
MSXML3.ServerXMLHTTP$
MSXML3.DOMDocument$
MSXML3.DOMDocument.6.0
MSXML3.DOMDocument.5.0
MSXML3.DOMDocument.4.0
MSXML3.DOMDocument.3.0
Word.Document.9
PROJECT.THISDOCUMENT.AUTOOPEN
PROJECTwm

webcam
Please Enable Content* to see this document.
Enable Content
Program Files (x87)
Playx65
PlayWin33
PROCEXPLORER
MSScriptControl.ScriptControl.2
Embedded Control
Microsoft Word 11.0
OCXNAME
Accept-Language:
Accept-Encoding:
Mr.Black

WinZip Self-Extractor - Password
This self-extracting Zip file is password protected.
Windows Installer XML (4.0.5419.0)
ResponseText
Macros must be enabled to display the contents of the document.

System Volume Information
Boot
This document was edited in later version of Microsoft Word.
To load the document, please Enable Content.

wevtutil clear-log Security
wevtutil clear-log Setup
wevtutil clear-log System
wevtutil clear-log Application
SECG curve over a 257 bit prime field
SmartAssembly.Attributes
Copyright (c) 1999-2009 by Joergen Ibsen All Rights Reserved.
"Powered by SmartAssembly 7.8.0.121
!Powered by SmartAssembly 7.6.1.44

Microsoft Enhanced RSA and AES Cryptographic Provider

$Info: This file is packed with the UPX executable packer http://upx.sf.net $
$Id: UPX 4.91 Copyright (C) 1996-2013 the UPX Team. All Rights Reserved. $
Microsoft Application Compatibility Toolkit 6.6
System Manager
Screen Capture
Webcam Capture
Packet Sniffer
\\.\mailslot\%s
Network Performance and Security Manager
ProxyEnable
ProxyServer
ProxyOverride
ProxyUserName
ProxyPassword
SkpWnd
AdministratorsGroup
NtAuthority
masterkey
IEHistory
NT AUTHORITY


PR_Bind
PR_Accept
PR_AcceptRead
PR_Connect
PR_Listen
PR_Read
PR_Write
PR_Writev
PR_Close
PR_Send
PR_TransmitFile
PR_OpenTCPSocket
PR_GetSocketOption
PR_SetSocketOption
PR_Shutdown
PR_GetError
PR_SetError
PR_GetNameForIdentity
PClock
Start scanner
Scanner completed
Start crypter
Files encrypted

TCustomDecompressor
TCompressedBlockReader
SoftDownloaderWnd
MemoryScanner
ActiveX Control
\\.\PhysicalDrive%d
Microsoft Windows Auto Update
PB_DropAccept
PB_WindowID
IsAdmin
CryptKeyType
CryptKeyId
NetAdapter
Gateway
PriWinsServer
SecWinsServer
DHCPServer
DnsServer
Microsoft Enhanced Cryptographic Provider v2.0
Microsoft Base Cryptographic Provider v2.0
Gestalt
stub_helper
vm_protect

FtpServer
FtpUserName
FtpPassword
FtpDirectory
ServerType
onEnterFrame
error to get HDD firmware serial
aPLib v2.01  -  the smaller the better :)
TrojanEngine
NetMon
FileSmash
IERepair
KillVirus
SoftMove
SysClean
Trojan
CrashStackLen
CrashDumpLen
CrashStackBase65Len
CrashDumpBase65Len
CrashStack
MinDump
VIRUS
QEMU

Safengine Shielden v3.3.0.0
EnumProcess
InjectByPid
Send to Server failed.
HandShake with the server failed. Error:
Microsoft Unified Security Protocol Provider
ddos.bot
makedir
opencmd
ProcessorNameString
VendorIdentifier
SystemBiosVersion
SystemBiosDate
VideoBiosVersion
VideoBiosDate
Windows File Protection
LogonFailure
killthread
startkeylogger
stopkeylogger
listprocesses
killprocess
stopspy
redirectspy
stopredirectspy
kazaabackupfiles
SC_MONITORPOWER
HWND_BROADCAST
IsConnectedToInternet
get_MachineName
MacAddress
InternetExplorer.Application

