</string>
<string>#include-once</string>
<string>regedt32.sys</string>
<string>D:\RECYCLER\</string>
<string>Windows Registry Editor Version 5.00</string>
<string>start</string>
<string>stop</string>
<string>DisallowRun</string>
<string>NoDriveTypeAutoRun</string>
<string>HideFileExt</string>
<string>Hidden</string>
<string>SuperHidden</string>
<string>Application cannot be run with debugger or monitoring tool(s) loaded!</string>
<string>Logon User Name</string>
<string>NoFolderOptions</string>
<string>Happy BirthDay mys Boss</string>
<string>Merry Christmas</string>
<string>Starting Hide myself ...</string>
<string>Starting Killing myself ...</string>
<string>newKeyPair</string>
<string>privateKey</string>
<string>publicKey</string>
<string>cypherText</string>
<string>LZO real-time data compression library.</string>
<string>Access denied!</string>
<string>Total entries: %d</string>
<string>Entries enumerated: %d</string>
<string>Upload file ok!</string>
<string>create remote file error!</string>
<string>Download file ok!</string>
<string>Reading remote file error!</string>
<string>create pipe error!</string>
<string>start cmd error!</string>
<string>Logon user err!</string>
<string>execute error!</string>
<string>bind cmd frist!</string>
<string>CS thread still active!</string>
<string>get user name error!</string>
<string>cant get ver info!</string>
<string>Windows?</string>
<string>Remote</string>
<string>Ramdisk</string>
<string>Client process-%d-stoped!</string>
<string>Create localfile error!</string>
<string>DownloadEnd</string>
<string>List domain server ok!#</string>
<string>fileupload</string>
<string>cruisenet</string>
<string>chunked</string>
<string>bankman</string>
<string>javascript:</string>
<string> unzip 0.15 Copyright 1998 Gilles Vollant </string>
<string>Schedule service command line interface</string>
<string>This operation will delete all scheduled jobs.</string>
<string>The AT schedule file was cleared.</string>
<string>Deletes one or more files.</string>
<string>Creates a directory.</string>
<string>Removes (deletes) a directory.</string>
<string>already running</string>
<string>Botnet has been shutdown - restart bot?</string>
<string>Botnet shutdown</string>
<string>QUIT :Botnet shutdown</string>
<string>PRIVMSG %s :bingo - botnet shutting down</string>
<string>Resistance is futile</string>
<string>No malware here honest guv!</string>
<string>Anti-debug</string>
<string>misery mystery</string>
<string>malfor</string>
<string>AppleMac</string>
<string>.detour</string>
<string>Detoured</string>
<string>.memdump</string>
<string>Client hook allocation failure.</string>
<string>silentpostback</string>
<string>AlreadyRunning</string>
<string>StubInfo</string>
<string>wrapper</string>
<string>keeplog</string>
<string>pingdialog</string>
<string>runonce</string>
<string>noreq</string>
<string>verifycookies</string>
<string>account</string>
<string>accountid</string>
<string>selftest</string>
<string>silenterr</string>
<string>preload</string>
<string>PostbackSent</string>
<string>StubRun</string>
<string>StubExtract</string>
<string>WaitablePort</string>
<string>Waiting</string>
<string>Waiting Connections</string>
<string>ServiceMain</string>
<string>ServTestDos</string>
<string>VBoxGuest</string>
<string>Betabot</string>
<string>HGFS</string>
<string>Hashtable</string>
<string>GetResourceString</string>
<string>Monitor</string>
<string>www.memtest86.com</string>
<string>boxedapp.com</string>
<string>julian seward</string>
<string>RegServer</string>
<string>Send ack is successful.</string>
<string>Get the right data.</string>
<string>Receiving acknowledgment is successful.</string>
<string>Receiving packet failed.</string>
