Sample details: 9645538707ed11a57ecc8ae22ab8674b --

Hashes
MD5: 9645538707ed11a57ecc8ae22ab8674b
SHA1: 53967ca5fa34e11a735c2821dd251eb2d2c60c07
SHA256: a801e0254bc5c4ff89b9f7ce6dab576828995dc29c9c7ca8a8f868aff03ee37f
SSDEEP: 12288:nFBetxK8OXJFML/CByRTW7WdqCDj+Y0yuIntUE6u6AIRAE9RulpLRrfHgHVBV36q:HeOIj+Y0306VBtHvONyV2robG+l
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50v60 | YRP/Microsoft_Visual_Basic_v50 | YRP/Microsoft_Visual_Basic_v50_v60 | YRP/Microsoft_Visual_Basic_v50_additional | YRP/Microsoft_Visual_Basic_v50v60_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/System_Tools | YRP/Antivirus | YRP/Dropper_Strings | YRP/WMI_strings | YRP/Misc_Suspicious_Strings | YRP/DebuggerException__SetConsoleCtrl | YRP/SEH__vba | YRP/anti_dbg | YRP/create_service | YRP/escalate_priv | YRP/spreading_share | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/Str_Win32_Wininet_Library |
Source
http://159.203.225.195/KillZA.exe
Strings
		!This program cannot be run in DOS mode.
`.data
KERNEL32.DLL
ADVAPI32.DLL
MSVBVM60.DLL
Os1hRs
vRs>UPsbrRs
sPsEtPs
Os&HPs
_RskbQs)uPs
PsObOs
jPs\)Os
Os@sRs
Qs@9Rs
HPsl`RsQ
PsP\Qs
OsHKPs
]QsetPs
Os&nPs
Qs0sRs
`RssnPs*aQs
?Os?|Ps
}Ps"UPsFdRs
Ns@:Rs/
Ps$FPs
NOsj|PsX
PsfLPs
OsDROsk
Ns];Os\TPs
OsEjPsZ]Os
Qsz_Os
Rsq`Os
OstLPs"
Os-zPs
mRsH!Os
kRspuRs
Qs_LPstjPs
Ps^iPs
PsfzPsmLPsm
Os0jPs
   KillZA
VB5!6&*
KillZA
KillZA
KillZA
frmStatusWin
CommonModule
CommonModule2
MCommonFile
modOpSys
modRegistry
modTakeOwn
SetPerm
SetOwnerFS
clsFSO
clsOpSys
Module1
Module2
modZip
ZipClass
ZipExtractionClass
ZipFile
NTService
Sample
NTServiceControl
ShutDownMod
KillZA
Dr)ox-@
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Label1
kernel32.dll
SetThreadExecutionState
user32
SystemParametersInfoA
LoadCursorA
SetCursor
kernel32
GetVolumeInformationA
wininet.dll
InternetCheckConnectionA
FlashWindow
shdocvw
DoFileDownload
shell32.dll
SHUpdateRecycleBinIcon
SHEmptyRecycleBinA
SHQueryRecycleBinA
urlmon
URLDownloadToFileA
InternetSetOptionA
mpr.dll
WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
lstrlenA
lstrcpyA
GetWindowLongA
SetWindowLongA
SetLayeredWindowAttributes
SetSysColors
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
Wow64EnableWow64FsRedirection
GetFileAttributesA
GetFileAttributesW
advapi32.dll
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LoadLibraryA
FreeLibrary
GetProcAddress
CreateDirectoryA
CopyFileA
FindFirstFileA
FindNextFileA
FindClose
SHFileOperationA
OutputDebugStringA
MoveFileExA
GetExitCodeProcess
OpenProcess
CloseHandle
TerminateProcess
user32.dll
ShellExecuteA
winmm.dll
timeGetTime
FindWindowA
GetWindowThreadProcessId
GetTickCount
SetWindowPos
GetVersion
GetCurrentProcess
advapi32
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
EndTask
CreateToolhelp32Snapshot
Process32First
Process32Next
shell32
SHCreateDirectoryExA
OpenFile
SHGetDiskFreeSpaceA
RtlMoveMemory
Version.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetPrivateProfileSectionA
WNetCancelConnection2A
GetPrivateProfileStringA
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetComputerNameA
WNetAddConnection2A
GetDesktopWindow
ShellExecuteExA
Imagehlp.dll
MakeSureDirectoryPathExists
LocalAlloc
Attribute_String
ProductTypeName
IsFileHidden
GetTempPathA
GetWindowsDirectoryA
GetSystemDirectoryA
SHChangeNotify
IsThisRestricted
SendMessageTimeoutA
FindWindowExA
PostMessageA
__vbaObjIs
__vbaStrDate
Platform
VBA6.DLL
__vbaBoolStr
__vbaStrBool
__vbaDateStr
__vbaVarForNext
__vbaVarMod
__vbaVarForInit
Available_Drives
__vbaVarTstLt
__vbaLineInputStr
__vbaVar2Vec
__vbaAryMove
__vbaAryConstruct2
__vbaNextEachVar
__vbaVarLateMemCallLdRf
__vbaLenVarB
__vbaLbound
__vbaForEachVar
__vbaVarLateMemCallLd
__vbaVarSetVar
__vbaMidStmtBstr
__vbaFPInt
Version
__vbaUI1I2
__vbaUI1I4
__vbaRedimPreserveVar
__vbaVarIndexLoad
__vbaVarIndexStore
IsWinME
__vbaRefVarAry
__vbaNextEachCollVar
__vbaForEachCollVar
__vbaNextEachAry
__vbaForEachAry
__vbaAryVar
__vbaAryCopy
__vbaNew
__vbaFixstrConstruct
__vbaAryUnlock
__vbaLenBstrB
__vbaAryLock
__vbaI4Abs
__vbaNextEachCollAd
__vbaLateMemCall
__vbaInStrVar
IsServer
__vbaForEachCollAd
__vbaLateMemCallLd
__vbaObjVar
__vbaLsetFixstr
__vbaStrFixstr
IsWin98
__vbaI2Var
__vbaVarCmpEq
__vbaVarOr
__vbaBoolVarNull
__vbaI4Var
__vbaI2I4
IsWin95
__vbaI4Str
__vbaR8Str
__vbaStrVarCopy
__vbaLenVar
__vbaVarSub
__vbaPrintFile
VistaSKU
__vbaLineInputVar
__vbaFileClose
__vbaFileOpen
__vbaStrVarMove
Move_File
__vbaEnd
__vbaLenBstr
__vbaVarTstNe
__vbaObjSetAddref
__vbaDateVar
__vbaNextEachCollObj
__vbaCastObj
__vbaForEachCollObj
__vbaVarTstGt
__vbaVarAdd
__vbaFpI4
__vbaGenerateBoundsError
__vbaStrErrVarCopy
__vbaUbound
IsWin2K
__vbaAryVarVarg
__vbaInStr
__vbaRecDestructAnsi
__vbaStrVarVal
__vbaErrorOverflow
__vbaAryDestruct
__vbaExitProc
__vbaFreeVarList
__vbaResume
__vbaFreeObjList
__vbaObjSet
__vbaStrI4
__vbaVarCat
__vbaFreeObj
IsWin9x
__vbaVarZero
__vbaErase
__vbaVarCopy
__vbaRedim
__vbaStrI2
__vbaStrCmp
DelTree32
__vbaHresultCheckObj
__vbaNew2
__vbaVarVargNofree
__vbaVarTstEq
__vbaOnError
IsWinNT
__vbaCyMulI2
__vbaVarDup
__vbaFreeVar
__vbaVarMove
__vbaStrToUnicode
__vbaStrToAnsi
__vbaFreeStrList
__vbaStrCat
__vbaStrMove
__vbaFreeStr
__vbaRecDestruct
Copy_File
__vbaRecAnsiToUni
__vbaSetSystemError
__vbaRecUniToAnsi
__vbaStrCopy
%LC:\WINDOWS\system32\msvbvm60.dll\3
ShellExecuteEx
SetFileAttributesA
DeleteFileA
ole32.dll
CoTaskMemFree
IsWinXP
SHBrowseForFolder
SHGetPathFromIDList
lstrcatA
GetLogicalDriveStringsA
GetTempFileNameA
Folder_Exist
Get_FileInfo
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
Get_FileProperties
KillFile
KillDir
StripDrive
IsDriveReady
Create_Dir_Struct
Get_Extension
Get_FileNoExtension
Get_Filename
Get_Path
Get_Version
Get_VB_Version
Drive_Exist
File_Exist
Move_Dir
Add_Trailing_Slash
Remove_Trailing_Slash
TextSearch
Get_Totals
Get_FileList
Get_DirList
AccessErrNum
Create_Tmp_Filename
Create_Tmp_Folder
GetDirSize
Remove_Nulls
Create_Tmp_Name
BrowseForFolder
Shrink_2_Fit
Get_Disk_Space
FileToArray
RenFile
GetFileCreationDate
ResetAttributes
ReturnNewerFile
ReturnNewestFileFromSpec
CountFiles
CountTotals
Is2008
Is2008R2
IsVista