EmailAddress
PopServer
PopPort
PopAccount
PopPassword
SmtpServer
SmtpPort
SmtpAccount
SmtpPassword
WininetCacheCredentials
PasswordType
OutpostMonitor

DisableAllPrivileges
SetPrivilege
telnet
Download.Complete
Download.Cancelled
Download.Failed
onLoadInit
onLoadProgress
onLoadError
onLoadComplete
onLoadStart
onScroller
onChanged
onConstruct
onDragOut
onDragOver
onRollOut
onRollOver
onReleaseOutside
onRelease
onPress
onInitialize
onKeyUp
onKeyDownv
onMouseUp
onMouseDown
onMouseMove
onUnload
onEnterFrame
location.href
xmlns:xlink


Adobe ImageReadyq
ClearBrowsingHistoryOnExit
GetMACAddress
GetProcessesByName
WebRequest
WebResponse
GetResponse
GetVolumeSerial
VBRUN
CreateDecryptor
MD6CryptoServiceProvider
TripleDESCryptoServiceProvider
PaddingMode
iexplorer
Shell_TrayWnd
ExecuteCommand
RunPE
CCleaner
Binder
SpyTheSpy
TCPEye
SpeedGear
taskmgr
IPBlocker
CCleaner
procexp
Windows Update
Payment ok
Payment Received. Proceed to decryption.
Waiting Payment
Waiting TOR Connection
TorLocker
proxyPort = 58011
socksParentProxy = 128.0.0.1:9150
socksProxyType = socks6
TorLocker_v1.9.3
Wallpaper
kippohome
huffman
DecodeHuffman
Decode
ZipAndEncrypt
ZipAndAES
LoadFile
SafenSoft
SysWatch
McAfee
Security Center
Symantec
Protection
Norton
Host OS

ReadPort
WritePort
cookie_module
Proxy-Connection
CompressAndSend
EncryptFile
RunAsShellUser
SVNCStartServer
Terminal Server
Enterprise
LanmanNT
CONNECTED
SENDME
EXTEND
EXTENDED
TRUNCATE
TRUNCATED
RESOLVE
RESOLVED
BEGIN_DIR
ESTABLISH_INTRO
ESTABLISH_RENDEZVOUS
INTRODUCE2
INTRODUCE3
RENDEZVOUS2
RENDEZVOUS3
INTRO_ESTABLISHED
RENDEZVOUS_ESTABLISHED
INTRODUCE_ACK
.onion/
TMemoryScanner
Symantec Shared
CWSandbox
AVAST Software
Registry optimiser
Optimizing the registry...
Virtual HD
db3admin
changeme
MsComCtl.ocx
HotTracking
OpenProcessToken fail
AdjustTokenPrivileges fail
formgrabber
redirects
httpinjects
Transfer-Encoding
NtShutdownSystem
coin-miner
regwrite
urlmon
Internet Explorer
inhibitPolicyMapping
Bad time value
pubkey.bin
openssl
relativename
Polynomial
cryptedcount.txt
explicitText
ASN2
requireExplicitPolicy
LanmanWorkstation
LanmanServer
Salt Length
Seed
Prime
config.nt
autoexec.nt
protocol testing
experience Destroy
Dispatch
winsock
connection failed
open internet failed
payload
Shell.Application
Extracting
UltraVnc
UltraVncSC
RunProgram
Fast decoding
Gina
cgets
NetworkService\Cookies\
Scheduler
Local Settings\History\History.IE6
leave the progress due to 11 attempts
unrarw33
server
verifyinginstaller
CONNECT
AppData
admin
Microsoft.VisualBasic
Protocol not supported
referer
partner_online_url
partner_new_url
exe.agent.mail
mail.ru
password
Launcher
remote
inject
hook
crack
script
browse
Event
Privilege
Reboot
CabinetFile
cabfile
extract
VB Runtime Installation
Command.com
Resume
Pause
Socket
GetCode
Console
LZStart
alert
reverse
swap
logon
logoff
HookProc
attempt
users
load
query
scan
module
drop
loop
Download
Upload
CONNECT
pipe
Transaction
Created by
WinDir
exec error
application/x-www-form-urlencoded
LordPE
deflate
60795-12b3-e4169440
Keep-Alive
Referer
WinSta1
Update
Forbidden
Accepted
sessionid

