4 0 0 S-1-0 S-1-0-0 S-1-1 S-1-1-0 S-1-2 S-1-2-0 S-1-2-1 S-1-3 S-1-3-0 S-1-3-1 S-1-3-2 S-1-3-3 S-1-3-4 S-1-4 S-1-5 S-1-5-1 S-1-5-2 S-1-5-3 S-1-5-4 S-1-5-6 S-1-5-7 S-1-5-8 S-1-5-9 S-1-5-10 S-1-5-11 S-1-5-114 S-1-5-12 S-1-5-13 S-1-5-14 S-1-5-15 S-1-5-17 S-1-5-18 S-1-5-19 S-1-5-20 S-1-5-21 S-1-5-32-544 S-1-5-32-545 S-1-5-32-546 S-1-5-32-547 S-1-5-32-548 S-1-5-32-549 S-1-5-32-550 S-1-5-32-551 S-1-5-32-552 S-1-5-64-10 S-1-5-64-14 S-1-5-64-21 S-1-5-80 S-1-5-83-0 S-1-16-0 S-1-16-4096 S-1-16-8192 S-1-16-8448 S-1-16-12288 S-1-16-16384 S-1-16-20480 S-1-16-28672 S-1-5-32-554 S-1-5-32-555 S-1-5-32-556 S-1-5-32-557 S-1-5-32-558 S-1-5-32-559 S-1-5-32-560 S-1-5-32-561 S-1-5-32-562 S-1-5-32-569 S-1-5-32-573 S-1-5-32-574 S-1-5-32-575 S-1-5-32-576 S-1-5-32-577 S-1-5-32-578 S-1-5-32-579 S-1-5-32-580 SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeBackupPrivilege SeChangeNotifyPrivilege SeCreateGlobalPrivilege SeCreatePagefilePrivilege SeCreatePermanentPrivilege SeCreateSymbolicLinkPrivilege SeCreateTokenPrivilege SeDebugPrivilege SeSinglePrivilegeCheck SeEnableDelegationPrivilege SeImpersonatePrivilege SeIncreaseBasePriorityPrivilege SeIncreaseQuotaPrivilege SeIncreaseWorkingSetPrivilege SeLoadDriverPrivilege SeLockMemoryPrivilege SeMachineAccountPrivilege SeManageVolumePrivilege SeProfileSingleProcessPrivilege SeRelabelPrivilege SeRemoteShutdownPrivilege SeRestorePrivilege SeSecurityPrivilege SeShutdownPrivilege SeSyncAgentPrivilege SeSystemEnvironmentPrivilege SeSystemProfilePrivilege SeSystemtimePrivilege SeTakeOwnershipPrivilege SeTcbPrivilege SeTimeZonePrivilege SeTrustedCredManAccessPrivilege SeUndockPrivilege SeUnsolicitedInputPrivilege Mozilla/ Opera/ User-Agent 3fr 123 386 666 3dm 3ds 7z Application accda ascx asmx accdb au3 a3x acf ade adn adp ani arc api amr arcs apk arch00 arw asset arj asf asp asm asx avi atf app aspx admin acm alz ax b64 bc7 bc6 bay big bit bik bkf bkp blob bsa bat bot bak bhx bin bmp binPK bar bas bsd backup bk cdw csr c cx cc cas cat cdr cer cfr cr2 crt crw css csv c cab cpio cap cbl cbm cert cbo css cache cfg cfm cpp cxx cer ceo ce0 chm cgi classPK cmd cnt conf cs cpl crl ctl cur class cbtl cid CIN cxm config dat dbg dsm dun dk db docb docx dotm dotx docm drv doc docc docpk dot d3dbsp das dazip db0 dbfv dcr dic dir dif der dex desc dmp dmg dng dwg dxg dba dbf dsp dsw dtd detour detourc detourd download db2 dll ecc efi edt epk eps erf esm en exd exe ex_ _exe email emf eot eddx edoc emlx epub exePK elb epl eml evt fini flv forge fos fpk fsh fpl flg far fav ftp fla fon fra frm go gdb gho gzip gz gif gadget gcode gul hlp hpj hta hhp hkdb hkx hplg hvpl h hpp hxx htm html htt http hqx ht htapk href hxi hxs hna hwp ibank icxs indd itdb itl itm iwd iwi ini inl iniPK inc ico idc info inf ins iso isp it its idml indd identifier jar jav java jcr jpeg jpegPK js jsp jpe jpg jse jfif jspa jspx jps kdb kdc key kwp locky layout lbf ldf litemod lrf lnk ltx lvl lzh lnk lsf lsx log lzma locked max md mad maf mail maq mar mas mat mav maw mam mag m3u m4a map mcr mcgame mcmeta msi msp mst msu msc mda mde mdz mht mdb mdn mdt mdbackup manifest mddata mdf mef mp4 mid mov msg mspx msh midi mim mmf menu mlx mpqge mrwref mp3 mpg mpeg mp3PK mbox mdbackup mddata mdinfo m4v mkv mui memdump m4u myi myd nak net nch nim nrg nls ncb ncf nrw ntl nws note nt ogg oca ocx oft oss olb org ots ost osd odb odc odm odp ods old odt orf ovl opt odx paf paf pct pkxm pcap pack pyz