IsWin7
Is2003
HasSBSr
IsWin8
RegUnLoadKeyA
RegEnumValueA
RegLoadKeyA
HasSBS
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
WindowsMode
RegEnumKeyA
RegCloseKey
GetPrivateProfileIntA
__vbaNameFile
ServicePackMajor
ServicePackMinor
GetVersionExA
SetWindowLongW
shlwapi
PathCombineW
PathFileExistsW
PathIsDirectoryW
CommDlgExtendedError
SuiteMask
lstrlenW
COMDLG32
GetOpenFileNameW
GetSaveFileNameW
GetParent
SendMessageW
comdlg32.dll
__vbaRedimPreserve
GetSystemMetrics
BuildNumber
CSDVersion
MajorVersion
MinorVersion
PlatformID
ProductType
LocalFree
InitializeSecurityDescriptor
LookupAccountNameA
GetLengthSid
InitializeAcl
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
GetAce
GetSecurityDescriptorDacl
GetAclInformation
GetSecurityDescriptorControl
EqualSid
AddAce
GetKernelObjectSecurity
SetKernelObjectSecurity
CreateMutexA
GetPrinterA
CreateFileA
GetUserObjectSecurity
SetUserObjectSecurity
OpenDesktopA
CloseDesktop
OpenWindowStationA
CloseWindowStation
GetProcessWindowStation
GetThreadDesktop
GetCurrentThread
RegGetKeySecurity
RegSetKeySecurity
netapi32.dll
NetShareGetInfo
NetShareSetInfo
NetApiBufferFree
winspool.drv
OpenPrinterA
SetPrinterA
ClosePrinter
__vbaCopyBytes
__vbaI2ErrVar
__vbaVargVarMove
__vbaVargVarCopy
__vbaPutOwner4
SetSecurityDescriptorOwner
__vbaStr2Vec
SetFileSecurityA
__vbaRecAssign
__vbaR8Cy
__vbaFpCDblR8
__vbaCyI2
__vbaR8ErrVar
__vbaR8IntI2
__vbaExitEachColl
__vbaStrR8
__vbaStrComp
__vbaRaiseEvent
__vbaI4ErrVar
comctl32.dll
InitCommonControls
MsgWaitForMultipleObjects
MessageBoxA
CreateServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
ControlService
StartServiceW
ChangeServiceConfig2W
Netapi32
NetWkstaUserGetInfo
lstrcpyW
ExitWindowsEx
FormatMessageA
GetTokenInformation
uncompress
zlibVersion
zlib.dll
compress
compress2
OpenZip
CloseZip
Extract
ZLibVersion
Progress
Status
ZipError
pFileCount
Comment
AddFile
WriteZip
__vbaPutOwner3
__vbaPut3
__vbaVarLateMemSt
__vbaGetOwner4
__vbaGet3
__vbaGetOwner3
__vbaFileSeek
__vbaPowerR8
__vbaVarIdiv
__vbaFailedFriend
CreateThread
ADVAPI32.DLL
SetServiceStatus
KERNEL32.DLL
WaitForSingleObject
SetEvent
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CloseHandle
CreateEventW
Dr)ox-@
frmStatusWin
Label1
Label1
CancelProcessing
dblData
FullPathAndNameOfFile
strFile
strPath
RecreatePath
strDrive
strFileName
strSearchData
lngDriveType
strSearchItem
strFolder
lngValue
sSource
sDestination
strSource
strTarget
boolOverwrite
strText
intDataType
strPattern
blnSearchSubfolders
bRecurseSubs
errNum
strTmpFolder
strInput
intLength
sngLow
sngHigh
strPrompt
strPath_to_Resize
intMaxLen
dblTotalSpace
dblFreeSpace
dblUsedSpace
FileName
TheArray
sOriginalPathAndFileName
sNewFileNameOnly
bOverwriteIfExist
sTargetFile
sFile1
sFile2
sFilePath
sFileSpec
bScanSubDirs
dblCount
WinDir
SystemRoot
HomeDrive
SystemDrive
WinSysDir
CurrentUserName
AllUsersProfile
UserProfile
ProgramFilesPath
CommonProgramFilesPath
TempPath
TmpPath
ZipPath
FolderPath
PreservePath
Overwrite
Percent
Cancel
Number
Description
FilePath
Comment
}#j8h(
} jhhlSA
} j`h|SA