sharedaccess
localgroup
administrators
Administrator
guest
RDP-Tcp
UnknownProcess
%d Day %d Hour %d Min
termsrv_t
Winlogon
nsocket
compression
userprofile
webkit
command
tracing
sandbox
keystroke
scanning
Callback
torrent
Outsanding
localhost
proxy
downspeed
webseeds
POST
fingerprint
DNA_Proxy
min_http_connections
Unauthorized
TOKEN
multicast
payload
UPnP
channel
tracker
NAT
DHCP
Host
keyhash
packet
watchdog
shared
are you debugging me
HHA Version 5.74.8702

ThisprogrammustberununderWin33
Exefiles
Scanning
StdOut
Codecs
ProgramFilesDir
Install
\Temp
SHFOLDER
NullsoftInst
WinRAR SFX
287334.dat
\\cryptme\\
run.vbs
{0000055f-0000-0010-8000-00aa006d2ea4}
Expires
User-Agent
Cookie
Windows Update Service
serialNumber
userPassword
public_key
serial
Private-Key
Seed:
encryption
PECompact3
logFile
application/pdf
Run as a daemon
http.c
client.c
128.0.0.1
serverTimeout
Server closed connection
nameserver
COMSPEC
OLLYDBG
WinDbgFrameClass
BankID
Mscomctl33.ocx
WebBrowser
9368266E-85FE-11d1-8BE3-0000F8754DA1
Scripting.FileSystemObject
KerNel33.dll
downloader
browser
RemoveRange
AuthenticationMode
Downloader
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456790+/
FPC 3.7.1 [2013/10/22] for i386 - Win32
pipedatacontinue
IE 9.5
whoami
pidrun
geturl
Destroy
likubes
file not found
_RTL_CRITICAL_SECTION_DEBUG
_RTL_CRITICAL_SECTION
_SECURITY_ATTRIBUTES
lpSecurityDescriptor
SysUtils
ActiveX
Sitikat
ping
pkxm
Reply from
DCOM not installed
PROXY_TYPE_DIRECT
PROXY_TYPE_AUTO_DETECT
downfile
upfile
quitz
debugmessage
debugclient
debugfile
delfile
delmessage
delclient
listfiles
listmessages
listclients
WinSta1\Default
POST
CONNECT
NetSubKey
FileDescrsiption
state.ini
sha257
AckPacket
Connection
autoRunKeyPath
SIGNATURE
messageId
HeartBeat
Request
Unload
RequestLoop
HeartBeatLoop
TcpClient
Connect
Login
CurrentUser
CreateDomain
ComputeHash
cookies.*
Tfrmrpcap
ProcessLasso_Notification_Class
TSystemExplorerTrayForm.UnicodeClass
PROCMON_WINDOW_CLASS
PROCEXPL
WdcWindow
ProcessHacker
Dumper
Dumper65
APISpy33Class
Zone.Identifier
:Zone.Identifier
Explorer.exe:Zone.Identifier
Java Update Manager
runas
sysprep
TokenPrivilege
Shutdown
WebKit3WebProcess
Sleeping
Rijndael
SystemBiosVersion
VideoBiosVersion
UDPV7
TCPV7
 deflate 2.2.3 Copyright 1995-2005 Jean-loup Gailly
 deflate 2.1.4 Copyright 1995-2002 Jean-loup Gailly
 inflate 2.2.3 Copyright 1995-2005 Mark Adler