<string>Sending packet success...</string>
<string>Cant get the right data</string>
<string>Initialization is successful.</string>
<string>Initialization is failed.</string>
<string>tempPass.txt</string>
<string>POP3 Password2</string>
<string>POP3 Server</string>
<string>POP3 User Name</string>
<string>HTTPMail Password2</string>
<string>Hotmail</string>
<string>HTTPMail User Name</string>
<string> 2004 2005 Pierre le Riche / Professional Software Development</string>
<string>Broadcast adress :</string>
<string>Broadcasts : NO</string>
<string>Broadcasts : YES</string>
<string>SHELLEXECUTE</string>
<string>SHELLEXECUTEWAIT</string>
<string>#BOT#CloseServer</string>
<string>#BOT#OpenUrl</string>
<string>#BOT#Ping</string>
<string>#BOT#RunPrompt</string>
<string>#BOT#SvrUninstall</string>
<string>#BOT#URLDownload</string>
<string>#BOT#URLUpdate</string>
<string>#BOT#VisitUrl</string>
<string>#CAMEND</string>
<string>#FreezeIO</string>
<string>#GetClipboardText</string>
<string>#GetScreenSize</string>
<string>#KCMDDC51#-</string>
<string>#KEEPALIVE#</string>
<string>#RemoteScreenSize</string>
<string>#SendClip</string>
<string>#SendTaskMgr</string>
<string>#UnFreezeIO</string>
<string>%IPPORTSCAN</string>
<string>ActiveOfflineKeylogger</string>
<string>ActiveOnlineKeyStrokes</string>
<string>ActiveOnlineKeylogger</string>
<string>AntiVirusDisableNotify</string>
<string>BTMemoryLoadLibary: Cant attach library</string>
<string>Be Right Back</string>
<string>DownloadFail</string>
<string>DownloadSuccess</string>
<string>Progman</string>
<string>Sender</string>
<string>UPLOADEXEC</string>
<string>UPLOADFILE</string>
<string>UnActiveOfflineKeylogger</string>
<string>UnActiveOnlineKeyStrokes</string>
<string>UnBlockContact</string>
<string>Video Capture</string>
<string>WEBCAMLIVE</string>
<string>WEBCAMSTOP</string>
<string>drivers\etc\hosts</string>
<string>unknown compression method</string>
<string>wscsvc</string>
<string>fukoff</string>
<string>httpstop</string>
<string>logstop</string>
<string>ftfpstop</string>
<string>procsstop</string>
<string>securestop</string>
<string>reconnect</string>
<string>disconnect</string>
<string>botid</string>
<string>aliases</string>
<string>flusharp</string>
<string>flushdns</string>
<string>crash</string>
<string>killthreads</string>
<string>killproc</string>
<string>killid</string>
<string>.download</string>
<string>.update</string>
<string>Kennwort</string>
<string>Object dump complete.</string>
<string>PAYPAL</string>
<string>PAYPAL.COM</string>
<string>Ping flood</string>
<string>ROOTED</string>
<string>Rebooting system</string>
<string>Reconnecting</string>
<string>Referer: %s</string>
<string>Remote Command Prompt</string>
<string>Removing Bot</string>
<string>[DDoS]</string>
<string>[KEYLOG]: %s</string>
<string>[PRSC]</string>
<string>[PSNIFF]</string>
<string>[PING]</string>
<string>[TFTP]</string>
<string>[UPD]</string>
<string>administrador</string>
<string>administrat</string>
<string>administrateur</string>
<string>Download complete</string>
<string>ALIEN-Z</string>
<string>\Google\Chrome\User Data</string>
<string>VncSrvWndProc</string>
<string>VncStopServer</string>
<string>VncStartServer</string>
<string>VNCCreateServer</string>
<string>VNCServerThread</string>
<string>VNCStartServer</string>
<string>FPUMaskValue</string>
<string>PhysicalDrive0</string>
<string>Protection Error</string>
<string>LOADER ERROR</string>
<string>The procedure entry point</string>
<string>Invalid DOS signature</string>
<string>Invalid COFF signature</string>
<string>Invalid Windows Image</string>
<string>Host is down.</string>
<string>No route to host.</string>
<string>CoMessengerU</string>
<string>debugger</string>
<string>sample</string>