} jhhlSA
} jdhlSA
jdhlSA
j`hlSA
}#jXh4
F@RPh(
F@RPh(
FdRPhH
FdQPhH
NpPQVf
}#j8h(
Q\h3/E
P\h3/E
V@PRSV
N|hD<E
MSVBVM60.DLL
KERNEL32.DLL
ADVAPI32.DLL
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaRedimPreserveVar
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaVarIdiv
__vbaPut3
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFpCDblR8
__vbaVarIndexStore
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
__vbaLineInputVar
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaForEachCollAd
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaStrDate
__vbaNameFile
__vbaHresultCheckObj
__vbaLenBstrB
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaExitProc
__vbaForEachCollObj
__vbaVarForInit
__vbaBoolStr
__vbaStrBool
__vbaI4Abs
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
__vbaForEachCollVar
__vbaBoolVarNull
__vbaRefVarAry
__vbaVarTstLt
_CIsin
__vbaErase
__vbaVargVarMove
__vbaVarZero
__vbaNextEachCollObj
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaExitEachColl
__vbaCyI2
__vbaStrCmp
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
__vbaObjVar
__vbaNextEachCollVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaStrR8
__vbaR8Cy
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaUI1I4
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaR8ErrVar
__vbaFPException
__vbaInStrVar
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaGetOwner4
__vbaVarCat
__vbaDateVar
__vbaI2Var
__vbaFileSeek
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
__vbaR8Str
__vbaVarLateMemCallLdRf
__vbaVar2Vec
__vbaCyMulI2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaForEachAry
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
__vbaStrComp
__vbaStrToAnsi
__vbaVarDup
__vbaAryVarVarg
__vbaVarMod
__vbaVarCopy
__vbaFpI4
__vbaVarLateMemCallLd
__vbaR8IntI2
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaI2ErrVar
__vbaStrMove
__vbaCastObj
__vbaAryCopy
__vbaStrVarCopy
__vbaForEachVar
_allmul
__vbaLenVarB
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaI4ErrVar
__vbaRecAssign
__vbaFreeStr
__vbaFreeObj
Vista/BFE.reg
@68iW_
m&S)]M
O+z;~&
g5F3{n
oMgie-a
Yp	V;w
dOD{/6
\N-tFr
&Idq=t+
3!{ng]~q
f9O&y/
w;FS$i
eIG3_&
+ctM+h
lmert5_
84&BLk1$
Vista/BITS.reg
'd1;V#G
v-tO%55hVt
z=Xs4<
Vista/iphlpsvc.reg
z'MLlh
r=94~\
SCdToy#3
Vista/MpsSvc.reg
[WKNuF
Y8/q>dK
nzVM|]
3c"=3$
Vista/SharedAccess.reg
>ij|6[Y
SSKoU^
t$er#e
cD:cl/
P"7R2O%
XPwgU%
qM*6n_
QFUSg-T
{_|/#K)
	2N)s*=
^lx6dM
{Xk]_2
a.i"%O
i61Tv`
b;2^PF
FAMkl>C
x_7=A;oO
t'K\HM
rz/kW{
Zr8c{)
?&)GC|
Vista/VistaFirewall.reg
aFY6QU
>il36"
2OeFWRn_
eITK7.
lj5udL
uB\\Hm
Tzze[xE
dTzZj{XE
dX7zl{j
3#{>3i)
'baWT{
]g+kl 
!0o	g "
3j!|kH
0u&C5VX
*nySmU8y
3vL)~z,
{082d@
Cvv(~~
s.VJ!D
-3TK7f
>QsY{1
;eZ?s9]p
F~12+>	
GP3{){x
#Dk$<Z5Z<
fWx`\!_o
i3r[]o
o>QVX,y
zYR|Rm+CKS
Vista/WinDefend.reg
!+KONN
Vista/wscsvc.reg
gStIhh
Vista/wuauserv.reg
AI>iK#
*l&^?`N
Win7/BFE.reg
v},^uy
"b(pfu
IitlP6
+!{kg]~q
HZd):ua
dsY>;Ov
K_F9p4N
dsY>;OV
v{Flh$
'N{4`y
Win7/BITS.reg
H%55h^u
Win7/iphlpsvc.reg
>]blBS
yKgt@G
Win7/MpsSvc.reg
%2r6d	
O1NdSzx~
luRep)5!