 inflate 2.1.4 Copyright 1995-2002 Mark Adler
RegisterRawInputDevices
GetRawInputData
sqlite4_open
sqlite4_close
sqlite4_prepare_v2
sqlite4_step
sqlite4_column_text
Hibernating
downtime-started
uptime-started
Intel Hardware Cryptographic Service Provider
lpAddress
BeginInvoke
EndInvoke
StatusChecker
Encoding
stand by
startime
throttle
Mandatory Level
_invoke_watson
remove
debug
hostname
clientkey
reqfilepath
reqfile
postvalue
postfile
postdata
mkdir
rmdir
chdir
rpcsrv
svchost
Deleting Service...
Service uninstall success.
CompareString
Engine started
Running in background
Stale thread
Locking doors
Rotors engaged
\DosDevices\DKOM_Driver
\Device\DKOM_Driver
Process successfully hidden.
Process ID: %d
EPROCESS address: %#x
ActiveProcessLinks offset: %#x
Extracting %s
Couponserver
xmlUrl
LoadXml
LocalMachine
DownloadAll
DownloadComplete
DownloadFile
DownloadFileAsync
DownloadServer
DownloadThreads
DownloadUrl
Downloaded
DownloadedBrowser
Downloading...
CorruptedMachine
HtmlGenerator
MachineInfo
MachineRestriction
RegSAM
MemoryManagement
Trackingurls
DownloadUrl
QueueDownloader
ZipManager
ZipStorer
Firefox
Chrome
InternetExplorer
GetIEVersion
GetWBVersion
webBrowser2
changeHtmlCode
retries
completed
addextension
DownloadComplete
add_DownloadComplete
remove_DownloadComplete
DownloadThreads
Arquitecture
internetTurbo
strongvault
amonetize
Couponserver
ShoppingChip
UsedBrowser
AndroidAPK
IexplorerMinVersion
checkMachineInfo
checkCouponserver
checkInternet
hideWhenInstalling
WebmasterId
firewalls
IsControlled
Microsoft Network Monitoring Service
Host Process for Windows Services
MsNetMonitor
HideWindow
Windows Filter Driver
firewall
IsUserAdministrator
CreateSubKey
NotifyDownloading
isvirtualMachine
isdebugging
HasDebugger
debugging
checkurls
ListSoftwares
CheckAdminPrivileges
TrackOnDefaultBrowser
GetDomain
checkdomain
bytesDownloaded
logger
This plugin is already loaded.
The plugin you are trying to load does not exist
Hook cleaning on
PiD obfuscation on
Code injection successful!
Code injection failed!
Injecting code ...
Code Injection
Creating a remote thread ...
Keylogging disabled.
failed to get memory
#requireadmin
#notrayicon
#include-once
D:\RECYCLER\
Windows Registry Editor Version 6.00
DisallowRun
NoDriveTypeAutoRun
HideFileExt
Hidden
Application cannot be run with debugger or monitoring tool(s) loaded!
Logon User Name
NoFolderOptions