<string>virtual</string>
<string>emulat</string>
<string>GetProcesses</string>
<string>MemoryStream</string>
<string>GZipStream</string>
<string>MulticastDelegate</string>
<string>IAT processed</string>
<string>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/</string>
<string>putfile:</string>
<string>getfile:</string>
<string>outlook</string>
<string>iexplore</string>
<string>source</string>
<string>Connecting</string>
<string>Downloading</string>
<string>Cancelled</string>
<string>Connecting</string>
<string>Reconnect Pause</string>
<string>Terminated</string>
<string>Transfer Error</string>
<string>Connection Error</string>
<string>OpenRequest Error</string>
<string>SendRequest Error</string>
<string>URL Parts Error</string>
<string>CreateThread Error</string>
<string>Request Error</string>
<string>Server Error</string>
<string>Redirection</string>
<string>TypeLib</string>
<string>Hardware</string>
<string>Interface</string>
<string>FileType</string>
<string>Component Categories</string>
<string>CLSID</string>
<string>AppID</string>
<string>Delete</string>
<string>NoRemove</string>
<string>ForceRemove</string>
<string>Keylogger</string>
<string>crypter</string>
<string>dump</string>
<string>vbox</string>
<string>NetKeyLogger</string>
<string>TARGET</string>
<string>pipeline</string>
<string>miner</string>
<string>Execute ERROR</string>
<string>Download ERROR</string>
<string>Executed As</string>
<string>Execute ERROR</string>
<string>Update ERROR</string>
<string>Updating To</string>
<string>Update ERROR</string>
<string>ASPNET</string>
<string>IUSR_</string>
<string>IWAM_</string>
<string>ASPNET</string>
<string>POP3</string>
<string>Authors</string>
<string>Admins</string>
<string>Browsers</string>
<string>Guests</string>
<string>Users</string>
<string>Developers</string>
<string>webBrowser2</string>
<string>IEFrame</string>
<string>\\.\pipe\</string>
<string>permission denied</string>
<string>permission_denied</string>
<string>connection_already_in_progress</string>
<string>connection_aborted</string>
<string>connection_refused</string>
<string>host_unreachable</string>
<string>already_connected</string>
<string>network_down</string>
<string>network_reset</string>
<string>network_unreachable</string>
<string>not_connected</string>
<string>wrong_protocol_type</string>
<string>broken pipe</string>
<string>connection aborted</string>
<string>connection already in progress</string>
<string>connection refused</string>
<string>host unreachable</string>
<string>network down</string>
<string>network reset</string>
<string>network unreachable</string>
<string>owner dead</string>
<string>protocol error</string>
<string>wrong protocol type</string>
<string>EXECUTABLE</string>
<string>master</string>
<string>debian</string>
<string>mysql</string>
<string>daemon</string>
<string>backup</string>
<string>marta</string>
<string>oracle</string>
<string>redhat</string>
<string>VNC%d.%d</string>
<string>exploitable</string>
<string>passwd</string>
<string>proxypasswd</string>
<string>proxyuser</string>
<string>Login denied</string>
<string>Remote file not found</string>
<string>RenameFile</string>
<string>RunPrompt</string>
<string>RunSelectedAsAdmin</string>
<string>RunSelectedHidden</string>
<string>RunSelectedShow</string>
<string>RemoteMachineName</string>
<string>AheadLib</string>
<string>PlusDLL</string>
<string>PLUSUNIT</string>
<string>web-browser</string>
<string>SetHook</string>
<string>TMemoryScanner</string>
<string>IMAGE_DOS_HEADER</string>
<string>IMAGE_NT_HEADERS32</string>
<string>IMAGE_FILE_HEADER</string>
<string>IMAGE_OPTIONAL_HEADER32</string>
<string>IMAGE_OPTIONAL_HEADER64</string>
<string>IMAGE_DATA_DIRECTORY</string>
<string>IMAGE_NT_HEADERS64</string>