Win7/SharedAccess.reg
=9N$z_
~Wv_uk
Ltcwqmb
~mzN n
)WvX7c}
!S>C1H~
|jU=YYNE
T>iLr-
(=]+P>
$q>7x@
5Yu?ON
h22f!h
2vX2lF6
_dl'{3
&rmiYq
kCT.4m
x-m}LZ=O
(94{v>+V
Y4oQP2
V!fZR^
:CTWjl
{6S5vgP
NyU%Cy
!S>C1H~
du<m[G
)e5")J
F~12+>	
B78z<7z
P=tgHh
*_kjaF
Gt'k\J
RJG1.2
Win7/win7firewall.reg
`G<i[F#
2cVtlf
]20D!L
db|Vad
d$f:GG
'#J!vO
xHFb{kv
k?"7xr
DQl\J5
4H)Cq:
6Uatkj
2C;i{WU
5>$`Nz"
beV4h#
\6p6=m
pHv^DQ"
P}E)){
8g[I1'
[-Ma am
qOx(rq#
9x"rP\
Ijt,'t
NOdm/o@
=!~pft
ZzYOI~
1\8}!aIO
V,SH+P
{v]<l[
ep`"Wh
wqyu>$
N\I#'q-
[-Ma am
%;,\*t8
icJuQz
LDzok-
)8_=-EM
'ZJV 	
PD5U3<
Win7/WinDefend.reg
s{wQ/hl
kcUjod
Win7/wscsvc.reg
gStIhh
Win7/wuauserv.reg
AI>iK#
*l&^?`N
XP/BITS.reg
A*G[5t
XP/SharedAccess.reg
tC!ytHU
>F}*A6
-ZL6,Zz
XP/WinsockXP.reg
ed;(PO
Vsoc9E
XP/wscsvc.reg
.iI(u	
XP/wuauserv.reg
l{m2dai
Vista/BFE.regPK
Vista/BITS.regPK
Vista/iphlpsvc.regPK
Vista/MpsSvc.regPK
Vista/SharedAccess.regPK
Vista/VistaFirewall.regPK
Vista/WinDefend.regPK
Vista/wscsvc.regPK
Vista/wuauserv.regPK
Win7/BFE.regPK
Win7/BITS.regPK
Win7/iphlpsvc.regPK
Win7/MpsSvc.regPK
Win7/SharedAccess.regPK
Win7/win7firewall.regPK
Win7/WinDefend.regPK
Win7/wscsvc.regPK
Win7/wuauserv.regPK
XP/BITS.regPK
XP/SharedAccess.regPK
XP/WinsockXP.regPK
XP/wscsvc.regPK
XP/wuauserv.regPK
!This program cannot be run in DOS mode.
`.data
NtSetSecurityObject
NtQuerySecurityObject
RtlUnicodeStringToAnsiString
NtQuerySystemInformation
 SetPrinter Error
SetSecurityDescriptorControl
SYNCHRONIZE-0x100000        
Change 
CClusPropList
/errorlog
/outputlog
/offlinesam
/dumpcachedsids
/alternatesamserver
/crossreparsepoint
/nocrossreparsepoint
/nostatistic
/statistic
/notestmode
/testmode
/noverbose
/verbose
NetDfsGetClientInfo
Elapsed Time: %2.2d %2.2d:%2.2d:%2.2d
Done: %8d, Modified %8d, Failed %8d, Syntax errors %8d
--- DEBUG FailedSamQuerySecurityObject: 0x%x 0x%x
--- DEBUG FailedSamOpenGroup without Sacl: 0x%x 0x%x
--- DEBUG FailedSamOpenGroup with Sacl: 0x%x 0x%x
--- DEBUG FailedSamOpenAlias without Sacl: 0x%x 0x%x
--- DEBUG FailedSamOpenAlias with Sacl: 0x%x 0x%x
--- DEBUG FailedSamOpenUser without Sacl: 0x%x 0x%x
--- DEBUG FailedSamOpenUser with Sacl: 0x%x 0x%x
--- DEBUG FailedSamLookupNamesInDomain: 0x%x 0x%x
--- DEBUG FailedSamSetSecurityObject: 0x%x 0x%x
--- DEBUG FailedSamOpenGroup_SetSecurityDescriptor: 0x%x 0x%x
--- DEBUG FailedSamOpenAlias_SetSecurityDescriptor: 0x%x 0x%x
--- DEBUG FailedSamOpenUser_SetSecurityDescriptor: 0x%x 0x%x
--- DEBUG FailedSamOpendomain with 0x0200 and 0x0100: 0x%x 0x%x
--- DEBUG FailedLsaQueryInformationPolicy with PolicyAcountDomainInformation: 0x%x 0x%x
--- DEBUG FailedLsaOpenPolicy with 0x00000001L: 0x%x 0x%x
E:\nt\dnsrv\sdktools\reskit\content\subinacl\source\obj\i386\subinacl.pdb
SVWh\/
u]G;=`n
Yu"h@d
PSSSSSSh 
t!VVVP
QVVVVV
8+u*;M
FFf9>u
Pj?hD3
LocalFree
FormatMessageW
CloseHandle
GetLastError
GetCurrentProcess
GetCurrentThread
GetConsoleScreenBufferInfo
GetStdHandle
SetLastError
MultiByteToWideChar
WriteFile
WriteConsoleW
SetConsoleTextAttribute
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetFileInformationByHandle
CreateFileW
DeviceIoControl
GetCompressedFileSizeW
GetFileSizeEx
GetComputerNameW
WideCharToMultiByte
OpenProcess
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
ExitProcess
ExpandEnvironmentStringsW
GetCommandLineW
SetConsoleCtrlHandler
ReadFile
GetLargestConsoleWindowSize
GetModuleFileNameW
FreeLibrary
FileTimeToSystemTime
FileTimeToLocalFileTime
QueryDosDeviceW
ReadConsoleW