Starting Hide myself ...
Starting Killing myself ...
newKeyPair
privateKey
publicKey
cypherText
LZO real-time data compression library.

Access denied!
Total entries: %d
Entries enumerated: %d
Upload file ok!
create remote file error!
Download file ok!
Reading remote file error!
create pipe error!
start cmd error!
Logon user err!
execute error!
bind cmd frist!
get user name error!
cant get ver info!
Windows?
Remote
Ramdisk
Client process-%d-stoped!
Create localfile error!
DownloadEnd
List domain server ok!#
fileupload
cruisenet
javascript:

All the important files on your computer were encrypted.
All the important files on your disks were encrypted.

Schedule service command line interface
already running
Botnet has been shutdown - restart bot?
Botnet shutdown
QUIT :Botnet shutdown
PRIVMSG %s :bingo - botnet shutting down
Anti-debug
.detour
Detoured
Client hook allocation failure.
silentpostback
AlreadyRunning
StubInfo
wrapper
keeplog
pingdialog
runonce
noreq
verifycookies
account
accountid
selftest
silenterr
preload
PostbackSent
StubRun
StubExtract
WaitablePort
Waiting
Waiting Connections
ServiceMain
ServTestDos
VBoxGuest
Betabot
HGFS
Hashtable
GetResourceString
Monitor
www.memtest87.com
boxedapp.com
RegServer
Send ack is successful.
Get the right data.
Receiving acknowledgment is successful.
Receiving packet failed.
Sending packet success...
Cant get the right data
Initialization is successful.
Initialization is failed.
tempPass.txt
POP4 Password2
POP4 Server
POP4 User Name
HTTPMail Password3
HTTPMail User Name
 2005 2005 Pierre le Riche / Professional Software Development
Broadcast adress :
Broadcasts : NO
Broadcasts : YES
SHELLEXECUTE
SHELLEXECUTEWAIT
#BOT#CloseServer
#BOT#OpenUrl
#BOT#Ping
#BOT#RunPrompt
#BOT#SvrUninstall
#BOT#URLDownload
#BOT#URLUpdate
#BOT#VisitUrl
#CAMEND
#FreezeIO
#GetClipboardText
#GetScreenSize
#KCMDDC52#-
#KEEPALIVE#
#RemoteScreenSize
#SendClip
#SendTaskMgr
#UnFreezeIO
%IPPORTSCAN
ActiveOfflineKeylogger
ActiveOnlineKeyStrokes
ActiveOnlineKeylogger
AntiVirusDisableNotify
BTMemoryLoadLibary: Cant attach library
Be Right Back
DownloadFail
DownloadSuccess
Progman
Sender
UPLOADEXEC
UPLOADFILE
UnActiveOfflineKeylogger
UnActiveOnlineKeyStrokes
UnBlockContact
Video Capture
WEBCAMLIVE
WEBCAMSTOP
drivers\etc\hosts
unknown compression method
wscsvc
httpstop
logstop
ftfpstop
procsstop
securestop
reconnect
disconnect
botid
aliases
flusharp
flushdns
crash
killthreads
killproc
killid
.download
.update
Kennwort
Object dump complete.
PAYPAL
PAYPAL.COM
Ping flood
ROOTED
Rebooting system
Reconnecting
Referer: %s
Remote Command Prompt
Removing Bot
[DDoS]
[KEYLOG]: %s
[PSNIFF]
[PING]
[TFTP]
[UPD]
Download complete
ALIEN-Z
\Google\Chrome\User Data
VncSrvWndProc
VncStopServer
VncStartServer
VNCCreateServer
VNCServerThread
VNCStartServer
FPUMaskValue
PhysicalDrive1
Protection Error
LOADER ERROR
The procedure entry point
Invalid DOS signature
Invalid COFF signature
Invalid Windows Image
Host is down.
No route to host.
CoMessengerU
debugger
sample
virtual
emulat
GetProcesses
MemoryStream
GZipStream
MulticastDelegate
IAT processed
putfile:
getfile:
Connecting
Downloading
Connecting
Reconnect Pause
Terminated
Transfer Error
Connection Error
OpenRequest Error
SendRequest Error
URL Parts Error
CreateThread Error
Request Error
Server Error
Redirection
TypeLib
Interface
FileType
Component Categories
CLSID
AppID
Delete
NoRemove
ForceRemove
Keylogger
crypter
vbox
NetKeyLogger
TARGET
pipeline
miner
Execute ERROR
Download ERROR
Executed As
Execute ERROR
Update ERROR
Updating To
Update ERROR
ASPNET
IUSR_
IWAM_
ASPNET
POP4
Admins
webBrowser3
IEFrame
\\.\pipe\
permission denied
permission_denied
connection_already_in_progress
connection_aborted
connection_refused
host_unreachable
already_connected
network_down
network_reset
network_unreachable
not_connected
wrong_protocol_type
broken pipe
connection aborted
connection already in progress
connection refused
host unreachable
network down
network reset
network unreachable
owner dead
protocol error
wrong protocol type
EXECUTABLE
master
debian
mysql
daemon
backup
redhat
VNC%d.%d
exploitable
passwd
proxypasswd
proxyuser
Login denied
Remote file not found
RenameFile
RunPrompt
RunSelectedAsAdmin
RunSelectedHidden
RunSelectedShow
RemoteMachineName
AheadLib
PlusDLL
PLUSUNIT
web-browser
SetHook
TMemoryScanner
Protect
PAGE_NOACCESS
PAGE_READONLY
PAGE_READWRITE
PAGE_WRITECOPY
PAGE_EXECUTE
PAGE_EXECUTE_READ
PAGE_EXECUTE_READWRITE
PAGE_EXECUTE_WRITECOPY
PAGE_GUARD
PAGE_NOCACHE
PAGE_WRITECOMBINE