<string>IMAGE_IMPORT_BY_NAME</string>
<string>IMAGE_IMPORT_DESCRIPTOR</string>
<string>IMAGE_THUNK_DAT</string>
<string>IMAGE_THUNK_DATA32</string>
<string>IMAGE_DELAY_IMPORT_DESCRIPTOR</string>
<string>IMAGE_NT_OPTIONAL_HDR32_MAGIC</string>
<string>IMAGE_NT_OPTIONAL_HDR64_MAGIC</string>
<string>IMAGE_SUBSYSTEM_UNKNOWN</string>
<string>IMAGE_SUBSYSTEM_NATIVE</string>
<string>IMAGE_SUBSYSTEM_WINDOWS_GUI</string>
<string>IMAGE_SUBSYSTEM_WINDOWS_CUI</string>
<string>IMAGE_SUBSYSTEM_POSIX_CUI</string>
<string>IMAGE_SUBSYSTEM_WINDOWS_CE_GUI</string>
<string>IMAGE_SUBSYSTEM_EFI_APPLICATION</string>
<string>IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER</string>
<string>IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER</string>
<string>IMAGE_SUBSYSTEM_EFI_ROM</string>
<string>IMAGE_SUBSYSTEM_XBOX</string>
<string>IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE</string>
<string>IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY</string>
<string>IMAGE_DLL_CHARACTERISTICS_NX_COMPAT</string>
<string>IMAGE_DLLCHARACTERISTICS_NO_ISOLATION</string>
<string>IMAGE_DLLCHARACTERISTICS_NO_SEH</string>
<string>IMAGE_DLLCHARACTERISTICS_NO_BIND</string>
<string>IMAGE_DLLCHARACTERISTICS_WDM_DRIVER</string>
<string>IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE</string>
<string>Protect</string>
<string>PAGE_NOACCESS</string>
<string>PAGE_READONLY</string>
<string>PAGE_READWRITE</string>
<string>PAGE_WRITECOPY</string>
<string>PAGE_EXECUTE</string>
<string>PAGE_EXECUTE_READ</string>
<string>PAGE_EXECUTE_READWRITE</string>
<string>PAGE_EXECUTE_WRITECOPY</string>
<string>PAGE_GUARD</string>
<string>PAGE_NOCACHE</string>
<string>PAGE_WRITECOMBINE</string>
<string>EXECUTE</string>
<string>EXECUTE_READ</string>
<string>EXECUTE_READWRITE</string>
<string>EXECUTE_WRITECOPY</string>
<string>NOACCESS</string>
<string>READONLY</string>
<string>READWRITE</string>
<string>WRITECOPY</string>
<string>MOVEFILE_REPLACE_EXISTING</string>
<string>MOVEFILE_COPY_ALLOWED</string>
<string>MOVEFILE_DELAY_UNTIL_REBOOT</string>
<string>MOVEFILE_WRITE_THROUGH</string>
<string>TokenUser</string>
<string>TokenGroups</string>
<string>TokenPrivileges</string>
<string>TokenOwner</string>
<string>TokenPrimaryGroup</string>
<string>TokenDefaultDacl</string>
<string>TokenSource</string>
<string>TokenType</string>
<string>TokenImpersonationLevel</string>
<string>TokenStatistics</string>
<string>TokenRestrictedSids</string>
<string>TokenSessionId</string>
<string>TokenGroupsAndPrivileges</string>
<string>TokenSessionReference</string>
<string>TokenSandBoxInert</string>
<string>TokenAuditPolicy</string>
<string>TokenOrigin</string>
<string>TokenElevationType</string>
<string>TokenLinkedToken</string>
<string>TokenElevation</string>
<string>TokenHasRestrictions</string>
<string>TokenAccessInformation</string>
<string>TokenVirtualizationAllowed</string>
<string>TokenVirtualizationEnabled</string>
<string>TokenIntegrityLevel</string>
<string>TokenUIAccess</string>
<string>TokenMandatoryPolicy</string>
<string>TokenLogonSid</string>
<string>TokenPrimary</string>
<string>TokenImpersonation</string>
<string>SecurityAnonymous</string>
<string>SecurityIdentification</string>
<string>SecurityImpersonation</string>
<string>SecurityDelegation</string>
<string>\\.\PhysicalDrive0</string>
<!-- VM patterns -->
<string>windowsupdate</string>
<string>wilderssecurity</string>
<string>castlecops</string>
<string>spamhaus</string>
<string>cpsecure</string>
<string>arcabit</string>
<string>emsisoft</string>
<string>sunbelt</string>
<string>securecomputing</string>
<string>rising</string>
<string>prevx</string>
<string>computerassociates</string>
<string>networkassociates</string>