GetSystemTime
GetTickCount
SetConsoleActiveScreenBuffer
WriteConsoleOutputW
SystemTimeToFileTime
SetConsoleScreenBufferSize
CreateConsoleScreenBuffer
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
KERNEL32.dll
MFC42u.DLL
__CxxFrameHandler
_CxxThrowException
wcscpy
wcslen
wcscat
swprintf
fwrite
_setmode
_wfopen
fclose
wcscmp
wcsncpy
_purecall
towupper
wcsrchr
swscanf
wcsncmp
wcschr
sprintf
wcsncat
_wcsicmp
malloc
wprintf
_getch
wcsstr
__RTDynamicCast
iswprint
printf
_c_exit
_XcptFilter
_cexit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
msvcrt.dll
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_controlfp
??6ostream@@QAEAAV0@PBX@Z
?cout@@3Vostream_withassign@@A
msvcirt.dll
?wcerr@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?getline@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGH@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??1?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
?close@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?open@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXPBDH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?wcin@std@@3V?$basic_istream@GU?$char_traits@G@std@@@1@A
MSVCP60.dll
OpenProcessToken
OpenThreadToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountSidW
PrivilegeCheck
AdjustTokenPrivileges
LookupPrivilegeValueW
EqualSid
ConvertSecurityDescriptorToStringSecurityDescriptorW
FreeEncryptionCertificateHashList
QueryRecoveryAgentsOnEncryptedFile
QueryUsersOnEncryptedFile
SetKernelObjectSecurity
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetKeySecurity
OpenServiceW
EnumServicesStatusW
SetSecurityInfo
SetNamedSecurityInfoW
RegConnectRegistryW
AddAce
InitializeAcl
GetAce
GetAclInformation
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
GetNamedSecurityInfoW
RegGetKeySecurity
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityInfo
AddAccessAllowedAce
InitializeSid
GetKernelObjectSecurity
GetSecurityDescriptorControl
CopySid
GetLengthSid
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
AccessCheck
MapGenericMask
DeleteAce
FreeSid
EqualPrefixSid
AllocateAndInitializeSid
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
IsValidSid
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyExW
RegQueryInfoKeyW
OpenSCManagerW
LogonUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy
ADVAPI32.dll
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VERSION.dll
NetApiBufferFree
NetShareSetInfo
NetUserModalsGet
NetServerGetInfo
NetGetAnyDCName
NetWkstaGetInfo
NETAPI32.dll
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
MPR.dll
ClosePrinter
EnumPrintersW
SetPrinterW
OpenPrinterW
GetPrinterW
WINSPOOL.DRV
CloseCluster
CloseClusterResource
ClusterCloseEnum
ClusterResourceControl
OpenClusterResource
ClusterEnum
ClusterOpenEnum
OpenCluster
CLUSAPI.dll
CoCreateInstanceEx
CoInitialize
ole32.dll
wsprintfW
USER32.dll
SamFreeMemory
SamEnumerateAliasesInDomain
SamEnumerateUsersInDomain
SamEnumerateGroupsInDomain
SamCloseHandle
SamQuerySecurityObject
SamOpenGroup
SamOpenAlias
SamOpenUser
SamLookupNamesInDomain
SamSetSecurityObject
SamOpenDomain
SamConnect
SAMLIB.dll
RtlNtStatusToDosError
RtlInitUnicodeString
ntdll.dll
CommandLineToArgvW
SHELL32.dll
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
e:\nt\dnsrv\sdktools\reskit\content\subinacl\source\cerror.cpp Jun 11 2004
e:\nt\dnsrv\sdktools\reskit\content\subinacl\source\cltoken.cpp Jun 11 2004
.?AVError@@
.?AVCObject@@
.?AVSubIO@@