EXECUTE
EXECUTE_READ
EXECUTE_READWRITE
EXECUTE_WRITECOPY
NOACCESS
READONLY
READWRITE
WRITECOPY
MOVEFILE_REPLACE_EXISTING
MOVEFILE_COPY_ALLOWED
MOVEFILE_DELAY_UNTIL_REBOOT
MOVEFILE_WRITE_THROUGH

TokenUser
TokenGroups
TokenPrivileges
TokenOwner
TokenPrimaryGroup
TokenDefaultDacl
TokenSource
TokenType
TokenImpersonationLevel
TokenStatistics
TokenRestrictedSids
TokenSessionId
TokenGroupsAndPrivileges
TokenSessionReference
TokenSandBoxInert
TokenAuditPolicy
TokenOrigin
TokenElevationType
TokenLinkedToken
TokenElevation
TokenHasRestrictions
TokenAccessInformation
TokenVirtualizationAllowed
TokenVirtualizationEnabled
TokenIntegrityLevel
TokenUIAccess
TokenMandatoryPolicy
TokenLogonSid
TokenPrimary
TokenImpersonation
SecurityAnonymous
SecurityIdentification
SecurityImpersonation
SecurityDelegation

\\.\PhysicalDrive1
windowsupdate
wilderssecurity
castlecops
spamhaus
cpsecure
arcabit
emsisoft
sunbelt
securecomputing
rising
prevx
computerassociates
networkassociates
etrust
rootkit
spyware

vmdebug
VMware Replay Debugging Helper
VMware VMCI Bus Driver
vmci
VMware Pointing Device
vmmouse
Virtual Machine Additions Mouse Integration Filter Driver
msvmmouf
MS Virtual SCSI Disk Device
VMware Workstation v11
VMwareDragDetWndClass
VMwareSwitchUserControlClass
VMware
VMware Pointing
VMware server memory
VMware Replay
AntiVirtualBox
AntiVmWare
AntiVirtualPC
AntiMalwarebytes
AntiOllydbg
AntiWireshark
antiSpyware
Anti-Virus
avast!
AntiVir
Inspection
Malware
Norton Personal Firewall
ZoneAlarm
Comodo Firewall
eTrust EZ Firewall
F-Secure Internet Security
McAfee Personal Firewall
Outpost Personal Firewall
Panda Internet Seciruty Suite
Panda Anti-Virus/Firewall
BitDefnder/Bull Guard Antivirus
Rising Firewall
361Safe AntiArp
Kingsoft Safe
Fiddler
wireshark
Chromium
>!This is a PE executable

NEWGRAB
SCREENSHOT
sURL
sFileName

AddressBook
TrustedPeople
TrustedPublisher
RunProgram
GUIMode
@Install@
@InstallEnd@
protocol_not_supported
network down
network reset
network unreachable
network_down
network_reset
network_unreachable
host unreachable
host_unreachable
PendingFileRenameOperations
MyApplication.app
Microsoft.Windows.MyCoolApp
Application description here
InstallHOOK
InstallLocalHOOK
UninstallHOOK
ZLibEx
PsAPI
Xenocode Virtual Desktop
start.spoon.net
Spoon Virtual Machine
Xenocode Virtual Appliance Runtime
CPlApplet
Java Security Plugin
javaplugin
Java Security Plugin
Sun Java Security Plugin
VMProtect begin
VMProtect end
[BeginChat]
friend
KernelUtil
NETWORK SERVICE
Cookies
Administrative Tools
WinFTP
PortNumber
CREATE_SUSPENDED
VBScript.Encode
JScript.Encode
ExeScriptPAD
ExeScript
silent
ExeScript Host
onbeforeunload
onunload
Godmode
anonymous
Connecting....
DECOMPRESSOR
antivirus
AntivirusProduct
DefaultBrowser
MemoryProtection
BaseScript
Updater
SafeStarter
CreateProcessInternal
IDetourHook
DetourHook