<string>etrust</string>
<string>rootkit</string>
<string>spyware</string>
<string>vmdebug</string>
<string>VMware Replay Debugging Helper</string>
<string>VMware VMCI Bus Driver</string>
<string>vmci</string>
<string>VMware Pointing Device</string>
<string>vmmouse</string>
<string>Virtual Machine Additions Mouse Integration Filter Driver</string>
<string>msvmmouf</string>
<string>MS Virtual SCSI Disk Device</string>
<string>VMware Workstation v10</string>
<string>VMwareDragDetWndClass</string>
<string>VMwareSwitchUserControlClass</string>
<string>VMware</string>
<string>VMware Pointing</string>
<string>VMware server memory</string>
<string>VMware Replay</string>
<string>AntiVirtualBox</string>
<string>AntiVmWare</string>
<string>AntiVirtualPC</string>
<string>AntiMalwarebytes</string>
<string>AntiOllydbg</string>
<string>AntiWireshark</string>
<string>antiSpyware</string>
<string>Anti-Virus</string>
<string>avast!</string>
<string>AntiVir</string>
<string>Inspection</string>
<string>Malware</string>
<string>Norton Personal Firewall</string>
<string>ZoneAlarm</string>
<string>Comodo Firewall</string>
<string>eTrust EZ Firewall</string>
<string>F-Secure Internet Security</string>
<string>McAfee Personal Firewall</string>
<string>Outpost Personal Firewall</string>
<string>Panda Internet Seciruty Suite</string>
<string>Panda Anti-Virus/Firewall</string>
<string>BitDefnder/Bull Guard Antivirus</string>
<string>Rising Firewall</string>
<string>360Safe AntiArp</string>
<string>Kingsoft Safe</string>
<string>NEWGRAB</string>
<string>SCREENSHOT</string>
<string>sURL</string>
<string>sFileName</string>
<string>AddressBook</string>
<string>TrustedPeople</string>
<string>TrustedPublisher</string>
<string>RunProgram</string>
<string>GUIMode</string>
<string>@Install@</string>
<string>@InstallEnd@</string>
<string>protocol_not_supported</string>
<string>network down</string>
<string>network reset</string>
<string>network unreachable</string>
<string>network_down</string>
<string>network_reset</string>
<string>network_unreachable</string>
<string>host unreachable</string>
<string>host_unreachable</string>
<string>PendingFileRenameOperations</string>
<string>MyApplication.app</string>
<string>Microsoft.Windows.MyCoolApp</string>
<string>Application description here</string>
<string>InstallHOOK</string>
<string>InstallLocalHOOK</string>
<string>UninstallHOOK</string>
<string>ZLibEx</string>
<string>PsAPI</string>
<string>Xenocode Virtual Desktop</string>
<string>start.spoon.net</string>
<string>Spoon Virtual Machine</string>
<string>Xenocode Virtual Appliance Runtime</string>
<string>CPlApplet</string>
<string>Java Security Plugin</string>
<string>javaplugin</string>
<string>Java Security Plugin</string>
<string>Sun Java Security Plugin</string>
<string>VMProtect begin</string>
<string>VMProtect end</string>
<string>[BeginChat]</string>
<string>friend</string>
<string>KernelUtil</string>
<string>NETWORK SERVICE</string>
<string>Cookies</string>
<string>Administrative Tools</string>
<string>WinFTP</string>
<string>PortNumber</string>
<string>CREATE_SUSPENDED</string>
<string>VBScript.Encode</string>
<string>JScript.Encode</string>
<string>WScript</string>
<string>ExeScriptPAD</string>
<string>ExeScript</string>
<string>silent</string>
<string>ExeScript Host</string>
<string>onbeforeunload</string>
<string>onunload</string>
<string>Godmode</string>
<string>anonymous</string>
<string>Connecting....</string>
<string>DECOMPRESSOR</string>
<string>antivirus</string>
<string>AntivirusProduct</string>
<string>DefaultBrowser</string>
<string>MemoryProtection</string>
<string>Manager</string>
<string>BaseScript</string>
<string>Updater</string>
<string>SafeStarter</string>