potx potm pps pdb php phtml pas pdd pdf pic pyd pkg pyr pyt pyz pef pem pfx pkpass png ppa ppt prf pptm pptx psd ps1 psk pf py pypk pst pwl ptx pif pl pls pax pad plist pub phtm phps phpx phpxx ppdf ppsm ppsx plist_bak Permissions pcmp pcmi pcmt ppk prj plugin pck pkb pks plb ps psb qtx ro rodata rar rat reg rels rtf r3d raf rar ru raw re4 rtf rdp rdf rjs relspk rsapk rtfpk rdo sqlite sch sdb stc sti stw sxc sxd sxi sxm sxw sdb scf scp sfx sfpk sql scr sct shb so shs sit slk smi smil stl stm spl sys swf sav sc2save sid sidd sidn snx sr2 srfv srw swift sum svg syncdb srf sys ssh sldm sldx sdf scl scd sig sln shell t13 tet tar tz taz tgz tif tiff tga tmp temp txt tlb txt3 t12 t13v tax tor torrent thm ttf unity3d upk url ult vb vbe vbs vbp vdf vfs0 vpk vaf vpp_pcv vtf vcf vbspk vxd vsd vsdx vhdx vhdx vmdk vfs4 vpp_pc vhd vdi vbox vob vre wav wab wap wbk wiz wjf ws w3x wb2 wma wmf wmo wmv wotreplay wpd wps wsc wsf wsh webm wks wk1 wallet wri wpx x3f xaml xla xsd xls xsl xlb xlsm xlsm xlsx xlt xlv xml xmlPK xmp xll xlsm xlsx xlc xld xlk xor xlw xltx xltm xlsb xlm xxx xfp xsd xyz xbtl x509crl x509cert xrf xps xsf z zip zipx ztmp zoo RegistryKey ShellServiceObjectDelayLoad CurrentVersion Windows\CurrentVersion Windows NT\CurrentVersion \Software\Microsoft\Windows\CurrentVersion Software\Microsoft\Windows\CurrentVersion Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce SOFTWARE\Microsoft\Windows\CurrentVersion\Run \REGISTRY\MACHINE\SYSTEM\CurrentControlSet\ \REGISTRY\MACHINE\SYSTEM\ \REGISTRY\MACHINE\ Policies\Explorer\Run Run RunOnce RunServices RunServicesOnce \Device \DosDevices DEFAULT\Software .DEFAULT\Software HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_DYN_DATA HKEY_PERFORMANCE_DATA HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_PERFORMANCE_DATA HKEY_CURRENT_CONFIG HKEY_DYN_DATA SYSTEM\ControlSet001\Services\ System\CurrentControlSet\Services\ HKCR HKCU HKLM HKPD HKDD HKCC HKCU disabletaskmanager warnonintranet loadappinit_dlls AppInit_DLLs noprotectedmodebanner root\securitycenter \registry\machine system\currentcontrolset system\controlset001 system\controlset002 system\controlset003 system\wpa \systemroot \shell\open\command %ALLUSERPROFILE% AppData %APPDATA% commonappdata %CommonProgramFiles% %HOMEPATH% %LOCALAPPDATA% %ProgramData% %ProgramFiles% %PUBLIC% %SystemDrive% %SystemRoot% %TEMP% %USERPROFILE% %windows% %windir% %system% %temp% %user% %programfiles% \WINNT\ \winnt\ \WINDOWS\ \windows\ \SYSTEM32\ \system32\ \SYSTEM\ \system\ \SYSTEMROOT\ \systemroot\ \SystemRoot\ AutoOpen SummaryInformation Document_Close Document_New Document_Open Macros Enable Content Root Entry Please Enable Content to see this document. DocumentSummaryInformation PROJECT.THISDOCUMENT.AUTOOPEN Microsoft Office atbroker appvlp aplib AutoHotkeys bash bochs bginfo attrib autorun autodelete bitlocker bitsadmin bcdedit cmd chmod chdir crss cliprdr CreateObject Compressed by jpeg-recompress call cscript calc cacls connect compact cmdkey chcp ctfmon certutil control cmstp copy create Confuser ConfuserEx ConfuserEx v1.0.0 ConfuserEx v1.0.0-custom dfsvc diskpart download diskshadow dsquery dump del delete deflate Decrypt dir date dbgview echo extrac32 exec execute ExecQuery expand explorer encrypt extract filemon ftp findstr forfiles if not exist ipconfig fsutil get gcc grub gzip gwmi hha handle hostname ieexec ie4unit installutil iex iexplorer icacls Install