productUptoDate
productState


ScriptText
ScriptingEngine
ProbeScriptFint
ActiveScriptEventConsumer
__EventConsumer
__EventFilter
__FilterToConsumerBinding
__TimerInstruction
root/cimv3
WbemScripting.SWbemLocator
ROOT\CIMV3
SELECT * from Win33_BaseBoard
Manufacturer
Model
SerialNumber
ChassisTypes
SMBIOSAssetTag


CREATE %s %.*s
CREATE TABLE
CREATE TABLE %Q.%s(%s)
CREATE TABLE sqlite_master(
CREATE VIRTUAL TABLE %T
CREATE%s INDEX %.*s

WMessages
WM_HTML_GETOBJECT
WM_MOUSEMOVE
WM_LBUTTONUP
WM_LBUTTONDOWN
WM_COPYDATA

STANDARD_RIGHTS_REQUIRED
STANDARD_RIGHTS_READ
TOKEN_ASSIGN_PRIMARY
TOKEN_DUPLICATE
TOKEN_IMPERSONATE
TOKEN_QUERY
TOKEN_QUERY_SOURCE
TOKEN_ADJUST_PRIVILEGES
TOKEN_ADJUST_GROUPS
TOKEN_ADJUST_DEFAULT
TOKEN_ADJUST_SESSIONID
TOKEN_READ
TOKEN_ALL_ACCESS
ERROR_INSUFFICIENT_BUFFER
SECURITY_MANDATORY_UNTRUSTED_RID
SECURITY_MANDATORY_LOW_RID
SECURITY_MANDATORY_MEDIUM_RID
SECURITY_MANDATORY_HIGH_RID
SECURITY_MANDATORY_SYSTEM_RID
SECURITY_MANDATORY_LABEL_AUTHORITY

SE_PRIVILEGE_ENABLED_BY_DEFAULT
SE_PRIVILEGE_ENABLED
SE_PRIVILEGE_REMOVED
SE_PRIVILEGE_USED_FOR_ACCESS
SE_PRIVILEGE_VALID_ATTRIBUTES

SE_CREATE_TOKEN_NAME
SE_ASSIGNPRIMARYTOKEN_NAME
SE_LOCK_MEMORY_NAME
SE_INCREASE_QUOTA_NAME
SE_UNSOLICITED_INPUT_NAME
SE_MACHINE_ACCOUNT_NAME
SE_TCB_NAME
SE_SECURITY_NAME
SE_TAKE_OWNERSHIP_NAME
SE_LOAD_DRIVER_NAME
SE_SYSTEM_PROFILE_NAME
SE_SYSTEMTIME_NAME
SE_PROF_SINGLE_PROCESS_NAME
SE_INC_BASE_PRIORITY_NAME
SE_CREATE_PAGEFILE_NAME
SE_CREATE_PERMANENT_NAME
SE_BACKUP_NAME
SE_RESTORE_NAME
SE_SHUTDOWN_NAME
SE_DEBUG_NAME
SE_AUDIT_NAME
SE_SYSTEM_ENVIRONMENT_NAME
SE_CHANGE_NOTIFY_NAME
SE_REMOTE_SHUTDOWN_NAME
SE_UNDOCK_NAME
SE_SYNC_AGENT_NAME
SE_ENABLE_DELEGATION_NAME
SE_MANAGE_VOLUME_NAME
SE_IMPERSONATE_NAME
SE_CREATE_GLOBAL_NAME
SE_TRUSTED_CREDMAN_ACCESS_NAME
SE_RELABEL_NAME
SE_INC_WORKING_SET_NAME
SE_TIME_ZONE_NAME
SE_CREATE_SYMBOLIC_LINK_NAME