<string>CreateProcessInternal</string>
<string>IDetourHook</string>
<string>DetourHook</string>
<string>productUptoDate</string>
<string>productState</string>
<!-- WMI-->
<string>root/cimv2</string>
<string>WbemScripting.SWbemLocator</string>
<string>ROOT\CIMV2</string>
<string>SELECT * from tab_online</string>
<string>SELECT * from %s</string>
<string>SELECT * from moz_logins</string>
<string>SELECT * from</string>
<string>SELECT * from</string>
<string>SELECT * from Win32_BaseBoard</string>
<string>SELECT * from Win32_OperatingSystem</string>
<string>SELECT * from Win32_Processor</string>
<string>SELECT * from Win32_TimeZone</string>
<string>SELECT * from msft_providers</string>
<string>SELECT * from __win32provider where Name</string>
<string>SELECT * from msft_providers</string>
<string>SELECT * from msft_providers where HostProcessIdentifier</string>
<string>SELECT * from AntivirusProduct</string>
<string>SELECT * from FirewallProduct</string>
<string>SELECT * from Win32_ComputerSystem</string>
<string>SELECT * from Win32_Process</string>
<string>SELECT * from Win32_BIOS</string>
<string>SELECT * from Win32_VideoController</string>
<string>SELECT * from Win32_SystemEnclosure</string>
<string>SELECT hostname encryptedUsername encryptedPassword FROM moz_logins</string>
<string>Manufacturer</string>
<string>Model</string>
<string>SerialNumber</string>
<string>ChassisTypes</string>
<string>SMBIOSAssetTag</string>
<!-- SQL -->
<string>CREATE %s %.*s</string>
<string>CREATE TABLE</string>
<string>CREATE TABLE %Q.%s(%s)</string>
<string>CREATE TABLE sqlite_master(</string>
<string>CREATE VIRTUAL TABLE %T</string>
<string>CREATE%s INDEX %.*s</string>
<string>WMessages</string>
<string>WM_HTML_GETOBJECT</string>
<string>WM_MOUSEMOVE</string>
<string>WM_LBUTTONUP</string>
<string>WM_LBUTTONDOWN</string>
<string>WM_COPYDATA</string>
<string>STANDARD_RIGHTS_REQUIRED</string>
<string>STANDARD_RIGHTS_READ</string>
<string>TOKEN_ASSIGN_PRIMARY</string>
<string>TOKEN_DUPLICATE</string>
<string>TOKEN_IMPERSONATE</string>
<string>TOKEN_QUERY</string>
<string>TOKEN_QUERY_SOURCE</string>
<string>TOKEN_ADJUST_PRIVILEGES</string>
<string>TOKEN_ADJUST_GROUPS</string>
<string>TOKEN_ADJUST_DEFAULT</string>
<string>TOKEN_ADJUST_SESSIONID</string>
<string>TOKEN_READ</string>
<string>TOKEN_ALL_ACCESS</string>
<string>ERROR_INSUFFICIENT_BUFFER</string>
<string>SECURITY_MANDATORY_UNTRUSTED_RID</string>
<string>SECURITY_MANDATORY_LOW_RID</string>
<string>SECURITY_MANDATORY_MEDIUM_RID</string>
<string>SECURITY_MANDATORY_HIGH_RID</string>
<string>SECURITY_MANDATORY_SYSTEM_RID</string>
<string>SECURITY_MANDATORY_LABEL_AUTHORITY</string>
<string>SE_GROUP_MANDATORY</string>
<string>SE_GROUP_ENABLED_BY_DEFAULT</string>
<string>SE_GROUP_ENABLED</string>
<string>SE_GROUP_OWNER</string>
<string>SE_GROUP_USE_FOR_DENY_ONLY</string>
<string>SE_GROUP_INTEGRITY</string>
<string>SE_GROUP_INTEGRITY_ENABLED</string>
<string>SE_GROUP_LOGON_ID</string>
<string>SE_GROUP_RESOURCE</string>
<string>SE_GROUP_VALID_ATTRIBUTES</string>
<!-- DOT NET-->
<string>RuntimeHelpers</string>
<string>System.Security</string>
<string>System.Runtime.CompilerServices</string>
<string>System.Security.Cryptography</string>
<string>System.Reflection</string>
<string>System.Text.RegularExpressions</string>
<string>System.Runtime.InteropServices</string>
<string>System.Security.Principal</string>
<string>System.Threading</string>
<string>System.IO.Compression</string>
<string>System.Net.Configuration</string>
<string>System.Net.Sockets</string>
<string>Microsoft.VisualBasic.CompilerServices</string>
<string>Internet Explorer_Server</string>
<string>vbscript</string>
<string>javascript</string>
<string>JavaScript</string>