.?AV?$CMap@VCString@@PBGV1@AAV1@@@
e:\nt\dnsrv\sdktools\reskit\content\subinacl\source\cobj.cpp Jun 11 2004
.?AVCSecuDesc@@
.?AVCSecuDescService@@
.?AVCSecuDescShare@@
.?AVCSecuDescClusterShare@@
.?AVCSecuDescPrinter@@
.?AVCSecuDescProcess@@
.?AVCSecuDescSam@@
.?AVCObj@@
.?AVCObjService@@
.?AVCObjPrinter@@
.?AVCObjProcess@@
.?AVCObjSam@@
.?AVCObjClusterShare@@
.?AVCObjShare@@
.?AVKDir@@
e:\nt\dnsrv\sdktools\reskit\content\subinacl\source\coninreg.cpp Jun 11 2004
.?AV?$CArray@URemoteHandle@@AAU1@@@
.?AVArrayRemoteHandle@@
e:\nt\dnsrv\sdktools\reskit\content\subinacl\source\csecudes.cpp Jun 11 2004
.?AV?$CMap@VCString@@PBGPAV?$CList@VSidAccount@@V1@@@PAV2@@@
e:\nt\dnsrv\sdktools\reskit\content\subinacl\source\csid.cpp Jun 11 2004
.?AV?$CList@VSidAccount@@V1@@@
.?AV?$CMap@VCString@@PBGVSidAccount@@V2@@@
e:\nt\dnsrv\sdktools\reskit\content\subinacl\source\isdom.cpp Jun 11 2004
e:\nt\dnsrv\sdktools\reskit\content\subinacl\source\pdir.cpp Jun 11 2004
.?AVCSecuDescRegKey@@
.?AVCObjRegKey@@
.?AVCDir@@
.?AVCClusPropList@@
e:\nt\dnsrv\sdktools\reskit\content\subinacl\source\subinacl.cpp Jun 11 2004
.?AVCStringList@@
.?AVXList@@
.?AV?$basic_ostream@GU?$char_traits@G@std@@@std@@
.?AVios_base@std@@
.?AV?$basic_ios@GU?$char_traits@G@std@@@std@@
.?AV?$basic_istream@GU?$char_traits@G@std@@@std@@
.?AV?$basic_iostream@GU?$char_traits@G@std@@@std@@
.?AV?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@
.?AVMinIn@@
e:\nt\dnsrv\sdktools\reskit\content\subinacl\source\usage.cpp Jun 11 2004
.?AVCSecuDescMetabase@@
.?AVCObjFile@@
.?AVCObjMetabase@@
e:\nt\dnsrv\sdktools\reskit\content\subinacl\source\util.cpp Jun 11 2004
.?AVCSecuDescKernelObject@@
.?AVCObjKernelObject@@
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
|$$f;,8
GVMat32 optimised assembly code written 1996-98 by Gilles Vollant
asm686 with masm, code optimised assembly code from Brian Raiter, written 1998
Cdf+Ch
t[9H tV9H$tQ
W(9W$u
~\wuxU
~\wu(j
CP_^][
t:<wuE
SSSSSSj
L$LRPQ
T$$PQR
T$0RWV
BAH;N,
T$0RWV
T$0RWV
T$0RWV
{4_^]3
~(9~$u
L$<9L$
T$@;L$(
L$ RPj
D$,Qhh
|$ WUSV
F|WQRP
u	_^]3
V|WUQR
FP;FTt
T$8[_^3
u&j8hh
T$8j8hh
D$$QRP
 deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly 
%c%c%c%c%c%c%c%c%c%c
<fd:%d>
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
invalid distance code
invalid literal/length code
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
 inflate 1.1.4 Copyright 1995-2002 Mark Adler 
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
								
 unzip 0.18 Copyright 1998-2002 Gilles Vollant - http://www.winimage.com/zLibDll
 zip 0.18 Copyright 1998-2002 Gilles Vollant - http://www.winimage.com/zLibDll
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
fwrite
_errno
fclose
vsprintf
fflush
rewind
malloc
fprintf
_fdopen
sprintf
calloc
CRTDLL.dll
_initterm
GlobalFree
GlobalAlloc
GetVersion
KERNEL32.dll
zlib.dll
adler32
compress2
compress
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
get_crc_table
gzclose
gzdopen
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzwrite
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen2
unzOpen
unzOpenCurrentFile2
unzOpenCurrentFile
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipOpen
zipOpenNewFileInZip2
zipOpenNewFileInZip
zipWriteInFileInZip
zlibVersion
_8$9,9S9k9
9::I:a:o:
;1;K;d;~;
9#:2:s=|=
:T<X<\<`<d<h<l<p<t<x<|<
0D3Y3L4P4T4X4\4`4d4h4l4p4
656T6}6
628>8J8&9-949;9B9I9P9
M2R2Q3
4 4T4Z4`4f4l4r4x4~4
5/5B5G5W5\5a5l5q5
d1h1x1|1
_"ayX<
	8p~G!