InstallService javascript JScript pkill kill killall iexplore inflate logonui logon load launch listdlls [LordPE] LordPE lsadump lsass lsasrv lzo msxsl makecab mavinject msdt makedir mstsc msiexec NSIS NetMon NullsoftInst mimikatz mkdir mshta msbuild mountvol net netsh nbtstat netstat nltest ngrok nslookup open odbcconf OleRun ps pcalua powershell print post pop3 ping pslist psexec psexesvc ProcessHacker pause procexp process procexpl procmon program putty plink reg regasm rdpdr rdpsnd regsvc regsvr32 reghide rdpclip rmdir reg regasm regsvcs release replace runscripthelper run runas runonce rundLL rundll32 RunHTMLApplication route regedit regedt32 regmon resume sc sfc secedit sdelete sdelete64 shell shred sqlite3 scriptrunner sysinternals smss SMTP sfxzip socks shch ScriptUtils setup skype search ScriptingEngine schtasks schtask symerr svchost spoolsvc select send service services sysrep shutdown start shellcode stop systeminfo sqldumper sqlps tcpview telnet time tor tracert taskkill tskill tasklist tracker unzip urlmon taskmgr Task Scheduler update upload URLencode UPX0 UPX1 UPX2 UCL data compression library. UltraVnc UltraVncSC vbox vba6 vba7 vnc vmware vbscript vssadmin virtualBox wevtutil whoami whois wbadmin winftp winrar wine winDir winword wmic wscript wireshark wget write wmi wmic wusa wscript.shell xwizard WebBrowserPassView xcopy xcals xmrig aPLib v1.01 - the smaller the better :) Safengine Shielden v2.3.0.0 !This program cannot be run in DOS mode !This program cannot be run in DOS mode. !That program cannot be run in DOS mode. !This program cannot be run in DOS>mode. !This program requires Microsoft Windows. This program requires Microsoft Windows. !This pxzgrac cannot be run in DOS mode. tHIS iS a wIN 32 pROGRAM! -=[ tE ]=- This program requires Win32 !This pragram cannot be run in DOS mode. !This is a PE dynamic link library !This is a Windows NT character-mode executable !This is a PE executable !This is a Win32 program. This is a Win32 program. !That program cannot be run in DOS made. This program must be run under Win32 This program must be run under Win32. This program must be run under Win64 This program must be run under Win64. ThisprogrammustberununderWin32 !Require Windows Requires Win32 $ !It's .NET EXE$@ !Win32. EXE !Win32 .EXE. !Windows ONLY! Win32 only! Win32 Program! Win64 Program! !Windows Program Wine builtin DLL ~Fun Loving Criminal~ !This is a Windows NT windowed dynamic link library !this is a Windows NT windowed executable MZ ASM_Guard EncryptMessage Decryption ExecuteFile RunProgram ConfusedByAttribute YanoAttribute BabelObfuscatorAttribute ObfuscatedByGoliath NineRays.Obfuscator.Evaluation Beds-Protector-v7.0 Beds-Protector Reactor VMProtect inflate /c vssadmin.exe delete shadows /all /quiet WinZip Self-Extractor - Password This self-extracting Zip file is password protected. Your personal files are encrypted! WScript.Shell Shell.Execute System Volume Information Boot ReflectiveLoader _ReflectiveLoader _ReflectiveLoader@0 _ReflectiveLoader@4 unsigned long __stdcall ReflectiveLoader(void *) Registry CreateSubKey Copyright (c) 1998-2009 by Joergen Ibsen All Rights Reserved. Powered by SmartAssembly 6.8.0.121 !Powered by SmartAssembly 6.6.1.44 !Powered by SmartAssembly 6.6.4.95 $Info: This file is packed with the UPX executable packer http://upx.sf.net $ $Id: UPX 3.91 Copyright (C) 1996-2013 the UPX Team. All Rights Reserved. $ WH_CALLWNDPROC WH_CALLWNDPROCRET WH_CBT WH_DEBUG WH_FOREGROUNDIDLE WH_GETMESSAGE WH_JOURNALPLAYBACK WH_JOURNALRECORD WH_KEYBOARD_LL WH_KEYBOARD WH_MOUSE_LL WH_MOUSE WH_MSGFILTER WH_SYSMSGFILTER WH_SHELL ConsentPromptBehaviorAdmin Files encrypted MemoryScanner \\.