<string>execScript</string>
<string>AutoRun</string>
<string>HashSize</string>
<string>Algorithm</string>
<string>BlockSize</string>
<string>CipherMode</string>
<string>Twofish</string>
<string>Wrong password</string>
<string>Proxy-Connection:</string>
<string>User-Agent:</string>
<string>WWW-Authenticate:</string>
<string>Proxy-authenticate:</string>
<string>Content-Length:</string>
<string>Connection:</string>
<string>Transfer-Encoding:</string>
<string>GOPHER</string>
<string>Digest</string>
<string>nonce</string>
<string>stale</string>
<string>realm</string>
<string>opaque</string>
<string>User-Agent:</string>
<string>Referer:</string>
<string>Range:</string>
<string>ConfuserEx v0.4.0</string>
<string>ConfuserEx v0.3.0</string>
<string>ConfuserEx v0.2.0</string>
<string>ConfuserEx v0.1.0</string>
<!-- Well-known (local) directories -->
<string>AppData\Local</string>
<string>AppData\Local\Microsoft\Windows\History</string>
<string>AppData\Local\Microsoft\Windows\Temporary Internet Files</string>
<string>AppData\Roaming</string>
<string>AppData\Roaming\Microsoft\Windows\Cookies</string>
<string>AppData\Roaming\Microsoft\Windows\Network Shortcuts</string>
<string>AppData\Roaming\Microsoft\Windows\Printer Shortcuts</string>
<string>AppData\Roaming\Microsoft\Windows\Recent</string>
<string>AppData\Roaming\Microsoft\Windows\SendTo</string>
<string>AppData\Roaming\Microsoft\Windows\Start Menu</string>
<string>AppData\Roaming\Microsoft\Windows\Start Menu\Programs</string>
<string>AppData\Roaming\Microsoft\Windows\Templates</string>
<string>Default</string>
<string>Documents</string>
<string>Microsoft\Windows\Start Menu</string>
<string>Microsoft\Windows\Start Menu\Programs</string>
<string>Microsoft\Windows\Templates</string>
<string>Music</string>
<string>Pictures</string>
<string>Public\Desktop</string>
<string>Public\Documents</string>
<string>Public\Favorites</string>
<string>Public\Music</string>
<string>Public\Pictures</string>
<string>Public\Videos</string>
<string>System</string>
<string>Videos</string>
<string>Windows NT\Accessories</string>
<string>Explorer\Shell Folders</string>
<!-- Borland -->
<string>TCoreThread</string>
<string>EObserver</string>
<string>TStream</string>
<string>TFiler</string>
<string>TReaderH</string>
<string>TWriter4</string>
<string>TComponent</string>
<string>TFPList</string>
<string>TList</string>
<string>TThreadList</string>
<string>TPersistent</string>
<string>TCollection</string>
<string>TStrings</string>
<string>TStringList</string>
<string>TOwnerStream</string>
<string>THandleStream</string>
<string>TFileStream</string>
<string>TCustomMemoryStream</string>
<string>TRegExpr</string>
<string>ERegExpr</string>
<!-- AutoIt -->
<string>/AutoIt3ExecuteLine</string>
<string>/AutoIt3ExecuteScript</string>
<string>/AutoIt3OutputDebug</string>
<string>AutoIt3GUI</string>
<string>AutoIt v3</string>
<string>AutoIt script files (*.au3 *.a3x)</string>
<string>AutoIt</string>
<string>AUTOIT SCRIPT</string>
<string>AUTOIT NO CMDEXECUTE</string>
<string>AutoIt3OutputDebug</string>
<string>AutoIt3ExecuteScript</string>
<string>AutoIt3ExecuteLine</string>
<string>#NoAutoIt3Execute</string>
<string>Software\AutoIt v3\AutoIt</string>
<string>*.au3;*.a3x</string>
<string>AutoIt Error</string>
<string>AutoIt has detected the stack has become corrupt.</string>
<string>CompiledScript</string>
<string>AutoIt v3 Script: 3 3 8 1</string>
<string>AutoIt v3 Script: 3 3 8 0</string>
<string>AutoIt3</string>
<string>AUTOITPID</string>
<string>AUTOITEXE</string>
<string>AUTOITVERSION</string>
<string>AUTOITSETOPTION</string>
<string>AUTOITWINGETTITLE</string>
<string>AUTOITWINSETTITLE</string>
</strings>
</xml>
Reference in New Issue View Git Blame Copy Permalink