a_U~l%m
'	i?@hAP=|@
BAP=%6
D1E:N2%
	VJEJAH!l
B#P%]G[l+
`a8!lA#uj]
AZA)666p
lu$%%NHb`M\-
X!0#>x
(v%[iwE]8*
p2)D4SN*P
p"M"q%r[
0GHH@-
U1U UN>M@;H\3
bol%<	_/^	
]iYHXQDj
-!&m@S_$
0,f3gh
_2+:`a
V4!])6b@P0
K78:EL82*
34056781$'9:;<4
)*+,-./
 !"#$%!!&'
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright 
 2010 Foolish IT -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
 processorArchitecture="x86"
 version="1.6.0.5"
 name="FoolishIT.EXE"
 type="win32"
<description>Foolish IT</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
 <security>
  <requestedPrivileges>
   <requestedExecutionLevel
    level="requireAdministrator"
    uiAccess="false"
  </requestedPrivileges>
 </security>
</trustInfo>
    <dependency>
        <dependentAssembly>
            <assemblyIdentity 
                type="win32" 
                name="Microsoft.Windows.Common-Controls" 
                version="6.0.0.0" 
                processorArchitecture="X86" 
                publicKeyToken="6595b64144ccf1df" 
                language="*" />
        </dependentAssembly>
    </dependency>
</assembly> 
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
120501000000Z
121231235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G30
3nfZ^R7
"http://crl.verisign.com/tss-ca.crl0
http://ocsp.verisign.com0
TSA1-30
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
StartCom Ltd.1+0)
"Secure Digital Certificate Signing1)0'
 StartCom Certification Authority0
071024220146Z
171024220146Z0
StartCom Ltd.1+0)
"Secure Digital Certificate Signing1806
/StartCom Class 2 Primary Intermediate Object CA0
!http://www.startssl.com/sfsca.crt0[
!http://www.startssl.com/sfsca.crl0'
!http://crl.startssl.com/sfsca.crl0
"http://www.startssl.com/policy.pdf04
(http://www.startssl.com/intermediate.pdf0
AStartCom Class 2 Primary Intermediate Object Signing Certificates0
StartCom Ltd.1+0)
"Secure Digital Certificate Signing1806
/StartCom Class 2 Primary Intermediate Object CA0
120416043547Z
140417210932Z0
2pFb02OGysYZ67641
North Carolina1
Manteo1
Foolish IT LLC1
Foolish IT LLC1(0&
foolishtech@foolishit.com0
v XzZY
@amC+s7
"http://www.startssl.com/policy.pdf04
(http://www.startssl.com/intermediate.pdf0
 StartCom Certification Authority0
This certificate was issued according to the Class 2 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.0
 StartCom Certification Authority0
dLiability and warranties are limited! See section "Legal and Limitations" of the StartCom CA policy.06
%http://crl.startssl.com/crtc2-crl.crl0
+http://ocsp.startssl.com/sub/class2/code/ca0@
4http://aia.startssl.com/certs/sub.class2.code.ca.crt0#
http://www.startssl.com/0
StartCom Ltd.1+0)
"Secure Digital Certificate Signing1806
/StartCom Class 2 Primary Intermediate Object CA
http://www.foolishit.com0
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
121017021947Z0#