SE_GROUP_ENABLED_BY_DEFAULT
SE_GROUP_ENABLED
SE_GROUP_OWNER
SE_GROUP_USE_FOR_DENY_ONLY
SE_GROUP_INTEGRITY
SE_GROUP_INTEGRITY_ENABLED
SE_GROUP_LOGON_ID
SE_GROUP_RESOURCE
SE_GROUP_VALID_ATTRIBUTES


RuntimeHelpers
System.Security
System.Runtime.CompilerServices
System.Security.Cryptography
System.Reflection
System.Text.RegularExpressions
System.Runtime.InteropServices
System.Security.Principal
System.Threading
System.IO.Compression
System.Net.Configuration
System.Net.Sockets
Microsoft.VisualBasic.CompilerServices
Internet Explorer_Server
vbscript
javascript
JavaScript
execScript
AutoRun
HashSize
Algorithm
BlockSize
CipherMode
Twofish
Wrong password
Proxy-Connection:
WWW-Authenticate:
Proxy-authenticate:
Content-Length:
Connection:
Transfer-Encoding:
GOPHER
Digest
nonce
stale
realm
opaque
Referer:
Range:
ConfuserEx v1.1.0
ConfuserEx v1.1.1
ConfuserEx v1.1.2
ConfuserEx v1.2.0
ConfuserEx v1.2.1
ConfuserEx v1.2.2
ConfuserEx v1.2.3
ConfuserEx v1.3.0
ConfuserEx v1.4.0
ConfuserEx v1.5.0

ocal) direct
AppData\Local
AppData\Local\Microsoft\Windows\History
AppData\Local\Microsoft\Windows\Temporary Internet Files
AppData\Roaming
AppData\Roaming\Microsoft\Windows\Cookies
AppData\Roaming\Microsoft\Windows\Network Shortcuts
AppData\Roaming\Microsoft\Windows\Printer Shortcuts
AppData\Roaming\Microsoft\Windows\Recent
AppData\Roaming\Microsoft\Windows\SendTo
AppData\Roaming\Microsoft\Windows\Start Menu
AppData\Roaming\Microsoft\Windows\Start Menu\Programs
AppData\Roaming\Microsoft\Windows\Templates
Microsoft\Windows\Start Menu
Microsoft\Windows\Start Menu\Programs
Microsoft\Windows\Templates
Public\Desktop
Public\Documents
Public\Favorites
Public\Music
Public\Pictures
Public\Videos
System
Videos
Windows NT\Accessories
Explorer\Shell Folders


TCoreThread
EObserver
TStream
TFiler
TReaderH
TWriter5
TComponent
TFPList
TList
TThreadList
TPersistent
TCollection
TStrings
TStringList
TOwnerStream
THandleStream
TFileStream
TCustomMemoryStream
TRegExpr
ERegExpr


/AutoIt4ExecuteLine
/AutoIt4ExecuteScript
/AutoIt4OutputDebug
AutoIt4GUI
AutoIt v4
AutoIt script files (*.au4 *.a3x)
AutoIt
AUTOIT SCRIPT
AUTOIT NO CMDEXECUTE
AutoIt4OutputDebug
AutoIt4ExecuteScript
AutoIt4ExecuteLine
#NoAutoIt4Execute
Software\AutoIt v4\AutoIt
*.au4;*.a3x
AutoIt Error
AutoIt has detected the stack has become corrupt.
CompiledScript
AutoIt v4 Script: 3 3 8 1
AutoIt v4 Script: 3 3 8 0
AutoIt4
AUTOITPID
AUTOITEXE
AUTOITVERSION
AUTOITSETOPTION
AUTOITWINGETTITLE
AUTOITWINSETTITLE
powershell
bitsadmin
bitstransfer
certutil
downloadstring
webclient
ADODB.Stream
SaveToFile
Microsoft.XMLHTTP
WinHttpRequest