\PhysicalDrive%d IsAdmin Microsoft Enhanced Cryptographic Provider v1.0 Microsoft Strong Cryptographic Provider Microsoft Base Cryptographic Provider v1.0 Microsoft Enhanced RSA and AES Cryptographic Provider Intel Hardware Cryptographic Service Provider Microsoft Unified Security Protocol Provider Encryptioninfo EncryptedPackage StrongEncryptionDataSpace StrongEncryptionTransform AesCryptoServiceProvider encryptFolderContents RijndaelManaged CryptoStream RNGCryptoServiceProvider SHA1CryptoServiceProvider ICryptoTransform DotfuscatorAttribute FromBase64String ToBase64String Base64Decode base64EncodedData get_ProcessName get_ExecutablePath ProcessStartInfo HttpDownload HttpResponse HttpRequest ProcessRequest HttpContext DownloadString DynamicRun InvokeV CallMethod CallMethodV RegisterServiceProcess RegWrite RegDelete EncodeBlock Rijndael CipherMode Twofish Blowfish CreateDecryptor CryptoStreamMode DESCryptoServiceProvider MD5CryptoServiceProvider TripleDESCryptoServiceProvider DelegateExecute ExecuteCommand Inflate ZipAndEncrypt ZipAndAES EncryptFile RunAsShellUser RunProgram CabinetFile cabfile petite .petite PECompact2 Shell autoRunKeyPath PROCMON_WINDOW_CLASS APISpy32Class TokenPrivilege DownloadUrl Decompress LzmaDecoder LZO real-time data compression library. RegisterWindow GZipStream 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/ RenameFile IDetourHook DetourHook CaptureScreen Shell_TrayWnd ServiceName DisplayName ScriptingEngine ProbeScriptFint ActiveScriptEventConsumer WbemScripting.SWbemLocator ROOT\CIMV2 SELECT * from Win32_BaseBoard WMIHelper WM_HTML_GETOBJECT WM_COPYDATA WM_CLIPBOARDUPDATE SE_PRIVILEGE_ENABLED_BY_DEFAULT SE_PRIVILEGE_ENABLED SE_PRIVILEGE_REMOVED SE_PRIVILEGE_USED_FOR_ACCESS SE_PRIVILEGE_VALID_ATTRIBUTES SE_CREATE_TOKEN_NAME SE_ASSIGNPRIMARYTOKEN_NAME SE_LOCK_MEMORY_NAME SE_INCREASE_QUOTA_NAME SE_UNSOLICITED_INPUT_NAME SE_MACHINE_ACCOUNT_NAME SE_TCB_NAME SE_SECURITY_NAME SE_TAKE_OWNERSHIP_NAME SE_LOAD_DRIVER_NAME SE_SYSTEM_PROFILE_NAME SE_SYSTEMTIME_NAME SE_PROF_SINGLE_PROCESS_NAME SE_INC_BASE_PRIORITY_NAME SE_CREATE_PAGEFILE_NAME SE_CREATE_PERMANENT_NAME SE_BACKUP_NAME SE_RESTORE_NAME SE_SHUTDOWN_NAME SE_DEBUG_NAME SE_AUDIT_NAME SE_SYSTEM_ENVIRONMENT_NAME SE_CHANGE_NOTIFY_NAME SE_REMOTE_SHUTDOWN_NAME SE_UNDOCK_NAME SE_SYNC_AGENT_NAME SE_ENABLE_DELEGATION_NAME SE_MANAGE_VOLUME_NAME SE_IMPERSONATE_NAME SE_CREATE_GLOBAL_NAME SE_TRUSTED_CREDMAN_ACCESS_NAME SE_RELABEL_NAME SE_INC_WORKING_SET_NAME SE_TIME_ZONE_NAME SE_CREATE_SYMBOLIC_LINK_NAME SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED SE_GROUP_OWNER SE_GROUP_USE_FOR_DENY_ONLY SE_GROUP_INTEGRITY SE_GROUP_INTEGRITY_ENABLED SE_GROUP_LOGON_ID SE_GROUP_RESOURCE SE_GROUP_VALID_ATTRIBUTES execScript Microsoft\Windows\Start Menu Microsoft\Windows\Start Menu\Programs SFX module - Copyright (c) 2005-2012 Oleg Scherbakov 7-Zip archiver - Copyright (c) 1999-2011 Igor Pavlov lzmat mpress mscompressed mscompressed cracked by ximo VMProtect begin VMProtect end DLL_PROCESS_ATTACH DLL_PROCESS_DETACH DecryptByte DecryptBlock Yoda's Protector Beds-Protector Beds-Protector-v7.0 ENIGMA Enigma Protector ProcessedByFody